CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3231 – OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
https://notcve.org/view.php?id=CVE-2017-3231
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3252 – OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
https://notcve.org/view.php?id=CVE-2017-3252
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Jav... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2017-3253 – OpenJDK: imageio PNGImageReader failed to honor ignoreMetadata for iTXt and zTXt chunks (2D, 8166988)
https://notcve.org/view.php?id=CVE-2017-3253
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3259 – JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)
https://notcve.org/view.php?id=CVE-2017-3259
20 Jan 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java We... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3261 – OpenJDK: integer overflow in SocketOutputStream boundary check (Networking, 8164147)
https://notcve.org/view.php?id=CVE-2017-3261
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-125: Out-of-bounds Read •
CVSS: 9.6EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3272 – Oracle Java AtomicReferenceFieldUpdater Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3272
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may signif... • http://rhn.redhat.com/errata/RHSA-2017-0175.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5546 – OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
https://notcve.org/view.php?id=CVE-2016-5546
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical dat... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5548 – OpenJDK: DSA implementation timing attack (Libraries, 8168728)
https://notcve.org/view.php?id=CVE-2016-5548
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to ... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-385: Covert Timing Channel •
CVSS: 5.3EPSS: 1%CPEs: 9EXPL: 0CVE-2016-5552 – OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)
https://notcve.org/view.php?id=CVE-2016-5552
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 71%CPEs: 9EXPL: 5CVE-2017-3241 – Oracle OpenJDK Runtime Environment 1.8.0_112-b15 - Java Serialization Denial Of Service
https://notcve.org/view.php?id=CVE-2017-3241
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successfu... • https://packetstorm.news/files/id/141104 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •