CVSS: 8.1EPSS: 2%CPEs: 5EXPL: 0CVE-2018-1417 – JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges
https://notcve.org/view.php?id=CVE-2018-1417
22 Feb 2018 — Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. Bajo determinadas circunstancias, un fallo en J9 JVM (IBM SDK, Java Technology Edition 7.1 y 8.0) permite que se ejecute código no fiable bajo un gestor de seguridad para elevar sus privilegios. IBM X-Force ID: 138823. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software ... • http://www.ibm.com/support/docview.wss?uid=isg3T1027315 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 8%CPEs: 32EXPL: 0CVE-2016-0363 – JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix
https://notcve.org/view.php?id=CVE-2016-0363
30 Apr 2016 — The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 5%CPEs: 37EXPL: 0CVE-2016-0264 – JDK: buffer overflow vulnerability in the IBM JVM
https://notcve.org/view.php?id=CVE-2016-0264
30 Apr 2016 — Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP25 (6.0.16.25), 6 R1 en versiones anteriores a SR8 FP25 (6.1.8.25), 7 ... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 23%CPEs: 34EXPL: 0CVE-2016-0376 – JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix
https://notcve.org/view.php?id=CVE-2016-0376
30 Apr 2016 — The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSin... • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html •
CVSS: 9.1EPSS: 1%CPEs: 14EXPL: 0CVE-2015-5041 – JDK: J9 JVM allows code to invoke non-public interface methods
https://notcve.org/view.php?id=CVE-2015-5041
02 Feb 2016 — The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. El JVM J9 en IBM SDK, Java Technology Edition 6 en versiones anteriores a SR16 FP20, 6 R1 en versiones anteriores a SR8 FP20, 7 en versiones anteriores a SR9 FP30 y 7 R1 en versiones anteriores a SR3 FP30 permite a atacantes remotos obtener información sensible o in... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00026.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-5006 – JDK: local disclosure of kerberos credentials cache
https://notcve.org/view.php?id=CVE-2015-5006
23 Nov 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache. IBM Java Security Components en IBM SDK, Java Technology Edition 8 en versiones anteriores a SR2, 7 R1 en versiones anteriores a SR3 FP20, 7 en versiones anteriores a SR9 FP20, 6 R1 en versiones anteriores a SR8 FP15 y 6 en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 30EXPL: 0CVE-2015-1931 – JDK: plain text data stored in memory dumps
https://notcve.org/view.php?id=CVE-2015-1931
22 Jul 2015 — IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. IBM Java Security Components en IBM SDK, Java Technology Edition 8 versiones anteriores a SR1 FP10, 7 R1 anteriores a SR3 FP10, 7 anteriores a SR9 FP10, 6 R1 anteriores a SR8 FP7, 6 anteriores a SR16 ... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00051.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 6%CPEs: 5EXPL: 0CVE-2014-8891 – JDK: unspecified full Java sandbox bypass fixed in Feb 2015 update
https://notcve.org/view.php?id=CVE-2014-8891
05 Feb 2015 — Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a SR8-FP3, 7 anterio... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-8892 – JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update
https://notcve.org/view.php?id=CVE-2014-8892
05 Feb 2015 — Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager. Vulnerabilidad no especificada en Java Virtual Machine (JVM) en IBM SDK, Java Technology Edition 5.0 anterior a SR16-FP9, 6 anterior a SR16-FP3, 6R1 anterior a S... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00021.html •
CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0CVE-2014-0878 – JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers
https://notcve.org/view.php?id=CVE-2014-0878
26 May 2014 — The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRand... • http://secunia.com/advisories/59022 • CWE-310: Cryptographic Issues •