CVSS: 5.3EPSS: 0%CPEs: 68EXPL: 0CVE-2013-4578 – OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars
https://notcve.org/view.php?id=CVE-2013-4578
29 Dec 2017 — jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. jarsigner en OpenJDK y Oracle Java SE en versiones anteriores a la 7u51 permite que atacantes remotos omitan un mecanismo de protección de firma de código e inyecten código de bytes no firmado en un archivo JAR firmado aprovechando la validación incorrecta de archivos. • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d5f36e1c927e • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.3EPSS: 1%CPEs: 7EXPL: 0CVE-2017-3514 – Gentoo Linux Security Advisory 201705-03
https://notcve.org/view.php?id=CVE-2017-3514
24 Apr 2017 — Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can re... • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html •
CVSS: 4.2EPSS: 0%CPEs: 6EXPL: 0CVE-2017-3509 – OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)
https://notcve.org/view.php?id=CVE-2017-3509
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update,... • http://www.debian.org/security/2017/dsa-3858 • CWE-287: Improper Authentication •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 1CVE-2017-3511 – OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
https://notcve.org/view.php?id=CVE-2017-3511
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the... • https://packetstorm.news/files/id/142260 • CWE-426: Untrusted Search Path •
CVSS: 7.1EPSS: 2%CPEs: 7EXPL: 0CVE-2017-3526 – OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
https://notcve.org/view.php?id=CVE-2017-3526
21 Apr 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (comp... • http://www.debian.org/security/2017/dsa-3858 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5546 – OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
https://notcve.org/view.php?id=CVE-2016-5546
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical dat... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5548 – OpenJDK: DSA implementation timing attack (Libraries, 8168728)
https://notcve.org/view.php?id=CVE-2016-5548
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to ... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-385: Covert Timing Channel •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5552 – OpenJDK: incorrect URL parsing in URLStreamHandler (Networking, 8167223)
https://notcve.org/view.php?id=CVE-2016-5552
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-3231 – OpenJDK: URLClassLoader insufficient access control checks (Networking, 8151934)
https://notcve.org/view.php?id=CVE-2017-3231
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read acce... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-3252 – OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
https://notcve.org/view.php?id=CVE-2017-3252
20 Jan 2017 — Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Jav... • http://rhn.redhat.com/errata/RHSA-2017-0175.html • CWE-20: Improper Input Validation •