Search for packages
| purl | pkg:deb/ubuntu/openjdk-6@6b10dfsg-1ubuntu1 |
| Next non-vulnerable version | 6b41-1.13.13-0ubuntu0.14.04.1 |
| Latest non-vulnerable version | 6b41-1.13.13-0ubuntu0.14.04.1 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1seq-yqzy-aaaq
Aliases: CVE-2015-4732 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590. |
Affected by 47 other vulnerabilities. |
|
VCID-2sxw-9erm-aaab
Aliases: CVE-2014-6585 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. |
Affected by 69 other vulnerabilities. |
|
VCID-2zab-6bzp-aaae
Aliases: CVE-2015-7575 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
Affected by 25 other vulnerabilities. |
|
VCID-343j-p6d7-aaan
Aliases: CVE-2014-6512 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries. |
Affected by 82 other vulnerabilities. |
|
VCID-3c2k-dj62-aaan
Aliases: CVE-2016-5597 |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. |
Affected by 10 other vulnerabilities. |
|
VCID-3mvz-e3x7-aaac
Aliases: CVE-2014-2483 |
CVE-2014-2483 OpenJDK: Restrict use of privileged annotations (Libraries, 8034985) |
Affected by 103 other vulnerabilities. |
|
VCID-4kt1-yxen-aaaa
Aliases: CVE-2015-2632 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
Affected by 47 other vulnerabilities. |
|
VCID-4mn5-rudm-aaad
Aliases: CVE-2015-4803 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. |
Affected by 31 other vulnerabilities. |
|
VCID-4qww-3wn9-aaag
Aliases: CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
Affected by 69 other vulnerabilities. |
|
VCID-4tpu-dmys-aaac
Aliases: CVE-2014-6591 |
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. |
Affected by 69 other vulnerabilities. |
|
VCID-4xjg-pkvt-aaaf
Aliases: CVE-2015-4734 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. |
Affected by 31 other vulnerabilities. |
|
VCID-54kr-zp5m-aaaf
Aliases: CVE-2015-4843 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
Affected by 31 other vulnerabilities. |
|
VCID-5d5d-m4qk-aaaa
Aliases: CVE-2014-0452 |
CVE-2014-0452 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801) |
Affected by 104 other vulnerabilities. |
|
VCID-5pun-cwz9-aaak
Aliases: CVE-2014-0453 |
CVE-2014-0453 OpenJDK: RSA unpadding timing issues (Security, 8027766) |
Affected by 104 other vulnerabilities. |
|
VCID-5v3k-du34-aaag
Aliases: CVE-2015-4860 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. |
Affected by 31 other vulnerabilities. |
|
VCID-5x77-7ksz-aaap
Aliases: CVE-2015-0469 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
Affected by 62 other vulnerabilities. |
|
VCID-65zu-nw93-aaam
Aliases: CVE-2014-0458 |
CVE-2014-0458 OpenJDK: Activation framework default command map caching (JAX-WS, 8025152) |
Affected by 104 other vulnerabilities. |
|
VCID-6qd9-8eft-aaae
Aliases: CVE-2015-0480 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. |
Affected by 62 other vulnerabilities. |
|
VCID-6yt2-eq86-aaab
Aliases: CVE-2014-4263 |
CVE-2014-4263 OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162) |
Affected by 92 other vulnerabilities. |
|
VCID-6zp6-92wf-aaas
Aliases: CVE-2015-2590 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. |
Affected by 47 other vulnerabilities. |
|
VCID-76rg-d4xe-aaam
Aliases: CVE-2016-5546 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-7d55-2fr9-aaad
Aliases: CVE-2016-5573 |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582. |
Affected by 10 other vulnerabilities. |
|
VCID-7ggf-r1kt-aaan
Aliases: CVE-2015-0488 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. |
Affected by 62 other vulnerabilities. |
|
VCID-81qn-qn4u-aaaa
Aliases: CVE-2015-0460 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
Affected by 62 other vulnerabilities. |
|
VCID-8534-9mkk-aaae
Aliases: CVE-2017-3252 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-8c1z-2ue1-aaaj
Aliases: CVE-2013-0169 VC-OPENSSL-20130204-CVE-2013-0169 |
A weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS which could lead to plaintext recovery by exploiting timing differences arising during MAC processing. |
Affected by 125 other vulnerabilities. |
|
VCID-8jxn-hy6y-aaak
Aliases: CVE-2016-5552 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-8um2-rvaa-aaas
Aliases: CVE-2015-2601 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. |
Affected by 47 other vulnerabilities. |
|
VCID-8uvp-mzs4-aaae
Aliases: CVE-2014-0457 |
CVE-2014-0457 OpenJDK: ServiceLoader Exception handling security bypass (Libraries, 8031394) |
Affected by 104 other vulnerabilities. |
|
VCID-8vbh-xbw6-aaam
Aliases: CVE-2015-0407 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. |
Affected by 69 other vulnerabilities. |
|
VCID-8wtr-zvts-aaar
Aliases: CVE-2014-4216 |
CVE-2014-4216 OpenJDK: Incorrect generic signature attribute parsing (Hotspot, 8037076) |
Affected by 92 other vulnerabilities. |
|
VCID-9mab-pc75-aaaq
Aliases: CVE-2014-0451 |
CVE-2014-0451 OpenJDK: AWT incorrect FlavorMap seperation (AWT, 8026797) |
Affected by 104 other vulnerabilities. |
|
VCID-afuu-g4qk-aaaf
Aliases: CVE-2015-4882 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. |
Affected by 31 other vulnerabilities. |
|
VCID-aht8-ee28-aaad
Aliases: CVE-2014-4209 |
CVE-2014-4209 OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755) |
Affected by 92 other vulnerabilities. |
|
VCID-anv8-rj45-aaah
Aliases: CVE-2014-4244 |
CVE-2014-4244 OpenJDK: RSA blinding issues (Security, 8031346) |
Affected by 92 other vulnerabilities. |
|
VCID-asj4-1xc2-aaab
Aliases: CVE-2017-3253 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-awx6-68hp-aaap
Aliases: CVE-2016-3500 |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. |
Affected by 15 other vulnerabilities. |
|
VCID-b74m-xuft-aaaj
Aliases: CVE-2014-4218 |
CVE-2014-4218 OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009) |
Affected by 92 other vulnerabilities. |
|
VCID-bhr1-xe1r-aaab
Aliases: CVE-2014-0462 |
CVE-2014-0462 OpenJDK: libjpeg: uninitialized memory read information leak (AWT, 8029760) |
Affected by 104 other vulnerabilities. |
|
VCID-bnhe-sfz5-aaas
Aliases: CVE-2016-3425 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. |
Affected by 20 other vulnerabilities. |
|
VCID-bnq4-xjzd-aaas
Aliases: CVE-2015-2621 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX. |
Affected by 47 other vulnerabilities. |
|
VCID-bube-hxb9-aaaf
Aliases: CVE-2014-6511 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
Affected by 82 other vulnerabilities. |
|
VCID-bw9w-sbun-aaae
Aliases: CVE-2015-0477 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. |
Affected by 62 other vulnerabilities. |
|
VCID-c2ym-9zs6-aaak
Aliases: CVE-2015-4883 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. |
Affected by 31 other vulnerabilities. |
|
VCID-cern-st74-aaan
Aliases: CVE-2014-6531 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
Affected by 82 other vulnerabilities. |
|
VCID-cukv-6yn9-aaac
Aliases: CVE-2014-2412 |
CVE-2014-2412 OpenJDK: AWT thread context handling (AWT, 8025010) |
Affected by 104 other vulnerabilities. |
|
VCID-d6x5-myy3-aaaf
Aliases: CVE-2015-4748 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. |
Affected by 47 other vulnerabilities. |
|
VCID-ds7a-2aqy-aaar
Aliases: CVE-2014-2421 |
CVE-2014-2421 OpenJDK: JPEG decoder input stream handling (2D, 8029854) |
Affected by 104 other vulnerabilities. |
|
VCID-e52p-4x3k-aaae
Aliases: CVE-2015-4911 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. |
Affected by 31 other vulnerabilities. |
|
VCID-e8mk-m9f8-aaaj
Aliases: CVE-2014-6457 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. |
Affected by 82 other vulnerabilities. |
|
VCID-eb69-349w-aaan
Aliases: CVE-2014-4266 |
CVE-2014-4266 OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301) |
Affected by 92 other vulnerabilities. |
|
VCID-eepj-vpn1-aaan
Aliases: CVE-2015-4749 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. |
Affected by 47 other vulnerabilities. |
|
VCID-ergv-shn9-aaas
Aliases: CVE-2015-0395 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
Affected by 69 other vulnerabilities. |
|
VCID-etgq-vxyj-aaas
Aliases: CVE-2017-3272 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-f2m4-975x-aaak
Aliases: CVE-2017-3241 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-ft2c-szdr-aaag
Aliases: CVE-2016-0402 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. |
Affected by 25 other vulnerabilities. |
|
VCID-fzmm-5pn5-aaap
Aliases: CVE-2016-5542 |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. |
Affected by 10 other vulnerabilities. |
|
VCID-g8kx-73br-aaaj
Aliases: CVE-2015-4893 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. |
Affected by 31 other vulnerabilities. |
|
VCID-g8rh-1fnd-aaag
Aliases: CVE-2014-2403 |
CVE-2014-2403 OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282) |
Affected by 104 other vulnerabilities. |
|
VCID-g9gs-5g3x-aaac
Aliases: CVE-2015-4842 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. |
Affected by 31 other vulnerabilities. |
|
VCID-g9qz-byaa-aaae
Aliases: CVE-2014-6504 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. |
Affected by 82 other vulnerabilities. |
|
VCID-gege-h6fn-aaab
Aliases: CVE-2014-6587 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
Affected by 69 other vulnerabilities. |
|
VCID-gpd3-qa97-aaac
Aliases: CVE-2015-4733 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. |
Affected by 47 other vulnerabilities. |
|
VCID-grsn-enp3-aaak
Aliases: CVE-2014-0429 |
CVE-2014-0429 OpenJDK: Incorrect mlib/raster image validation (2D, 8027841) |
Affected by 104 other vulnerabilities. |
|
VCID-gy2f-bj98-aaaq
Aliases: CVE-2015-0412 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. |
Affected by 69 other vulnerabilities. |
|
VCID-h4e6-9kx3-aaaa
Aliases: CVE-2014-0446 |
CVE-2014-0446 OpenJDK: Protect logger handlers (Libraries, 8029740) |
Affected by 104 other vulnerabilities. |
|
VCID-h8rg-jw91-aaaf
Aliases: CVE-2014-6558 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. |
Affected by 82 other vulnerabilities. |
|
VCID-hxsf-7hg9-aaaa
Aliases: CVE-2015-0410 |
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. |
Affected by 69 other vulnerabilities. |
|
VCID-jdvr-8e3k-aaas
Aliases: CVE-2014-4268 |
CVE-2014-4268 OpenJDK: Missing file choser access restrictions (Swing, 8035699) |
Affected by 92 other vulnerabilities. |
|
VCID-jj88-ybwu-aaag
Aliases: CVE-2014-6593 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. |
Affected by 69 other vulnerabilities. |
|
VCID-jsnz-jyva-aaae
Aliases: CVE-2016-0448 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. |
Affected by 25 other vulnerabilities. |
|
VCID-m5t9-zm97-aaap
Aliases: CVE-2016-3427 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. |
Affected by 20 other vulnerabilities. |
|
VCID-m9y1-n8cm-aaaf
Aliases: CVE-2014-4262 |
CVE-2014-4262 OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520) |
Affected by 92 other vulnerabilities. |
|
VCID-may1-c73m-aaar
Aliases: CVE-2014-0460 |
CVE-2014-0460 OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731) |
Affected by 104 other vulnerabilities. |
|
VCID-mb7d-m4w2-aaaj
Aliases: CVE-2014-6506 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
Affected by 82 other vulnerabilities. |
|
VCID-mbnh-c5z5-aaaf
Aliases: CVE-2016-0466 |
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. |
Affected by 25 other vulnerabilities. |
|
VCID-mzwb-wh31-aaag
Aliases: CVE-2015-2625 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. |
Affected by 47 other vulnerabilities. |
|
VCID-n5dv-7zj9-aaak
Aliases: CVE-2014-1876 |
CVE-2014-1876 OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618) |
Affected by 104 other vulnerabilities. |
|
VCID-n89u-w7b3-aaaj
Aliases: CVE-2016-3550 |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. |
Affected by 15 other vulnerabilities. |
|
VCID-n8ge-w5b7-aaaj
Aliases: CVE-2014-0461 |
CVE-2014-0461 OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794) |
Affected by 104 other vulnerabilities. |
|
VCID-nd93-kct6-aaas
Aliases: CVE-2016-5554 |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. |
Affected by 10 other vulnerabilities. |
|
VCID-ndpu-nrba-aaaj
Aliases: CVE-2015-2613 |
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. |
Affected by 47 other vulnerabilities. |
|
VCID-nra1-qpxm-aaag
Aliases: CVE-2014-2490 |
CVE-2014-2490 OpenJDK: Event logger format string vulnerability (Hotspot, 8037076) |
Affected by 92 other vulnerabilities. |
|
VCID-nxwa-6va3-aaaa
Aliases: CVE-2015-2628 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. |
Affected by 47 other vulnerabilities. |
|
VCID-nyh1-58x1-aaae
Aliases: CVE-2014-0456 |
CVE-2014-0456 OpenJDK: System.arraycopy() element race condition (Hotspot, 8029858) |
Affected by 104 other vulnerabilities. |
|
VCID-pdhy-b9gc-aaar
Aliases: CVE-2015-4731 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. |
Affected by 47 other vulnerabilities. |
|
VCID-phzg-xuxt-aaad
Aliases: CVE-2015-0408 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. |
Affected by 69 other vulnerabilities. |
|
VCID-pmtm-skvc-aaar
Aliases: CVE-2015-4000 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
Affected by 47 other vulnerabilities. |
|
VCID-prak-1r7k-aaah
Aliases: CVE-2016-0686 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. |
Affected by 20 other vulnerabilities. |
|
VCID-pxg8-hn1t-aaan
Aliases: CVE-2014-4252 |
CVE-2014-4252 OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004) |
Affected by 92 other vulnerabilities. |
|
VCID-q7s4-jn4a-aaaq
Aliases: CVE-2014-2398 |
CVE-2014-2398 OpenJDK: insufficient escaping of window title string (Javadoc, 8026736) |
Affected by 104 other vulnerabilities. |
|
VCID-qbz3-r843-aaaf
Aliases: CVE-2016-2183 VC-OPENSSL-20160824-CVE-2016-2183 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. |
Affected by 0 other vulnerabilities. |
|
VCID-qrgj-1phr-aaag
Aliases: CVE-2014-2414 |
CVE-2014-2414 OpenJDK: incorrect caching of data initialized via TCCL (JAXB, 8025030) |
Affected by 104 other vulnerabilities. |
|
VCID-r5eq-ra3u-aaak
Aliases: CVE-2015-4835 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. |
Affected by 31 other vulnerabilities. |
|
VCID-rqpq-v5ck-aaar
Aliases: CVE-2014-6601 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. |
Affected by 69 other vulnerabilities. |
|
VCID-s4ew-u12u-aaaa
Aliases: CVE-2015-4760 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
Affected by 47 other vulnerabilities. |
|
VCID-s58c-hu3c-aaae
Aliases: CVE-2015-0383 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. |
Affected by 69 other vulnerabilities. |
|
VCID-s7f5-7rv3-aaas
Aliases: CVE-2014-4219 |
CVE-2014-4219 OpenJDK: Bytecode verification does not prevent ctor calls to this() and super() (Hotspot, 8035119) |
Affected by 92 other vulnerabilities. |
|
VCID-smbv-jzg8-aaas
Aliases: CVE-2014-2423 |
CVE-2014-2423 OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026188) |
Affected by 104 other vulnerabilities. |
|
VCID-stb7-ya7a-aaaf
Aliases: CVE-2016-3458 |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. |
Affected by 15 other vulnerabilities. |
|
VCID-stp6-6vbs-aaap
Aliases: CVE-2015-4881 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. |
Affected by 31 other vulnerabilities. |
|
VCID-tr9j-33kv-aaas
Aliases: CVE-2016-0483 |
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. |
Affected by 25 other vulnerabilities. |
|
VCID-u5gu-wg1b-aaap
Aliases: CVE-2014-0459 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. |
Affected by 104 other vulnerabilities. |
|
VCID-uk8n-xbfq-aaar
Aliases: CVE-2014-6519 |
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. |
Affected by 82 other vulnerabilities. |
|
VCID-upmn-zueg-aaaj
Aliases: CVE-2011-5035 |
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. |
Affected by 126 other vulnerabilities. |
|
VCID-uzg3-1168-aaam
Aliases: CVE-2016-3508 |
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. |
Affected by 15 other vulnerabilities. |
|
VCID-v8pt-zgpu-aaam
Aliases: CVE-2014-2427 |
CVE-2014-2427 OpenJDK: remove insecure Java Sound provider caching (Sound, 8026163) |
Affected by 104 other vulnerabilities. |
|
VCID-v9v1-7vr2-aaaf
Aliases: CVE-2015-4844 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
Affected by 31 other vulnerabilities. |
|
VCID-vkq4-m3y8-aaar
Aliases: CVE-2016-3606 |
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. |
Affected by 15 other vulnerabilities. |
|
VCID-vmrk-rbx7-aaas
Aliases: CVE-2017-3261 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-vrd3-14vp-aaan
Aliases: CVE-2015-4872 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. |
Affected by 31 other vulnerabilities. |
|
VCID-w7k9-ph6s-aaak
Aliases: CVE-2015-4806 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. |
Affected by 31 other vulnerabilities. |
|
VCID-w95b-vk8h-aaae
Aliases: CVE-2014-6502 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. |
Affected by 82 other vulnerabilities. |
|
VCID-w9t7-kg6f-aaaf
Aliases: CVE-2017-3231 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
Affected by 0 other vulnerabilities. |
|
VCID-we2z-jr88-aaaq
Aliases: CVE-2016-0687 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. |
Affected by 20 other vulnerabilities. |
|
VCID-xwtr-gckm-aaad
Aliases: CVE-2016-5582 |
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. |
Affected by 10 other vulnerabilities. |
|
VCID-y5m6-p3kn-aaas
Aliases: CVE-2005-1080 |
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. |
Affected by 62 other vulnerabilities. |
|
VCID-yksw-dtfz-aaae
Aliases: CVE-2015-4805 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. |
Affected by 31 other vulnerabilities. |
|
VCID-ynv5-kuhp-aaaj
Aliases: CVE-2014-6517 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. |
Affected by 82 other vulnerabilities. |
|
VCID-yvx9-u253-aaar
Aliases: CVE-2015-2808 |
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. |
Affected by 47 other vulnerabilities. |
|
VCID-zcws-zp1m-aaak
Aliases: CVE-2015-0400 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
Affected by 69 other vulnerabilities. |
|
VCID-zn82-tvb3-aaah
Aliases: CVE-2014-2405 |
CVE-2014-2405 OpenJDK: libpng unhandled zero-length PLTE chunk or NULL palette (AWT, 8031352) |
Affected by 104 other vulnerabilities. |
|
VCID-zq2j-57z3-aaag
Aliases: CVE-2016-0695 |
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. |
Affected by 20 other vulnerabilities. |
|
VCID-zrpg-rxnx-aaas
Aliases: CVE-2015-0478 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. |
Affected by 62 other vulnerabilities. |
|
VCID-zvgt-2ebz-aaak
Aliases: CVE-2016-0494 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. |
Affected by 25 other vulnerabilities. |
|
VCID-zz37-wh3j-aaap
Aliases: CVE-2015-4903 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. |
Affected by 31 other vulnerabilities. |
|
VCID-zz6t-zfwa-aaaa
Aliases: CVE-2016-5548 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|