ALT-PU-2021-5048-1 — java-11-openjdk

BDU:2019-01510

HIGH8.1

Уязвимость компонента 2D программной платформы Oracle Java SE, позволяющая нарушителю получить полный контроль над приложением

Published: 2019-04-23Modified: 2023-11-21

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2019-2698

BDU:2019-01524

MEDIUM5.9

Уязвимость компонента RMI программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2019-04-23Modified: 2023-11-21

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:C/A:N

References

CVE-2019-2684

BDU:2019-01614

HIGH7.5

Уязвимость компонента Libraries программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-04-25Modified: 2023-11-21

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2019-2602

BDU:2019-02461

HIGH8.1

Уязвимость компонента 2D программной платформы Java SE, позволяющая нарушителю получить полный контроль над Java SE

Published: 2019-07-11Modified: 2023-11-21

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2019-2698

BDU:2019-03330

MEDIUM5.3

Уязвимость функции png_image_free (png.c) библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-10-01Modified: 2024-04-17

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-7317

BDU:2019-03569

MEDIUM5.3

Уязвимость проекта OpenJDK языка программирования Java, связанная с недостатками контроля доступа, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-10-16Modified: 2023-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2019-2762

BDU:2019-03570

LOW3.4

Уязвимость проекта OpenJDK языка программирования Java, связанная с недостатками контроля доступа, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2019-10-16Modified: 2023-11-21

CVSS 3.xLOW 3.4

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2019-2786

BDU:2019-03571

MEDIUM4.8

Уязвимость компонента Networking проекта OpenJDK языка программирования Java, позволяющая нарушителю оказать воздействие на целостность данных и нарушить конфиденциальность данных

Published: 2019-10-16Modified: 2023-11-21

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2019-2816

BDU:2019-03572

LOW3.1

Уязвимость реализации ChaCha20Cipher проекта OpenJDK языка программирования Java, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2019-10-16Modified: 2021-03-23

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2019-2818

BDU:2019-03573

MEDIUM5.3

Уязвимость компонента Java Secure Socket Extension (JSSE) проекта OpenJDK языка программирования Java, позволяющая нарушителю получить доступ к конфиденциальным данным

Published: 2019-10-16Modified: 2021-03-23

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2019-2821

BDU:2019-03607

MEDIUM5.3

Уязвимость компонента Utilities программных платформ Java SE, Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-10-16Modified: 2023-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2019-2762

BDU:2019-03608

LOW3.4

Уязвимость компонента Security программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к информации

Published: 2019-10-16Modified: 2023-11-21

CVSS 3.xLOW 3.4

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2019-2786

BDU:2019-03609

LOW3.7

Уязвимость компонента Networking программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность

Published: 2019-10-16Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2019-2816

BDU:2019-03882

MEDIUM6.8

Уязвимость компонента Java виртуальной машины Oracle GraalVM Enterprise Edition и программных платформ Oracle Java SE, Oracle Java SE Embedded, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xMEDIUM 6.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:C/A:N

References

CVE-2019-2989

BDU:2019-03883

MEDIUM5.9

Уязвимость компонента 2D программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C

References

CVE-2019-2988

BDU:2019-03884

MEDIUM5.9

Уязвимость компонента 2D программной платформы Oracle Java SE, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:C

References

CVE-2019-2987

BDU:2019-03888

LOW3.7

Уязвимость компонента Serialization программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-2983

BDU:2019-03890

LOW3.7

Уязвимость компонента JAXP программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-2981

BDU:2019-03893

LOW3.7

Уязвимость компонента Networking программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2019-2978

BDU:2019-03894

MEDIUM4.8

Уязвимость компонента Hotspot программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным или вызвать отказ в обслуживании

Published: 2019-11-04Modified: 2019-12-17

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:P

References

CVE-2019-2977

BDU:2019-03896

MEDIUM4.8

Уязвимость компонента Scripting программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю оказать воздействие на целостность защищаемой информации или вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P

References

CVE-2019-2975

BDU:2019-03901

LOW3.7

Уязвимость компонента JAXP программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-2973

BDU:2019-03910

LOW3.7

Уязвимость компонента Concurrency программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-2964

BDU:2019-03912

LOW3.7

Уязвимость компонента 2D программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2019-11-04Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-2962

BDU:2019-03915

MEDIUM4.7

Уязвимость компонента Javadoc программной платформы Oracle Java SE, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных или несанкционированный доступ к защищаемой информации

Published: 2019-11-06Modified: 2023-11-21

CVSS 3.xMEDIUM 4.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:N

References

CVE-2019-2999

BDU:2019-03916

LOW3.7

Уязвимость компонента 2D программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-11-06Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2019-2992

BDU:2019-03920

MEDIUM5.9

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

Published: 2019-11-11Modified: 2023-11-21

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:C/A:N

References

CVE-2019-2958

BDU:2019-03928

LOW3.1

Уязвимость компонента Networking программных платформ Java SE, Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-11-11Modified: 2023-11-21

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2019-2945

BDU:2019-03932

MEDIUM6.8

Уязвимость компонента Kerberos программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2019-11-11Modified: 2023-11-21

CVSS 3.xMEDIUM 6.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:N/A:N

References

CVE-2019-2949

BDU:2019-03942

LOW3.1

Уязвимость компонента Libraries программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным

Published: 2019-11-11Modified: 2023-11-21

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

References

CVE-2019-2933

BDU:2019-04135

LOW3.7

Уязвимость компонента Security программных платформ Java SE и Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2019-11-19Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

References

CVE-2019-2894

BDU:2020-00387

LOW3.7

Уязвимость компонента Libraries программных платформ Oracle Java SE, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-02-03Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2020-2654

BDU:2020-00388

MEDIUM4.8

Уязвимость компонента Java Secure Socket Extension (JSSE) программных платформ Oracle Java SE, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных или несанкционированный доступ к защищаемой информации

Published: 2020-02-03Modified: 2020-06-01

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2020-2655

BDU:2020-00439

LOW3.7

Уязвимость компонента Serialization программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-02-06Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2020-2583

BDU:2020-00446

LOW3.7

Уязвимость компонента Networking программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2020-02-06Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

References

CVE-2020-2590

BDU:2020-00449

MEDIUM4.8

Уязвимость компонента Networking программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных или получить несанкционированный доступ к защищаемой информации

Published: 2020-02-06Modified: 2023-11-21

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:N

References

CVE-2020-2593

BDU:2020-00456

MEDIUM6.8

Уязвимость компонента Security программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-02-06Modified: 2023-11-21

CVSS 3.xMEDIUM 6.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N

References

CVE-2020-2601

BDU:2020-00459

HIGH8.1

Уязвимость компонента Serialization программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить полный контроль над приложением

Published: 2020-02-06Modified: 2023-11-21

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2020-2604

BDU:2020-02548

HIGH8.3

Уязвимость компонента Libraries программных платформ Java SE и Java SE Embedded, позволяющая нарушителю получить полный контроль над приложением

Published: 2020-06-02Modified: 2023-11-21

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2020-2803

BDU:2020-02552

LOW3.7

Уязвимость компонента Scripting программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-02Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2020-2754

BDU:2020-02553

LOW3.7

Уязвимость компонента Scripting программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-02Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2020-2755

BDU:2020-02554

LOW3.7

Уязвимость компонента Serialization программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-02Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2020-2756

BDU:2020-02555

LOW3.7

Уязвимость компонента Serialization программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-02Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2020-2757

BDU:2020-02557

MEDIUM4.8

Уязвимость компонента JSSE программной платформы Java SE, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-06-02

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2020-2767

BDU:2020-02628

LOW3.7

Уязвимость компонента Security программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-05Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2020-2773

BDU:2020-02629

LOW3.7

Уязвимость компонента JSSE программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный досутп к защищаемой информации

Published: 2020-06-05

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

References

CVE-2020-2778

BDU:2020-02630

MEDIUM5.3

Уязвимость компонента JSSE программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-05Modified: 2023-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2020-2781

BDU:2020-02631

MEDIUM4.8

Уязвимость компонента Lightweight HTTP Server программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных или несанкционированный доступ к защищаемой информации

Published: 2020-06-05Modified: 2023-11-21

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2020-2800

BDU:2020-02632

HIGH8.3

Уязвимость компонента Libraries программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации

Published: 2020-06-05Modified: 2023-11-21

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2020-2805

BDU:2020-02633

HIGH7.5

Уязвимость компонента JSSE программной платформы Oracle Java SE, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных или несанкционированный доступ к защищаемой информации

Published: 2020-06-05

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2020-2816

BDU:2020-02634

MEDIUM5.3

Уязвимость компонента Concurrency программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-06-05Modified: 2023-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2020-2830

BDU:2020-02945

LOW3.1

Уязвимость комплекта разработчика приложений OpenJDK, связанная с недостатками контроля доступа, позволяющая нарушителю получить несанкционированный доступ к информации

Published: 2020-06-26Modified: 2023-11-21

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2019-2766

BDU:2020-03778

MEDIUM5.3

Уязвимость компонента JAXP программных платформ Oracle Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

Published: 2020-08-12Modified: 2024-04-17

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2020-14621

BDU:2020-03860

LOW3.7

Уязвимость компонента JSSE программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-08-12Modified: 2024-04-17

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

References

CVE-2020-14577

BDU:2020-03864

LOW3.7

Уязвимость компонента 2D программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-08-12Modified: 2023-11-21

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

References

CVE-2020-14581

BDU:2020-03866

HIGH8.3

Уязвимость компонента Libraries программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации

Published: 2020-08-12Modified: 2024-04-17

CVSS 3.xHIGH 8.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2020-14583

BDU:2020-03876

HIGH7.4

Уязвимость компонента 2D программных платформ Oracle Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2020-08-12Modified: 2023-11-21

CVSS 3.xHIGH 7.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:C/A:N

References

CVE-2020-14593

BDU:2020-03908

LOW3.7

Уязвимость компонента Hotspot программной платформы Java SE продукта Oracle Java SE, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получить несанкционированный доступ на чтение, изменение, добавление или удаление данных

Published: 2020-08-14

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

References

CVE-2020-14573

BDU:2020-03926

MEDIUM5.3

Уязвимость компонента ImageIO программной платформы Oracle Java SE, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать частичный отказ в обслуживании

Published: 2020-08-14

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2020-14562

BDU:2020-03932

MEDIUM4.8

Уязвимость компонента Libraries программных платформ Oracle Java SE и Java SE Embedded, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю получитьполучить несанкционированный доступ к защищаемой информации или доступ начтение, изменение, добавление или удаление данных

Published: 2020-08-14Modified: 2023-11-21

CVSS 3.xMEDIUM 4.8

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

References

CVE-2020-14556

BDU:2020-05035

MEDIUM5.3

Уязвимость компонента Libraries программной платформы Java SE, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2020-14803

BDU:2020-05047

MEDIUM4.2

Уязвимость компонента Hotspot программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или доступ на изменение, добавление или удаление данных

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xMEDIUM 4.2

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:N

References

CVE-2020-14792

BDU:2020-05048

LOW3.7

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

References

CVE-2020-14782

BDU:2020-05049

LOW3.7

Уязвимость компонента JNDI программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2020-14781

BDU:2020-05050

LOW3.7

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

References

CVE-2020-14797

BDU:2020-05051

LOW3.7

Уязвимость компонента Serialization программных платформ Java SE, Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2020-14779

BDU:2020-05052

LOW3.7

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xLOW 3.7

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2020-14796

BDU:2020-05053

LOW3.1

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Published: 2020-11-10Modified: 2024-04-17

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

References

CVE-2020-14798

BDU:2021-02490

MEDIUM5.9

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю создать, удалить или изменить доступ к критически важным данным

Published: 2021-05-19Modified: 2024-05-27

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.1

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:C/A:N

References

CVE-2021-2161

BDU:2021-02491

MEDIUM5.3

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю создать, удалить или изменить доступ к критически важным данным

Published: 2021-05-19Modified: 2024-05-27

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0MEDIUM 5.4

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:C/A:N

References

CVE-2021-2163

BDU:2021-04004

LOW3.1

Уязвимость компонента Networking программной платформы Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на чтение данных

Published: 2021-08-10Modified: 2024-04-17

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

References

CVE-2021-2341

BDU:2021-04023

HIGH8.1

Уязвимость компонента Hotspot виртуальной машины Oracle GraalVM Enterprise Edition, программной платформы Java SE, позволяющая нарушителю выполнить произвольный Java-код

Published: 2021-08-12Modified: 2024-05-27

CVSS 3.xHIGH 8.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2021-2388

BDU:2021-04533

MEDIUM4.3

Уязвимость компонента Library программной платформы Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю модифицировать данные

Published: 2021-09-15Modified: 2024-05-27

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2021-2369

BDU:2023-03696

MEDIUM5.3

Уязвимость компонента Utilities программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-07-17Modified: 2023-11-21

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

References

CVE-2019-2769

CVE-2019-2602

HIGH7.5

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Published: 2019-04-23Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-2684

MEDIUM5.9

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Published: 2019-04-23Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

CVE-2019-2698

HIGH8.1

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published: 2019-04-23Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2019-2762

MEDIUM5.3

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2766

LOW3.1

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2019-2769

MEDIUM5.3

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2786

LOW3.4

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

References

CVE-2019-2816

MEDIUM4.8

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2019-2818

LOW3.1

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2019-2821

MEDIUM5.3

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2019-2894

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2019-2933

LOW3.1

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2019-2945

LOW3.1

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

References

CVE-2019-2949

MEDIUM6.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

References

CVE-2019-2958

MEDIUM5.9

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

CVE-2019-2962

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2964

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2973

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2975

MEDIUM4.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

References

CVE-2019-2977

MEDIUM4.8

Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:P

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

References

CVE-2019-2978

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2981

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2983

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2987

LOW3.7

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2988

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2989

MEDIUM6.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

References

CVE-2019-2992

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2019-2999

MEDIUM4.7

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).

Published: 2019-10-16Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

References

CVE-2019-7317

MEDIUM5.3

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

Published: 2019-02-04Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

References

CVE-2020-14556

MEDIUM4.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published: 2020-07-15Modified: 2025-05-27

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2020-14562

MEDIUM5.3

Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-07-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-14573

LOW3.7

Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Published: 2020-07-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

CVE-2020-14577

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: 2020-07-15Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2020-14581

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: 2020-07-15Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2020-14583

HIGH8.3

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Published: 2020-07-15Modified: 2025-05-27

CVSS 2.0MEDIUM 5.1

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2020-14593

HIGH7.4

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N).

Published: 2020-07-15Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xHIGH 7.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

References

CVE-2020-14621

MEDIUM5.3

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).

Published: 2020-07-15Modified: 2025-05-27

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

CVE-2020-14779

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-14781

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2020-14782

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

CVE-2020-14792

MEDIUM4.2

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.2

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

References

CVE-2020-14796

LOW3.1

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2020-14797

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

CVE-2020-14798

LOW3.1

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2020-14803

MEDIUM5.3

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: 2020-10-21Modified: 2025-05-27

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2020-2583

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2590

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

CVE-2020-2593

MEDIUM4.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2020-2601

MEDIUM6.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

References

CVE-2020-2604

HIGH8.1

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2020-2654

LOW3.7

Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2655

MEDIUM4.8

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published: 2020-01-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2020-2754

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2755

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2756

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2757

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2767

MEDIUM4.8

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2020-2773

LOW3.7

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2778

LOW3.7

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.7

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

CVE-2020-2781

MEDIUM5.3

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2020-2800

MEDIUM4.8

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2020-2803

HIGH8.3

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.1

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2020-2805

HIGH8.3

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.1

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

References

CVE-2020-2816

HIGH7.5

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

CVE-2020-2830

MEDIUM5.3

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Published: 2020-04-15Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

CVE-2021-2161

MEDIUM5.9

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

Published: 2021-04-22Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

CVE-2021-2163

MEDIUM5.3

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).

Published: 2021-04-22Modified: 2024-11-21

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2021-2341

LOW3.1

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).

Published: 2021-07-21Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2021-2369

MEDIUM4.3

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).

Published: 2021-07-21Modified: 2025-05-27

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2021-2388

HIGH7.5

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).

Published: 2021-07-21Modified: 2025-05-27

CVSS 2.0MEDIUM 5.1

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Package update java-11-openjdk in branch c9f2

Closed issues (144)

Уязвимость компонента 2D программной платформы Oracle Java SE, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента RMI программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Уязвимость компонента Libraries программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента 2D программной платформы Java SE, позволяющая нарушителю получить полный контроль над Java SE

Уязвимость функции png_image_free (png.c) библиотеки для работы с растровой графикой в формате PNG libpng, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость проекта OpenJDK языка программирования Java, связанная с недостатками контроля доступа, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость проекта OpenJDK языка программирования Java, связанная с недостатками контроля доступа, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость реализации ChaCha20Cipher проекта OpenJDK языка программирования Java, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость компонента Java Secure Socket Extension (JSSE) проекта OpenJDK языка программирования Java, позволяющая нарушителю получить доступ к конфиденциальным данным

Уязвимость компонента Utilities программных платформ Java SE, Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Security программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к информации

Уязвимость компонента 2D программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента 2D программной платформы Oracle Java SE, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента Serialization программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента JAXP программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента Networking программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента JAXP программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента Concurrency программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента 2D программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать частичный отказ в обслуживании

Уязвимость компонента 2D программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

Уязвимость компонента Networking программных платформ Java SE, Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Kerberos программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Libraries программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным

Уязвимость компонента Security программных платформ Java SE и Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Libraries программных платформ Oracle Java SE, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Serialization программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Networking программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Уязвимость компонента Security программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Serialization программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента Libraries программных платформ Java SE и Java SE Embedded, позволяющая нарушителю получить полный контроль над приложением

Уязвимость компонента Scripting программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Scripting программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Serialization программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Serialization программных платформ Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента JSSE программной платформы Java SE, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Security программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента JSSE программной платформы Oracle Java SE, позволяющая нарушителю получить несанкционированный досутп к защищаемой информации

Уязвимость компонента JSSE программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Concurrency программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента JAXP программных платформ Oracle Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на чтение, изменение, добавление или удаление данных

Уязвимость компонента JSSE программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента 2D программных платформ Oracle Java SE и Oracle Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента 2D программных платформ Oracle Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Уязвимость компонента Libraries программной платформы Java SE, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Уязвимость компонента JNDI программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Уязвимость компонента Serialization программных платформ Java SE, Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Libraries программных платформ Java SE, Java SE Embedded, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных

Уязвимость компонента Networking программной платформы Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю получить доступ на чтение данных

Уязвимость компонента Hotspot виртуальной машины Oracle GraalVM Enterprise Edition, программной платформы Java SE, позволяющая нарушителю выполнить произвольный Java-код

Уязвимость компонента Library программной платформы Java SE и виртуальной машины Oracle GraalVM Enterprise Edition, позволяющая нарушителю модифицировать данные

Уязвимость компонента Utilities программных платформ Oracle Java SE и Java SE Embedded, позволяющая нарушителю вызвать отказ в обслуживании

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.