rpm package
suse/java-1_8_0-ibm&distro=SUSE Linux Enterprise Server 12 SP1
pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1
Vulnerabilities (72)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-5548 | Med | 6.5 | < 1.8.0_sr4.0-23.1 | 1.8.0_sr4.0-23.1 | Jan 27, 2017 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network a | |
| CVE-2016-5547 | Med | 5.3 | < 1.8.0_sr4.0-23.1 | 1.8.0_sr4.0-23.1 | Jan 27, 2017 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated at | |
| CVE-2016-5597 | Med | 5.9 | < 1.8.0_sr3.21-20.1 | 1.8.0_sr3.21-20.1 | Oct 25, 2016 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. | |
| CVE-2016-5573 | Hig | 8.3 | < 1.8.0_sr3.21-20.1 | 1.8.0_sr3.21-20.1 | Oct 25, 2016 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582. | |
| CVE-2016-5568 | Cri | 9.6 | < 1.8.0_sr3.21-20.1 | 1.8.0_sr3.21-20.1 | Oct 25, 2016 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | |
| CVE-2016-5556 | Cri | 9.6 | < 1.8.0_sr3.21-20.1 | 1.8.0_sr3.21-20.1 | Oct 25, 2016 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | |
| CVE-2016-5554 | Med | 4.3 | < 1.8.0_sr3.21-20.1 | 1.8.0_sr3.21-20.1 | Oct 25, 2016 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. | |
| CVE-2016-5542 | Low | 3.1 | < 1.8.0_sr3.21-20.1 | 1.8.0_sr3.21-20.1 | Oct 25, 2016 | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. | |
| CVE-2016-2183 | Hig | 7.5 | < 1.8.0_sr4.0-23.1 | 1.8.0_sr4.0-23.1 | Sep 1, 2016 | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura | |
| CVE-2016-3598 | Cri | 9.6 | < 1.8.0_sr3.10-15.1 | 1.8.0_sr3.10-15.1 | Jul 21, 2016 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. | |
| CVE-2016-3511 | Hig | 7.7 | < 1.8.0_sr3.10-15.1 | 1.8.0_sr3.10-15.1 | Jul 21, 2016 | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment. | |
| CVE-2016-3485 | Low | 2.9 | < 1.8.0_sr3.10-15.1 | 1.8.0_sr3.10-15.1 | Jul 21, 2016 | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. | |
| CVE-2015-5041 | Cri | 9.1 | < 1.8.0_sr2.10-7.1 | 1.8.0_sr2.10-7.1 | Jun 6, 2016 | The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. | |
| CVE-2016-0376 | Hig | 8.1 | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | Jun 3, 2016 | The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in | |
| CVE-2016-0363 | Hig | 8.1 | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | Jun 3, 2016 | The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.refle | |
| CVE-2016-0264 | Med | 5.6 | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | May 24, 2016 | Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbi | |
| CVE-2016-3449 | Hig | 8.3 | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | Apr 21, 2016 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. | |
| CVE-2016-3443 | Cri | 9.6 | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | Apr 21, 2016 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims t | |
| CVE-2016-3427 | Cri | 9.8 | KEV | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | Apr 21, 2016 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. |
| CVE-2016-3426 | Low | 3.1 | < 1.8.0_sr3.0-10.1 | 1.8.0_sr3.0-10.1 | Apr 21, 2016 | Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. |
- affected < 1.8.0_sr4.0-23.1fixed 1.8.0_sr4.0-23.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network a
- affected < 1.8.0_sr4.0-23.1fixed 1.8.0_sr4.0-23.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated at
- affected < 1.8.0_sr3.21-20.1fixed 1.8.0_sr3.21-20.1
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.
- affected < 1.8.0_sr3.21-20.1fixed 1.8.0_sr3.21-20.1
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.
- affected < 1.8.0_sr3.21-20.1fixed 1.8.0_sr3.21-20.1
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
- affected < 1.8.0_sr3.21-20.1fixed 1.8.0_sr3.21-20.1
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
- affected < 1.8.0_sr3.21-20.1fixed 1.8.0_sr3.21-20.1
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.
- affected < 1.8.0_sr3.21-20.1fixed 1.8.0_sr3.21-20.1
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.
- affected < 1.8.0_sr4.0-23.1fixed 1.8.0_sr4.0-23.1
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-dura
- affected < 1.8.0_sr3.10-15.1fixed 1.8.0_sr3.10-15.1
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
- affected < 1.8.0_sr3.10-15.1fixed 1.8.0_sr3.10-15.1
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
- affected < 1.8.0_sr3.10-15.1fixed 1.8.0_sr3.10-15.1
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.
- affected < 1.8.0_sr2.10-7.1fixed 1.8.0_sr2.10-7.1
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.refle
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbi
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims t
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
- affected < 1.8.0_sr3.0-10.1fixed 1.8.0_sr3.0-10.1
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
Page 2 of 4