rpm package

suse/java-1_8_0-ibm&distro=SUSE Linux Enterprise Server 12 SP3

pkg:rpm/suse/java-1_8_0-ibm&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3

Vulnerabilities (94)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-10101	Cri	9.6	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access
CVE-2017-10096	Cri	9.6	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access
CVE-2017-10090	Cri	9.6	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access v
CVE-2017-10089	Cri	9.6	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Ja
CVE-2017-10087	Cri	9.6	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network a
CVE-2017-10081	Med	4.3	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network acc
CVE-2017-10078	Hig	8.1	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successf
CVE-2017-10074	Hig	8.3	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network a
CVE-2017-10067	Hig	7.5	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
CVE-2017-10053	Med	5.3	< 1.8.0_sr4.10-30.5.1	1.8.0_sr4.10-30.5.1	Aug 8, 2017	Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated at
CVE-2016-9841	Cri	9.8	< 1.8.0_sr5.5-30.13.1	1.8.0_sr5.5-30.13.1	May 23, 2017	inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-3732	Med	5.9	< 1.8.0_sr5.20-30.36.1	1.8.0_sr5.20-30.36.1	May 4, 2017	There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and
CVE-2016-10165	Hig	7.1	< 1.8.0_sr5.5-30.13.1	1.8.0_sr5.5-30.13.1	Feb 3, 2017	The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-0705	Cri	9.8	< 1.8.0_sr5.20-30.36.1	1.8.0_sr5.20-30.36.1	Mar 3, 2016	Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat

CVE-2017-10101CriAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access
CVE-2017-10096CriAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access
CVE-2017-10090CriAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access v
CVE-2017-10089CriAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Ja
CVE-2017-10087CriAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network a
CVE-2017-10081MedAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network acc
CVE-2017-10078HigAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successf
CVE-2017-10074HigAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network a
CVE-2017-10067HigAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
CVE-2017-10053MedAug 8, 2017
affected < 1.8.0_sr4.10-30.5.1fixed 1.8.0_sr4.10-30.5.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated at
CVE-2016-9841CriMay 23, 2017
affected < 1.8.0_sr5.5-30.13.1fixed 1.8.0_sr5.5-30.13.1
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-3732MedMay 4, 2017
affected < 1.8.0_sr5.20-30.36.1fixed 1.8.0_sr5.20-30.36.1
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and
CVE-2016-10165HigFeb 3, 2017
affected < 1.8.0_sr5.5-30.13.1fixed 1.8.0_sr5.5-30.13.1
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-0705CriMar 3, 2016
affected < 1.8.0_sr5.20-30.36.1fixed 1.8.0_sr5.20-30.36.1
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA privat

Page 5 of 5