rpm package

suse/java-1_8_0-openjdk&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (184)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2016-3511	Hig	7.7		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
CVE-2016-3508	Med	5.3		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
CVE-2016-3503	Hig	7.7		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
CVE-2016-3500	Med	5.3		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
CVE-2016-3498	Med	5.3		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.
CVE-2016-3485	Low	2.9		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.
CVE-2016-3458	Med	4.3		< 1.8.0.101-14.3	1.8.0.101-14.3	Jul 21, 2016	Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.
CVE-2016-2834	Hig	8.8		< 1.8.0.121-23.4	1.8.0.121-23.4	Jun 13, 2016	Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-3427	Cri	9.8	KEV	< 1.8.0.91-11.1	1.8.0.91-11.1	Apr 21, 2016	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-3426	Low	3.1		< 1.8.0.91-11.1	1.8.0.91-11.1	Apr 21, 2016	Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
CVE-2016-3425	Med	4.3		< 1.8.0.91-11.1	1.8.0.91-11.1	Apr 21, 2016	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
CVE-2016-0695	Med	5.9		< 1.8.0.91-11.1	1.8.0.91-11.1	Apr 21, 2016	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
CVE-2016-0687	Cri	9.6		< 1.8.0.91-11.1	1.8.0.91-11.1	Apr 21, 2016	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
CVE-2016-0686	Cri	9.6		< 1.8.0.91-11.1	1.8.0.91-11.1	Apr 21, 2016	Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
CVE-2016-0636	Hig	8.1		< 1.8.0.77-6.1	1.8.0.77-6.1	Mar 24, 2016	Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
CVE-2016-1950	Hig	8.8		< 1.8.0.121-23.4	1.8.0.121-23.4	Mar 13, 2016	Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509
CVE-2016-0494		—		< 1.8.0.72-3.2	1.8.0.72-3.2	Jan 21, 2016	Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2016-0483		—		< 1.8.0.72-3.2	1.8.0.72-3.2	Jan 21, 2016	Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. O
CVE-2016-0475		—		< 1.8.0.72-3.2	1.8.0.72-3.2	Jan 21, 2016	Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
CVE-2016-0466		—		< 1.8.0.72-3.2	1.8.0.72-3.2	Jan 21, 2016	Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.

CVE-2016-3511HigJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
CVE-2016-3508MedJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
CVE-2016-3503HigJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
CVE-2016-3500MedJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
CVE-2016-3498MedJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.
CVE-2016-3485LowJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.
CVE-2016-3458MedJul 21, 2016
affected < 1.8.0.101-14.3fixed 1.8.0.101-14.3
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.
CVE-2016-2834HigJun 13, 2016
affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-3427CriKEVApr 21, 2016
affected < 1.8.0.91-11.1fixed 1.8.0.91-11.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVE-2016-3426LowApr 21, 2016
affected < 1.8.0.91-11.1fixed 1.8.0.91-11.1
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
CVE-2016-3425MedApr 21, 2016
affected < 1.8.0.91-11.1fixed 1.8.0.91-11.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
CVE-2016-0695MedApr 21, 2016
affected < 1.8.0.91-11.1fixed 1.8.0.91-11.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
CVE-2016-0687CriApr 21, 2016
affected < 1.8.0.91-11.1fixed 1.8.0.91-11.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
CVE-2016-0686CriApr 21, 2016
affected < 1.8.0.91-11.1fixed 1.8.0.91-11.1
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
CVE-2016-0636HigMar 24, 2016
affected < 1.8.0.77-6.1fixed 1.8.0.77-6.1
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
CVE-2016-1950HigMar 13, 2016
affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509
CVE-2016-0494Jan 21, 2016
affected < 1.8.0.72-3.2fixed 1.8.0.72-3.2
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2016-0483Jan 21, 2016
affected < 1.8.0.72-3.2fixed 1.8.0.72-3.2
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. O
CVE-2016-0475Jan 21, 2016
affected < 1.8.0.72-3.2fixed 1.8.0.72-3.2
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
CVE-2016-0466Jan 21, 2016
affected < 1.8.0.72-3.2fixed 1.8.0.72-3.2
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.

Page 9 of 10