| CVE-2017-10176 |
Medium |
Yes |
Private key recovery |
It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain... |
| CVE-2017-10135 |
Low |
Yes |
Private key recovery |
A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application... |
| CVE-2017-10118 |
Medium |
Yes |
Private key recovery |
A covert timing channel flaw was found in the ECDSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application... |
| CVE-2017-10116 |
High |
Yes |
Privilege escalation |
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP... |
| CVE-2017-10115 |
Medium |
Yes |
Private key recovery |
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate... |
| CVE-2017-10111 |
Critical |
Yes |
Arbitrary code execution |
It was discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the... |
| CVE-2017-10110 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the implementation of the ImageWatched class in the AWT component of OpenJDK failed to properly perform access control checks. An... |
| CVE-2017-10109 |
Medium |
Yes |
Access restriction bypass |
It was discovered that the implementation of the CodeSource class in OpenJDK did not limit the amount of memory allocated when creating object instance from... |
| CVE-2017-10108 |
Medium |
Yes |
Denial of service |
It was discovered that the implementation of the BasicAttribute class in OpenJDK did not limit the amount of memory allocated when creating object instance... |
| CVE-2017-10107 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the implementation of the ActivationID class in the RMI component of OpenJDK failed to properly perform access control checks. An... |
| CVE-2017-10102 |
Critical |
Yes |
Arbitrary code execution |
It was discovered that the DCG (Distributed Garbage Collector) implementation in the RMI component of OpenJDK failed to correctly handle references. A... |
| CVE-2017-10101 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the JAXP component of OpenJDK failed to restrict access to certain internal classes. An untrusted Java application or applet could... |
| CVE-2017-10096 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the implementation of the TransformerException class in the JAXP component of OpenJDK failed to properly perform access control... |
| CVE-2017-10090 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the implementation of the AsynchronousChannelGroupImpl class in the java.nio.channels package of the Libraries component of OpenJDK... |
| CVE-2017-10089 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the implementation of the ServiceRegistry class in the ImageIO component of OpenJDK failed to properly perform access control checks.... |
| CVE-2017-10087 |
Critical |
Yes |
Access restriction bypass |
It was discovered that the implementation of the ThreadPoolExecutor class in the java.util.concurrent package of the Libraries component of OpenJDK failed... |
| CVE-2017-10081 |
Medium |
Yes |
Access restriction bypass |
A flaw was found in the way the Hotspot component of OpenJDK processed extraneous brackets in function signatures. An untrusted Java application or applet... |
| CVE-2017-10074 |
Critical |
Yes |
Arbitrary code execution |
It was discovered that the Hotspot component of OpenJDK did not properly check for integer overflows when generating range check loop predicates. An... |
| CVE-2017-10067 |
High |
Yes |
Authentication bypass |
It was discovered that the JAR (Java ARchive) verifier in the Security component of OpenJDK did not correctly handle files inside archives with missing... |
| CVE-2017-10053 |
Low |
No |
Denial of service |
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if that was not... |
| CVE-2017-3544 |
Low |
Yes |
Content spoofing |
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this... |
| CVE-2017-3539 |
Low |
Yes |
Access restriction bypass |
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This... |
| CVE-2017-3533 |
Medium |
Yes |
Access restriction bypass |
A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this... |
| CVE-2017-3526 |
High |
Yes |
Denial of service |
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a... |
| CVE-2017-3511 |
High |
No |
Privilege escalation |
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application... |
| CVE-2017-3509 |
Medium |
Yes |
Privilege escalation |
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a... |