jdk7-openjdk

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description OpenJDK Java 7 development kit
Version 7.u261_2.6.22-1 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2480 7.u261_2.6.22-1 Medium Vulnerable
AVG-2191 7.u261_2.6.22-1 Medium Vulnerable
AVG-1850 7.u261_2.6.22-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-35603 AVG-2480 Low Yes Information disclosure
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the security-libs/javax.net.ssl component. A difficult to...
CVE-2021-35588 AVG-2480 Low Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321 and 8u312 in the hotspot/runtime component. A difficult to exploit vulnerability allows...
CVE-2021-35586 AVG-2480 Medium Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the client-libs/javax.imageio component. An easily...
CVE-2021-35565 AVG-2480 Medium Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321, 8u312 and 11.0.13 in the core-libs/java.net component. An easily exploitable vulnerability...
CVE-2021-35564 AVG-2480 Medium Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the security-libs/java.security component. An easily...
CVE-2021-35561 AVG-2480 Medium Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the core-libs/java.util component. An easily exploitable...
CVE-2021-35559 AVG-2480 Medium Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the security-libs/javax.net.ssl component. An easily...
CVE-2021-35556 AVG-2480 Medium Yes Denial of service
A security issue has been found in OpenJDK before versions 7u321, 8u312, 11.0.13 and 17.0.1 in the client-libs/javax.swing component. An easily exploitable...
CVE-2021-35550 AVG-2480 Medium Yes Information disclosure
A security issue has been found in OpenJDK before versions 7u321, 8u312 and 11.0.13 in the security-libs/javax.net.ssl component. A difficult to exploit...
CVE-2021-2432 AVG-2191 Medium Yes Denial of service
Vulnerability in Java SE (component: JNDI). The supported version that is affected is Java SE: 7u301. Difficult to exploit vulnerability allows...
CVE-2021-2369 AVG-2191 Medium Yes Arbitrary code execution
A security issue has been found in the Library component of OpenJDK versions 7u301, 8u291, 11.0.11 and 16.0.1. An easily exploitable vulnerability allows...
CVE-2021-2341 AVG-2191 Medium Yes Information disclosure
A security issue has been found in the Networking component of OpenJDK versions 7u301, 8u291, 11.0.11 and 16.0.1. A difficult to exploit vulnerability...
CVE-2021-2163 AVG-1850 Medium Yes Insufficient validation
A security issue was found in the way the Libraries component of OpenJDK enforced constraints defined in the jdk.jar.disabledAlgorithms security property....

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1868 7.u261_2.6.22-1 Medium Not affected
AVG-380 7.u131_2.6.9-1 7.u151_2.6.11-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-2161 AVG-1868 Medium Yes Incorrect calculation
It was discovered that the implementation of ProcesBuilder in the Libraries component of OpenJDK on the Windows platform did not properly detect command...
CVE-2017-10176 AVG-380 Medium Yes Private key recovery
It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain...
CVE-2017-10135 AVG-380 Low Yes Private key recovery
A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application...
CVE-2017-10118 AVG-380 Medium Yes Private key recovery
A covert timing channel flaw was found in the ECDSA implementation in the JCE component of OpenJDK.  A remote attacker able to make a Java application...
CVE-2017-10116 AVG-380 High Yes Privilege escalation
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP...
CVE-2017-10115 AVG-380 Medium Yes Private key recovery
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate...
CVE-2017-10111 AVG-380 Critical Yes Arbitrary code execution
It was discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the...
CVE-2017-10110 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ImageWatched class in the AWT component of OpenJDK failed to properly perform access control checks.  An...
CVE-2017-10109 AVG-380 Medium Yes Access restriction bypass
It was discovered that the implementation of the CodeSource class in OpenJDK did not limit the amount of memory allocated when creating object instance from...
CVE-2017-10108 AVG-380 Medium Yes Denial of service
It was discovered that the implementation of the BasicAttribute class in OpenJDK did not limit the amount of memory allocated when creating object instance...
CVE-2017-10107 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ActivationID class in the RMI component of OpenJDK failed to properly perform access control checks.  An...
CVE-2017-10102 AVG-380 Critical Yes Arbitrary code execution
It was discovered that the DCG (Distributed Garbage Collector) implementation in the RMI component of OpenJDK failed to correctly handle references.  A...
CVE-2017-10101 AVG-380 Critical Yes Access restriction bypass
It was discovered that the JAXP component of OpenJDK failed to restrict access to certain internal classes.  An untrusted Java application or applet could...
CVE-2017-10096 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the TransformerException class in the JAXP component of OpenJDK failed to properly perform access control...
CVE-2017-10090 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the AsynchronousChannelGroupImpl class in the java.nio.channels package of the Libraries component of OpenJDK...
CVE-2017-10089 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ServiceRegistry class in the ImageIO component of OpenJDK failed to properly perform access control checks....
CVE-2017-10087 AVG-380 Critical Yes Access restriction bypass
It was discovered that the implementation of the ThreadPoolExecutor class in the java.util.concurrent package of the Libraries component of OpenJDK failed...
CVE-2017-10081 AVG-380 Medium Yes Access restriction bypass
A flaw was found in the way the Hotspot component of OpenJDK processed extraneous brackets in function signatures.  An untrusted Java application or applet...
CVE-2017-10074 AVG-380 Critical Yes Arbitrary code execution
It was discovered that the Hotspot component of OpenJDK did not properly check for integer overflows when generating range check loop predicates.  An...
CVE-2017-10067 AVG-380 High Yes Authentication bypass
It was discovered that the JAR (Java ARchive) verifier in the Security component of OpenJDK did not correctly handle files inside archives with missing...
CVE-2017-10053 AVG-380 Low No Denial of service
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if that was not...
CVE-2017-3544 AVG-380 Low Yes Content spoofing
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this...
CVE-2017-3539 AVG-380 Low Yes Access restriction bypass
It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This...
CVE-2017-3533 AVG-380 Medium Yes Access restriction bypass
A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this...
CVE-2017-3526 AVG-380 High Yes Denial of service
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a...
CVE-2017-3511 AVG-380 High No Privilege escalation
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application...
CVE-2017-3509 AVG-380 Medium Yes Privilege escalation
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a...

Advisories

Date Advisory Group Severity Type
12 Aug 2017 ASA-201708-8 AVG-380 Critical multiple issues