- Home
- CVEs with nessus.description==Incorrect enforcement of certificate path restrictions :
It was discovered that the Security component of OpenJDK could fail to
properly enforce restrictions defined for processing of X.509
certificate chains. A remote attacker could possibly use this flaw to
make Java accept certificate using one of the disabled algorithms.
(CVE-2017-10198)
Insufficient access control checks in XML transformations
(CVE-2017-10096)
Incorrect range checks in LambdaFormEditor (CVE-2017-10111)
Insufficient access control checks in AsynchronousChannelGroupImpl
(CVE-2017-10090)
Incorrect key size constraint check (CVE-2017-10193)
Integer overflows in range check loop predicates (CVE-2017-10074)
PKCS#8 implementation timing attack :
A covert timing channel flaw was found in the PKCS#8 implementation in
the JCE component of OpenJDK. A remote attacker able to make a Java
application repeatedly compare PKCS#8 key against an attacker
controlled value could possibly use this flaw to determine the key via
a timing side channel. (CVE-2017-10135)
Incorrect handling of references in DGC :
It was discovered that the DCG implementation in the RMI component of
OpenJDK failed to correctly handle references. A remote attacker could
possibly use this flaw to execute arbitrary code with the privileges
of RMI registry or a Java RMI application. (CVE-2017-10102)
Insufficient access control checks in ImageWatched (CVE-2017-10110)
Unrestricted access to com.sun.org.apache.xml.internal.resolver
(CVE-2017-10101)
DSA implementation timing attack :
A covert timing channel flaw was found in the DSA implementation in
the JCE component of OpenJDK. A remote attacker able to make a Java
application generate DSA signatures on demand could possibly use this
flaw to extract certain information about the used key via a timing
side channel. (CVE-2017-10115)
Insufficient access control checks in ActivationID (CVE-2017-10107)
LDAPCertStore following referrals to non-LDAP URLs :
It was discovered that the LDAPCertStore class in the Security
component of OpenJDK followed LDAP referrals to arbitrary URLs. A
specially crafted LDAP referral URL could cause LDAPCertStore to
communicate with non-LDAP servers. (CVE-2017-10116)
JAR verifier incorrect handling of missing digest (CVE-2017-10067)
Reading of unprocessed image data in JPEGImageReader :
It was discovered that the JPEGImageReader implementation in the 2D
component of OpenJDK would, in certain cases, read all image data even
if it was not used later. A specially crafted image could cause a Java
application to temporarily use an excessive amount of CPU and memory.
(CVE-2017-10053)
Unbounded memory allocation in CodeSource deserialization
(CVE-2017-10109)
Unbounded memory allocation in BasicAttribute deserialization
(CVE-2017-10108)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top