National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:oracle:jdk:1.6.0:update_113
There are 11 matching records.
Vuln ID Summary CVSS Severity
CVE-2013-4578

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation.

Published: December 29, 2017; 05:29:00 PM -05:00
V3.0: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-3449

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.

Published: April 21, 2016; 07:00:34 AM -04:00
V3.0: 8.3 HIGH
    V2: 7.6 HIGH
CVE-2016-3443

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.

Published: April 21, 2016; 07:00:32 AM -04:00
V3.0: 9.6 CRITICAL
    V2: 10.0 HIGH
CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

Published: April 21, 2016; 07:00:21 AM -04:00
V3.0: 9.0 CRITICAL
    V2: 10.0 HIGH
CVE-2016-3425

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.

Published: April 21, 2016; 07:00:19 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-3422

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.

Published: April 21, 2016; 07:00:17 AM -04:00
V3.0: 4.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2016-0695

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.

Published: April 21, 2016; 06:59:55 AM -04:00
V3.0: 5.9 MEDIUM
    V2: 2.6 LOW
CVE-2016-0687

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.

Published: April 21, 2016; 06:59:47 AM -04:00
V3.0: 9.6 CRITICAL
    V2: 10.0 HIGH
CVE-2016-0686

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.

Published: April 21, 2016; 06:59:47 AM -04:00
V3.0: 9.6 CRITICAL
    V2: 10.0 HIGH
CVE-2012-5373

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.

Published: November 28, 2012; 08:03:10 AM -05:00
    V2: 5.0 MEDIUM
CVE-2007-3503

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: June 29, 2007; 09:30:00 PM -04:00
    V2: 4.3 MEDIUM