356
VMScore

CVE-2016-0448

Published: 21/01/2016 Updated: 08/09/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jdk 1.6.0

oracle jdk 1.7.0

oracle jdk 1.8.0

oracle jre 1.6.0

oracle jre 1.8.0

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

canonical ubuntu linux 15.10

Vendor Advisories

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX ...
Several security issues were fixed in OpenJDK 6 ...
Several security issues were fixed in OpenJDK 7 ...
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography For the oldstable distribution (wheezy), these problems have been fixed in version 7u95-264-1~deb7u1 For the stable distribution (j ...
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography For the oldstable distribution (wheezy), these problems have been fixed in version 6b38-11310-1~deb7u1 We recommend that you upgra ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) An integer signedness is ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) A flaw was found in the ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) An integer signedness is ...
Oracle Critical Patch Update Advisory - January 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Pat ...
Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...

References

NVD-CWE-noinfohttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0049.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0050.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0053.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0054.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0056.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0057.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0067.htmlhttp://www.debian.org/security/2016/dsa-3458http://www.debian.org/security/2016/dsa-3465http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/81123http://www.securitytracker.com/id/1034715http://www.ubuntu.com/usn/USN-2884-1http://www.ubuntu.com/usn/USN-2885-1https://access.redhat.com/errata/RHSA-2016:1430https://security.gentoo.org/glsa/201603-14https://security.gentoo.org/glsa/201610-08https://www.securityfocus.com/bid/81123https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/aix-6.1-java_jan2016_advisory_cve-2016-0448https://access.redhat.com/security/cve/cve-2016-0448https://usn.ubuntu.com/2885-1/