Published: 21/01/2016 Updated: 08/09/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote malicious users to affect confidentiality and integrity via unknown vectors related to Libraries.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle jdk 1.8.0

oracle jre 1.8.0

oracle jrockit r28.3.8

Vendor Advisories

It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length This could, in certain cases, lead to generation of keys that were weaker than expected ...
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions (CVE-2016-0483 ) A flaw was found in the ...
Oracle Critical Patch Update Advisory - January 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Pat ...
Oracle Linux Bulletin - January 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are relea ...