Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2016-0483

Опубликовано: 21 янв. 2016
Источник: nvd
CVSS2: 10
EPSS Средний

Описание

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

Комментарий

Per Oracle: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:oracle:jdk:1.6.0:update105:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update66:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update105:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update91:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update66:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:oracle:jrockit:r28.3.8:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.12013
Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2016-0483

ubuntu
больше 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

redhat логотип

CVE-2016-0483

redhat
больше 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

debian логотип

CVE-2016-0483

debian
больше 9 лет назад

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Jav ...

github логотип

GHSA-7xjq-3wg8-c44c

github
больше 3 лет назад

Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.

fstec логотип

BDU:2016-00159

fstec
больше 9 лет назад

Уязвимость программных платформ Jrockit и Java Platform, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 94%
0.12013
Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo