java-1_8_0-openjdk-1.8.0.302-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10876 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z java-1_8_0-openjdk-1.8.0.302-2.2 on GA media These are all security issues fixed in the java-1_8_0-openjdk-1.8.0.302-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10876 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10876 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-10165/ SUSE CVE CVE-2016-10165 page https://www.suse.com/security/cve/CVE-2016-2183/ SUSE CVE CVE-2016-2183 page https://www.suse.com/security/cve/CVE-2016-5546/ SUSE CVE CVE-2016-5546 page https://www.suse.com/security/cve/CVE-2016-5547/ SUSE CVE CVE-2016-5547 page https://www.suse.com/security/cve/CVE-2016-5548/ SUSE CVE CVE-2016-5548 page https://www.suse.com/security/cve/CVE-2016-5549/ SUSE CVE CVE-2016-5549 page https://www.suse.com/security/cve/CVE-2016-5552/ SUSE CVE CVE-2016-5552 page https://www.suse.com/security/cve/CVE-2016-9840/ SUSE CVE CVE-2016-9840 page https://www.suse.com/security/cve/CVE-2016-9843/ SUSE CVE CVE-2016-9843 page https://www.suse.com/security/cve/CVE-2017-10053/ SUSE CVE CVE-2017-10053 page https://www.suse.com/security/cve/CVE-2017-10067/ SUSE CVE CVE-2017-10067 page https://www.suse.com/security/cve/CVE-2017-10074/ SUSE CVE CVE-2017-10074 page https://www.suse.com/security/cve/CVE-2017-10078/ SUSE CVE CVE-2017-10078 page https://www.suse.com/security/cve/CVE-2017-10081/ SUSE CVE CVE-2017-10081 page https://www.suse.com/security/cve/CVE-2017-10086/ SUSE CVE CVE-2017-10086 page https://www.suse.com/security/cve/CVE-2017-10087/ SUSE CVE CVE-2017-10087 page https://www.suse.com/security/cve/CVE-2017-10089/ SUSE CVE CVE-2017-10089 page https://www.suse.com/security/cve/CVE-2017-10090/ SUSE CVE CVE-2017-10090 page https://www.suse.com/security/cve/CVE-2017-10096/ SUSE CVE CVE-2017-10096 page https://www.suse.com/security/cve/CVE-2017-10101/ SUSE CVE CVE-2017-10101 page https://www.suse.com/security/cve/CVE-2017-10102/ SUSE CVE CVE-2017-10102 page https://www.suse.com/security/cve/CVE-2017-10105/ SUSE CVE CVE-2017-10105 page https://www.suse.com/security/cve/CVE-2017-10107/ SUSE CVE CVE-2017-10107 page https://www.suse.com/security/cve/CVE-2017-10108/ SUSE CVE CVE-2017-10108 page https://www.suse.com/security/cve/CVE-2017-10109/ SUSE CVE CVE-2017-10109 page https://www.suse.com/security/cve/CVE-2017-10110/ SUSE CVE CVE-2017-10110 page https://www.suse.com/security/cve/CVE-2017-10111/ SUSE CVE CVE-2017-10111 page https://www.suse.com/security/cve/CVE-2017-10114/ SUSE CVE CVE-2017-10114 page https://www.suse.com/security/cve/CVE-2017-10115/ SUSE CVE CVE-2017-10115 page https://www.suse.com/security/cve/CVE-2017-10116/ SUSE CVE CVE-2017-10116 page https://www.suse.com/security/cve/CVE-2017-10118/ SUSE CVE CVE-2017-10118 page https://www.suse.com/security/cve/CVE-2017-10125/ SUSE CVE CVE-2017-10125 page https://www.suse.com/security/cve/CVE-2017-10135/ SUSE CVE CVE-2017-10135 page https://www.suse.com/security/cve/CVE-2017-10176/ SUSE CVE CVE-2017-10176 page https://www.suse.com/security/cve/CVE-2017-10193/ SUSE CVE CVE-2017-10193 page https://www.suse.com/security/cve/CVE-2017-10198/ SUSE CVE CVE-2017-10198 page https://www.suse.com/security/cve/CVE-2017-10243/ SUSE CVE CVE-2017-10243 page https://www.suse.com/security/cve/CVE-2017-10274/ SUSE CVE CVE-2017-10274 page https://www.suse.com/security/cve/CVE-2017-10281/ SUSE CVE CVE-2017-10281 page https://www.suse.com/security/cve/CVE-2017-10285/ SUSE CVE CVE-2017-10285 page https://www.suse.com/security/cve/CVE-2017-10295/ SUSE CVE CVE-2017-10295 page https://www.suse.com/security/cve/CVE-2017-10345/ SUSE CVE CVE-2017-10345 page https://www.suse.com/security/cve/CVE-2017-10346/ SUSE CVE CVE-2017-10346 page https://www.suse.com/security/cve/CVE-2017-10347/ SUSE CVE CVE-2017-10347 page https://www.suse.com/security/cve/CVE-2017-10348/ SUSE CVE CVE-2017-10348 page https://www.suse.com/security/cve/CVE-2017-10349/ SUSE CVE CVE-2017-10349 page https://www.suse.com/security/cve/CVE-2017-10350/ SUSE CVE CVE-2017-10350 page https://www.suse.com/security/cve/CVE-2017-10355/ SUSE CVE CVE-2017-10355 page https://www.suse.com/security/cve/CVE-2017-10356/ SUSE CVE CVE-2017-10356 page https://www.suse.com/security/cve/CVE-2017-10357/ SUSE CVE CVE-2017-10357 page https://www.suse.com/security/cve/CVE-2017-10388/ SUSE CVE CVE-2017-10388 page https://www.suse.com/security/cve/CVE-2017-3231/ SUSE CVE CVE-2017-3231 page https://www.suse.com/security/cve/CVE-2017-3241/ SUSE CVE CVE-2017-3241 page https://www.suse.com/security/cve/CVE-2017-3252/ SUSE CVE CVE-2017-3252 page https://www.suse.com/security/cve/CVE-2017-3253/ SUSE CVE CVE-2017-3253 page https://www.suse.com/security/cve/CVE-2017-3260/ SUSE CVE CVE-2017-3260 page https://www.suse.com/security/cve/CVE-2017-3261/ SUSE CVE CVE-2017-3261 page https://www.suse.com/security/cve/CVE-2017-3272/ SUSE CVE CVE-2017-3272 page https://www.suse.com/security/cve/CVE-2017-3289/ SUSE CVE CVE-2017-3289 page https://www.suse.com/security/cve/CVE-2017-3509/ SUSE CVE CVE-2017-3509 page https://www.suse.com/security/cve/CVE-2017-3511/ SUSE CVE CVE-2017-3511 page https://www.suse.com/security/cve/CVE-2017-3512/ SUSE CVE CVE-2017-3512 page https://www.suse.com/security/cve/CVE-2017-3514/ SUSE CVE CVE-2017-3514 page https://www.suse.com/security/cve/CVE-2017-3526/ SUSE CVE CVE-2017-3526 page https://www.suse.com/security/cve/CVE-2017-3533/ SUSE CVE CVE-2017-3533 page https://www.suse.com/security/cve/CVE-2017-3539/ SUSE CVE CVE-2017-3539 page https://www.suse.com/security/cve/CVE-2017-3544/ SUSE CVE CVE-2017-3544 page https://www.suse.com/security/cve/CVE-2018-11212/ SUSE CVE CVE-2018-11212 page https://www.suse.com/security/cve/CVE-2018-13785/ SUSE CVE CVE-2018-13785 page https://www.suse.com/security/cve/CVE-2018-16435/ SUSE CVE CVE-2018-16435 page https://www.suse.com/security/cve/CVE-2018-2579/ SUSE CVE CVE-2018-2579 page https://www.suse.com/security/cve/CVE-2018-2582/ SUSE CVE CVE-2018-2582 page https://www.suse.com/security/cve/CVE-2018-2588/ SUSE CVE CVE-2018-2588 page https://www.suse.com/security/cve/CVE-2018-2599/ SUSE CVE CVE-2018-2599 page https://www.suse.com/security/cve/CVE-2018-2602/ SUSE CVE CVE-2018-2602 page https://www.suse.com/security/cve/CVE-2018-2603/ SUSE CVE CVE-2018-2603 page https://www.suse.com/security/cve/CVE-2018-2618/ SUSE CVE CVE-2018-2618 page https://www.suse.com/security/cve/CVE-2018-2629/ SUSE CVE CVE-2018-2629 page https://www.suse.com/security/cve/CVE-2018-2633/ SUSE CVE CVE-2018-2633 page https://www.suse.com/security/cve/CVE-2018-2634/ SUSE CVE CVE-2018-2634 page https://www.suse.com/security/cve/CVE-2018-2637/ SUSE CVE CVE-2018-2637 page https://www.suse.com/security/cve/CVE-2018-2641/ SUSE CVE CVE-2018-2641 page https://www.suse.com/security/cve/CVE-2018-2663/ SUSE CVE CVE-2018-2663 page https://www.suse.com/security/cve/CVE-2018-2677/ SUSE CVE CVE-2018-2677 page https://www.suse.com/security/cve/CVE-2018-2678/ SUSE CVE CVE-2018-2678 page https://www.suse.com/security/cve/CVE-2018-2790/ SUSE CVE CVE-2018-2790 page https://www.suse.com/security/cve/CVE-2018-2794/ SUSE CVE CVE-2018-2794 page https://www.suse.com/security/cve/CVE-2018-2795/ SUSE CVE CVE-2018-2795 page https://www.suse.com/security/cve/CVE-2018-2796/ SUSE CVE CVE-2018-2796 page https://www.suse.com/security/cve/CVE-2018-2797/ SUSE CVE CVE-2018-2797 page https://www.suse.com/security/cve/CVE-2018-2798/ SUSE CVE CVE-2018-2798 page https://www.suse.com/security/cve/CVE-2018-2799/ SUSE CVE CVE-2018-2799 page https://www.suse.com/security/cve/CVE-2018-2800/ SUSE CVE CVE-2018-2800 page https://www.suse.com/security/cve/CVE-2018-2814/ SUSE CVE CVE-2018-2814 page https://www.suse.com/security/cve/CVE-2018-2815/ SUSE CVE CVE-2018-2815 page https://www.suse.com/security/cve/CVE-2018-2938/ SUSE CVE CVE-2018-2938 page https://www.suse.com/security/cve/CVE-2018-2940/ SUSE CVE CVE-2018-2940 page https://www.suse.com/security/cve/CVE-2018-2952/ SUSE CVE CVE-2018-2952 page https://www.suse.com/security/cve/CVE-2018-2973/ SUSE CVE CVE-2018-2973 page https://www.suse.com/security/cve/CVE-2018-3136/ SUSE CVE CVE-2018-3136 page https://www.suse.com/security/cve/CVE-2018-3139/ SUSE CVE CVE-2018-3139 page https://www.suse.com/security/cve/CVE-2018-3149/ SUSE CVE CVE-2018-3149 page https://www.suse.com/security/cve/CVE-2018-3169/ SUSE CVE CVE-2018-3169 page https://www.suse.com/security/cve/CVE-2018-3180/ SUSE CVE CVE-2018-3180 page https://www.suse.com/security/cve/CVE-2018-3183/ SUSE CVE CVE-2018-3183 page https://www.suse.com/security/cve/CVE-2018-3214/ SUSE CVE CVE-2018-3214 page https://www.suse.com/security/cve/CVE-2018-3639/ SUSE CVE CVE-2018-3639 page https://www.suse.com/security/cve/CVE-2019-2422/ SUSE CVE CVE-2019-2422 page https://www.suse.com/security/cve/CVE-2019-2426/ SUSE CVE CVE-2019-2426 page https://www.suse.com/security/cve/CVE-2019-2602/ SUSE CVE CVE-2019-2602 page https://www.suse.com/security/cve/CVE-2019-2684/ SUSE CVE CVE-2019-2684 page https://www.suse.com/security/cve/CVE-2019-2698/ SUSE CVE CVE-2019-2698 page https://www.suse.com/security/cve/CVE-2019-2745/ SUSE CVE CVE-2019-2745 page https://www.suse.com/security/cve/CVE-2019-2762/ SUSE CVE CVE-2019-2762 page https://www.suse.com/security/cve/CVE-2019-2766/ SUSE CVE CVE-2019-2766 page https://www.suse.com/security/cve/CVE-2019-2769/ SUSE CVE CVE-2019-2769 page https://www.suse.com/security/cve/CVE-2019-2786/ SUSE CVE CVE-2019-2786 page https://www.suse.com/security/cve/CVE-2019-2816/ SUSE CVE CVE-2019-2816 page https://www.suse.com/security/cve/CVE-2019-2842/ SUSE CVE CVE-2019-2842 page https://www.suse.com/security/cve/CVE-2019-2894/ SUSE CVE CVE-2019-2894 page https://www.suse.com/security/cve/CVE-2019-2933/ SUSE CVE CVE-2019-2933 page https://www.suse.com/security/cve/CVE-2019-2945/ SUSE CVE CVE-2019-2945 page https://www.suse.com/security/cve/CVE-2019-2949/ SUSE CVE CVE-2019-2949 page https://www.suse.com/security/cve/CVE-2019-2958/ SUSE CVE CVE-2019-2958 page https://www.suse.com/security/cve/CVE-2019-2962/ SUSE CVE CVE-2019-2962 page https://www.suse.com/security/cve/CVE-2019-2964/ SUSE CVE CVE-2019-2964 page https://www.suse.com/security/cve/CVE-2019-2973/ SUSE CVE CVE-2019-2973 page https://www.suse.com/security/cve/CVE-2019-2975/ SUSE CVE CVE-2019-2975 page https://www.suse.com/security/cve/CVE-2019-2978/ SUSE CVE CVE-2019-2978 page https://www.suse.com/security/cve/CVE-2019-2981/ SUSE CVE CVE-2019-2981 page https://www.suse.com/security/cve/CVE-2019-2983/ SUSE CVE CVE-2019-2983 page https://www.suse.com/security/cve/CVE-2019-2987/ SUSE CVE CVE-2019-2987 page https://www.suse.com/security/cve/CVE-2019-2988/ SUSE CVE CVE-2019-2988 page https://www.suse.com/security/cve/CVE-2019-2989/ SUSE CVE CVE-2019-2989 page https://www.suse.com/security/cve/CVE-2019-2992/ SUSE CVE CVE-2019-2992 page https://www.suse.com/security/cve/CVE-2019-2999/ SUSE CVE CVE-2019-2999 page https://www.suse.com/security/cve/CVE-2019-7317/ SUSE CVE CVE-2019-7317 page https://www.suse.com/security/cve/CVE-2020-14556/ SUSE CVE CVE-2020-14556 page https://www.suse.com/security/cve/CVE-2020-14577/ SUSE CVE CVE-2020-14577 page https://www.suse.com/security/cve/CVE-2020-14578/ SUSE CVE CVE-2020-14578 page https://www.suse.com/security/cve/CVE-2020-14579/ SUSE CVE CVE-2020-14579 page https://www.suse.com/security/cve/CVE-2020-14581/ SUSE CVE CVE-2020-14581 page https://www.suse.com/security/cve/CVE-2020-14583/ SUSE CVE CVE-2020-14583 page https://www.suse.com/security/cve/CVE-2020-14593/ SUSE CVE CVE-2020-14593 page https://www.suse.com/security/cve/CVE-2020-14621/ SUSE CVE CVE-2020-14621 page https://www.suse.com/security/cve/CVE-2020-14779/ SUSE CVE CVE-2020-14779 page https://www.suse.com/security/cve/CVE-2020-14781/ SUSE CVE CVE-2020-14781 page https://www.suse.com/security/cve/CVE-2020-14782/ SUSE CVE CVE-2020-14782 page https://www.suse.com/security/cve/CVE-2020-14792/ SUSE CVE CVE-2020-14792 page https://www.suse.com/security/cve/CVE-2020-14796/ SUSE CVE CVE-2020-14796 page https://www.suse.com/security/cve/CVE-2020-14797/ SUSE CVE CVE-2020-14797 page https://www.suse.com/security/cve/CVE-2020-14798/ SUSE CVE CVE-2020-14798 page https://www.suse.com/security/cve/CVE-2020-14803/ SUSE CVE CVE-2020-14803 page https://www.suse.com/security/cve/CVE-2020-2583/ SUSE CVE CVE-2020-2583 page https://www.suse.com/security/cve/CVE-2020-2590/ SUSE CVE CVE-2020-2590 page https://www.suse.com/security/cve/CVE-2020-2593/ SUSE CVE CVE-2020-2593 page https://www.suse.com/security/cve/CVE-2020-2601/ SUSE CVE CVE-2020-2601 page https://www.suse.com/security/cve/CVE-2020-2604/ SUSE CVE CVE-2020-2604 page https://www.suse.com/security/cve/CVE-2020-2654/ SUSE CVE CVE-2020-2654 page https://www.suse.com/security/cve/CVE-2020-2659/ SUSE CVE CVE-2020-2659 page https://www.suse.com/security/cve/CVE-2020-2754/ SUSE CVE CVE-2020-2754 page https://www.suse.com/security/cve/CVE-2020-2755/ SUSE CVE CVE-2020-2755 page https://www.suse.com/security/cve/CVE-2020-2756/ SUSE CVE CVE-2020-2756 page https://www.suse.com/security/cve/CVE-2020-2757/ SUSE CVE CVE-2020-2757 page https://www.suse.com/security/cve/CVE-2020-2773/ SUSE CVE CVE-2020-2773 page https://www.suse.com/security/cve/CVE-2020-2781/ SUSE CVE CVE-2020-2781 page https://www.suse.com/security/cve/CVE-2020-2800/ SUSE CVE CVE-2020-2800 page https://www.suse.com/security/cve/CVE-2020-2803/ SUSE CVE CVE-2020-2803 page https://www.suse.com/security/cve/CVE-2020-2805/ SUSE CVE CVE-2020-2805 page https://www.suse.com/security/cve/CVE-2020-2830/ SUSE CVE CVE-2020-2830 page https://www.suse.com/security/cve/CVE-2021-2161/ SUSE CVE CVE-2021-2161 page https://www.suse.com/security/cve/CVE-2021-2163/ SUSE CVE CVE-2021-2163 page https://www.suse.com/security/cve/CVE-2021-2341/ SUSE CVE CVE-2021-2341 page https://www.suse.com/security/cve/CVE-2021-2369/ SUSE CVE CVE-2021-2369 page https://www.suse.com/security/cve/CVE-2021-2388/ SUSE CVE CVE-2021-2388 page openSUSE Tumbleweed java-1_8_0-openjdk-1.8.0.302-2.2 java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 java-1_8_0-openjdk-demo-1.8.0.302-2.2 java-1_8_0-openjdk-devel-1.8.0.302-2.2 java-1_8_0-openjdk-headless-1.8.0.302-2.2 java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 java-1_8_0-openjdk-src-1.8.0.302-2.2 java-1_8_0-openjdk-1.8.0.302-2.2 as a component of openSUSE Tumbleweed java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 as a component of openSUSE Tumbleweed java-1_8_0-openjdk-demo-1.8.0.302-2.2 as a component of openSUSE Tumbleweed java-1_8_0-openjdk-devel-1.8.0.302-2.2 as a component of openSUSE Tumbleweed java-1_8_0-openjdk-headless-1.8.0.302-2.2 as a component of openSUSE Tumbleweed java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 as a component of openSUSE Tumbleweed java-1_8_0-openjdk-src-1.8.0.302-2.2 as a component of openSUSE Tumbleweed The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. CVE-2016-10165 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 4 AV:N/AC:H/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-10165.html CVE-2016-10165 https://bugzilla.suse.com/1021364 SUSE Bug 1021364 https://bugzilla.suse.com/1064069 SUSE Bug 1064069 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVE-2016-2183 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2183.html CVE-2016-2183 https://bugzilla.suse.com/1001912 SUSE Bug 1001912 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 https://bugzilla.suse.com/1027038 SUSE Bug 1027038 https://bugzilla.suse.com/1034689 SUSE Bug 1034689 https://bugzilla.suse.com/1056614 SUSE Bug 1056614 https://bugzilla.suse.com/1171693 SUSE Bug 1171693 https://bugzilla.suse.com/994844 SUSE Bug 994844 https://bugzilla.suse.com/995359 SUSE Bug 995359 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). CVE-2016-5546 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5546.html CVE-2016-5546 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts). CVE-2016-5547 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5547.html CVE-2016-5547 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVE-2016-5548 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5548.html CVE-2016-5548 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). CVE-2016-5549 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5549.html CVE-2016-5549 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts). CVE-2016-5552 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-5552.html CVE-2016-5552 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. CVE-2016-9840 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9840.html CVE-2016-9840 https://bugzilla.suse.com/1003579 SUSE Bug 1003579 https://bugzilla.suse.com/1022633 SUSE Bug 1022633 https://bugzilla.suse.com/1023215 SUSE Bug 1023215 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 https://bugzilla.suse.com/1062104 SUSE Bug 1062104 https://bugzilla.suse.com/1120866 SUSE Bug 1120866 https://bugzilla.suse.com/1123150 SUSE Bug 1123150 https://bugzilla.suse.com/1127473 SUSE Bug 1127473 https://bugzilla.suse.com/1184301 SUSE Bug 1184301 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. CVE-2016-9843 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-9843.html CVE-2016-9843 https://bugzilla.suse.com/1003580 SUSE Bug 1003580 https://bugzilla.suse.com/1013882 SUSE Bug 1013882 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 https://bugzilla.suse.com/1062104 SUSE Bug 1062104 https://bugzilla.suse.com/1116686 SUSE Bug 1116686 https://bugzilla.suse.com/1120866 SUSE Bug 1120866 https://bugzilla.suse.com/1123150 SUSE Bug 1123150 https://bugzilla.suse.com/1127473 SUSE Bug 1127473 https://bugzilla.suse.com/1184301 SUSE Bug 1184301 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10053 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10053.html CVE-2017-10053 https://bugzilla.suse.com/1049305 SUSE Bug 1049305 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). CVE-2017-10067 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10067.html CVE-2017-10067 https://bugzilla.suse.com/1049306 SUSE Bug 1049306 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10074 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10074.html CVE-2017-10074 https://bugzilla.suse.com/1049307 SUSE Bug 1049307 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). CVE-2017-10078 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 8.5 AV:N/AC:L/Au:S/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10078.html CVE-2017-10078 https://bugzilla.suse.com/1049308 SUSE Bug 1049308 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2017-10081 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10081.html CVE-2017-10081 https://bugzilla.suse.com/1049309 SUSE Bug 1049309 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10086 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10086.html CVE-2017-10086 https://bugzilla.suse.com/1049310 SUSE Bug 1049310 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10087 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10087.html CVE-2017-10087 https://bugzilla.suse.com/1049311 SUSE Bug 1049311 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10089 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10089.html CVE-2017-10089 https://bugzilla.suse.com/1049312 SUSE Bug 1049312 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10090 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10090.html CVE-2017-10090 https://bugzilla.suse.com/1049313 SUSE Bug 1049313 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10096 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10096.html CVE-2017-10096 https://bugzilla.suse.com/1049314 SUSE Bug 1049314 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10101 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10101.html CVE-2017-10101 https://bugzilla.suse.com/1049315 SUSE Bug 1049315 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVE-2017-10102 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10102.html CVE-2017-10102 https://bugzilla.suse.com/1049316 SUSE Bug 1049316 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2017-10105 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10105.html CVE-2017-10105 https://bugzilla.suse.com/1049317 SUSE Bug 1049317 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10107 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10107.html CVE-2017-10107 https://bugzilla.suse.com/1049318 SUSE Bug 1049318 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10108 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10108.html CVE-2017-10108 https://bugzilla.suse.com/1049319 SUSE Bug 1049319 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10109 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10109.html CVE-2017-10109 https://bugzilla.suse.com/1049320 SUSE Bug 1049320 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10110 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10110.html CVE-2017-10110 https://bugzilla.suse.com/1049321 SUSE Bug 1049321 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10111 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10111.html CVE-2017-10111 https://bugzilla.suse.com/1049322 SUSE Bug 1049322 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10114 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10114.html CVE-2017-10114 https://bugzilla.suse.com/1049323 SUSE Bug 1049323 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10115 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10115.html CVE-2017-10115 https://bugzilla.suse.com/1049324 SUSE Bug 1049324 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10116 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10116.html CVE-2017-10116 https://bugzilla.suse.com/1049325 SUSE Bug 1049325 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10118 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10118.html CVE-2017-10118 https://bugzilla.suse.com/1049326 SUSE Bug 1049326 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVE-2017-10125 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10125.html CVE-2017-10125 https://bugzilla.suse.com/1049327 SUSE Bug 1049327 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10135 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10135.html CVE-2017-10135 https://bugzilla.suse.com/1049328 SUSE Bug 1049328 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10176 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10176.html CVE-2017-10176 https://bugzilla.suse.com/1049329 SUSE Bug 1049329 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2017-10193 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10193.html CVE-2017-10193 https://bugzilla.suse.com/1049330 SUSE Bug 1049330 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2017-10198 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5.4 AV:N/AC:H/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10198.html CVE-2017-10198 https://bugzilla.suse.com/1049331 SUSE Bug 1049331 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). CVE-2017-10243 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10243.html CVE-2017-10243 https://bugzilla.suse.com/1049332 SUSE Bug 1049332 https://bugzilla.suse.com/1049333 SUSE Bug 1049333 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). CVE-2017-10274 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 6.2 AV:A/AC:H/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10274.html CVE-2017-10274 https://bugzilla.suse.com/1064071 SUSE Bug 1064071 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10281 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10281.html CVE-2017-10281 https://bugzilla.suse.com/1064072 SUSE Bug 1064072 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10285 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10285.html CVE-2017-10285 https://bugzilla.suse.com/1064073 SUSE Bug 1064073 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). CVE-2017-10295 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10295.html CVE-2017-10295 https://bugzilla.suse.com/1064075 SUSE Bug 1064075 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2017-10345 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10345.html CVE-2017-10345 https://bugzilla.suse.com/1064077 SUSE Bug 1064077 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-10346 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 9.7 AV:N/AC:L/Au:N/C:C/I:C/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10346.html CVE-2017-10346 https://bugzilla.suse.com/1064078 SUSE Bug 1064078 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10347 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10347.html CVE-2017-10347 https://bugzilla.suse.com/1064079 SUSE Bug 1064079 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10348 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10348.html CVE-2017-10348 https://bugzilla.suse.com/1064080 SUSE Bug 1064080 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10349 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10349.html CVE-2017-10349 https://bugzilla.suse.com/1064081 SUSE Bug 1064081 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10350 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10350.html CVE-2017-10350 https://bugzilla.suse.com/1064082 SUSE Bug 1064082 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10355 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 3.3 AV:A/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10355.html CVE-2017-10355 https://bugzilla.suse.com/1064083 SUSE Bug 1064083 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2017-10356 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10356.html CVE-2017-10356 https://bugzilla.suse.com/1064084 SUSE Bug 1064084 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2017-10357 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10357.html CVE-2017-10357 https://bugzilla.suse.com/1064085 SUSE Bug 1064085 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). CVE-2017-10388 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.1 AV:N/AC:H/Au:N/C:C/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-10388.html CVE-2017-10388 https://bugzilla.suse.com/1064086 SUSE Bug 1064086 https://bugzilla.suse.com/1070162 SUSE Bug 1070162 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVE-2017-3231 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3231.html CVE-2017-3231 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVE-2017-3241 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3241.html CVE-2017-3241 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 https://bugzilla.suse.com/1163365 SUSE Bug 1163365 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts). CVE-2017-3252 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:C/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3252.html CVE-2017-3252 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts). CVE-2017-3253 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3253.html CVE-2017-3253 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVE-2017-3260 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3260.html CVE-2017-3260 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts). CVE-2017-3261 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3261.html CVE-2017-3261 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVE-2017-3272 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 7.9 AV:N/AC:M/Au:M/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3272.html CVE-2017-3272 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVE-2017-3289 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3289.html CVE-2017-3289 https://bugzilla.suse.com/1020905 SUSE Bug 1020905 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 https://bugzilla.suse.com/1163365 SUSE Bug 1163365 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). CVE-2017-3509 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3509.html CVE-2017-3509 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-3511 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3511.html CVE-2017-3511 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-3512 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3512.html CVE-2017-3512 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2017-3514 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3514.html CVE-2017-3514 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2017-3526 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3526.html CVE-2017-3526 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2017-3533 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3533.html CVE-2017-3533 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2017-3539 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3539.html CVE-2017-3539 https://bugzilla.suse.com/1005522 SUSE Bug 1005522 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2017-3544 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-3544.html CVE-2017-3544 https://bugzilla.suse.com/1034849 SUSE Bug 1034849 https://bugzilla.suse.com/1038505 SUSE Bug 1038505 An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. CVE-2018-11212 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-11212.html CVE-2018-11212 https://bugzilla.suse.com/1122299 SUSE Bug 1122299 In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. CVE-2018-13785 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-13785.html CVE-2018-13785 https://bugzilla.suse.com/1100687 SUSE Bug 1100687 https://bugzilla.suse.com/1112153 SUSE Bug 1112153 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. CVE-2018-16435 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-16435.html CVE-2018-16435 https://bugzilla.suse.com/1108813 SUSE Bug 1108813 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2579 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2579.html CVE-2018-2579 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2018-2582 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2582.html CVE-2018-2582 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). CVE-2018-2588 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2588.html CVE-2018-2588 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). CVE-2018-2599 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2599.html CVE-2018-2599 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). CVE-2018-2602 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2602.html CVE-2018-2602 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2603 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2603.html CVE-2018-2603 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2018-2618 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2618.html CVE-2018-2618 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2018-2629 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2629.html CVE-2018-2629 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2633 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2633.html CVE-2018-2633 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2018-2634 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2634.html CVE-2018-2634 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). CVE-2018-2637 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2637.html CVE-2018-2637 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). CVE-2018-2641 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2641.html CVE-2018-2641 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2018-2663 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2663.html CVE-2018-2663 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2018-2677 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2677.html CVE-2018-2677 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2018-2678 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2678.html CVE-2018-2678 https://bugzilla.suse.com/1076366 SUSE Bug 1076366 https://bugzilla.suse.com/1082810 SUSE Bug 1082810 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2018-2790 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2790.html CVE-2018-2790 https://bugzilla.suse.com/1090023 SUSE Bug 1090023 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 https://bugzilla.suse.com/1101637 SUSE Bug 1101637 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2794 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2794.html CVE-2018-2794 https://bugzilla.suse.com/1090024 SUSE Bug 1090024 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2795 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2795.html CVE-2018-2795 https://bugzilla.suse.com/1090025 SUSE Bug 1090025 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2796 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2796.html CVE-2018-2796 https://bugzilla.suse.com/1090026 SUSE Bug 1090026 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2797 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2797.html CVE-2018-2797 https://bugzilla.suse.com/1090027 SUSE Bug 1090027 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2798 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2798.html CVE-2018-2798 https://bugzilla.suse.com/1090028 SUSE Bug 1090028 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2799 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2799.html CVE-2018-2799 https://bugzilla.suse.com/1090029 SUSE Bug 1090029 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). CVE-2018-2800 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2800.html CVE-2018-2800 https://bugzilla.suse.com/1090030 SUSE Bug 1090030 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2814 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2814.html CVE-2018-2814 https://bugzilla.suse.com/1090032 SUSE Bug 1090032 https://bugzilla.suse.com/1093311 SUSE Bug 1093311 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2815 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2815.html CVE-2018-2815 https://bugzilla.suse.com/1090033 SUSE Bug 1090033 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVE-2018-2938 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2938.html CVE-2018-2938 https://bugzilla.suse.com/1101644 SUSE Bug 1101644 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2018-2940 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2940.html CVE-2018-2940 https://bugzilla.suse.com/1101645 SUSE Bug 1101645 https://bugzilla.suse.com/1101656 SUSE Bug 1101656 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-2952 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2952.html CVE-2018-2952 https://bugzilla.suse.com/1101645 SUSE Bug 1101645 https://bugzilla.suse.com/1101651 SUSE Bug 1101651 https://bugzilla.suse.com/1101656 SUSE Bug 1101656 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2018-2973 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-2973.html CVE-2018-2973 https://bugzilla.suse.com/1101645 SUSE Bug 1101645 https://bugzilla.suse.com/1101656 SUSE Bug 1101656 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). CVE-2018-3136 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3136.html CVE-2018-3136 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2018-3139 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3139.html CVE-2018-3139 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3149 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3149.html CVE-2018-3149 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-3169 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3169.html CVE-2018-3169 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). CVE-2018-3180 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3180.html CVE-2018-3180 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112147 SUSE Bug 1112147 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). CVE-2018-3183 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3183.html CVE-2018-3183 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 https://bugzilla.suse.com/1120714 SUSE Bug 1120714 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2018-3214 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3214.html CVE-2018-3214 https://bugzilla.suse.com/1112142 SUSE Bug 1112142 https://bugzilla.suse.com/1112143 SUSE Bug 1112143 https://bugzilla.suse.com/1112144 SUSE Bug 1112144 https://bugzilla.suse.com/1112146 SUSE Bug 1112146 https://bugzilla.suse.com/1112148 SUSE Bug 1112148 https://bugzilla.suse.com/1112152 SUSE Bug 1112152 https://bugzilla.suse.com/1116574 SUSE Bug 1116574 Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. CVE-2018-3639 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-3639.html CVE-2018-3639 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1085235 SUSE Bug 1085235 https://bugzilla.suse.com/1085308 SUSE Bug 1085308 https://bugzilla.suse.com/1087078 SUSE Bug 1087078 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1092631 SUSE Bug 1092631 https://bugzilla.suse.com/1092885 SUSE Bug 1092885 https://bugzilla.suse.com/1094912 SUSE Bug 1094912 https://bugzilla.suse.com/1098813 SUSE Bug 1098813 https://bugzilla.suse.com/1100394 SUSE Bug 1100394 https://bugzilla.suse.com/1102640 SUSE Bug 1102640 https://bugzilla.suse.com/1105412 SUSE Bug 1105412 https://bugzilla.suse.com/1111963 SUSE Bug 1111963 https://bugzilla.suse.com/1172781 SUSE Bug 1172781 https://bugzilla.suse.com/1172782 SUSE Bug 1172782 https://bugzilla.suse.com/1172783 SUSE Bug 1172783 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2422 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2422.html CVE-2019-2422 https://bugzilla.suse.com/1122293 SUSE Bug 1122293 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2019-2426 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2426.html CVE-2019-2426 https://bugzilla.suse.com/1134297 SUSE Bug 1134297 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2602 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2602.html CVE-2019-2602 https://bugzilla.suse.com/1132728 SUSE Bug 1132728 https://bugzilla.suse.com/1134718 SUSE Bug 1134718 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2019-2684 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2684.html CVE-2019-2684 https://bugzilla.suse.com/1132732 SUSE Bug 1132732 https://bugzilla.suse.com/1134718 SUSE Bug 1134718 https://bugzilla.suse.com/1184734 SUSE Bug 1184734 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). CVE-2019-2698 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2698.html CVE-2019-2698 https://bugzilla.suse.com/1132729 SUSE Bug 1132729 https://bugzilla.suse.com/1134718 SUSE Bug 1134718 https://bugzilla.suse.com/1163365 SUSE Bug 1163365 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CVE-2019-2745 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2745.html CVE-2019-2745 https://bugzilla.suse.com/1141784 SUSE Bug 1141784 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2762 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2762.html CVE-2019-2762 https://bugzilla.suse.com/1141782 SUSE Bug 1141782 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2766 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2766.html CVE-2019-2766 https://bugzilla.suse.com/1141789 SUSE Bug 1141789 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2769 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2769.html CVE-2019-2769 https://bugzilla.suse.com/1141783 SUSE Bug 1141783 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N). CVE-2019-2786 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2786.html CVE-2019-2786 https://bugzilla.suse.com/1141787 SUSE Bug 1141787 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2019-2816 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2816.html CVE-2019-2816 https://bugzilla.suse.com/1141785 SUSE Bug 1141785 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2842 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2842.html CVE-2019-2842 https://bugzilla.suse.com/1141786 SUSE Bug 1141786 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2019-2894 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2894.html CVE-2019-2894 https://bugzilla.suse.com/1152856 SUSE Bug 1152856 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2019-2933 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2933.html CVE-2019-2933 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). CVE-2019-2945 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2945.html CVE-2019-2945 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2949 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2949.html CVE-2019-2949 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2019-2958 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2958.html CVE-2019-2958 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2962 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2962.html CVE-2019-2962 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2964 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2964.html CVE-2019-2964 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2973 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2973.html CVE-2019-2973 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). CVE-2019-2975 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2975.html CVE-2019-2975 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2978 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2978.html CVE-2019-2978 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2981 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2981.html CVE-2019-2981 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2983 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2983.html CVE-2019-2983 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2987 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2987.html CVE-2019-2987 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2988 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2988.html CVE-2019-2988 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N). CVE-2019-2989 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2989.html CVE-2019-2989 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2019-2992 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2992.html CVE-2019-2992 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). CVE-2019-2999 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-2999.html CVE-2019-2999 https://bugzilla.suse.com/1154212 SUSE Bug 1154212 https://bugzilla.suse.com/1158442 SUSE Bug 1158442 png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. CVE-2019-7317 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7317.html CVE-2019-7317 https://bugzilla.suse.com/1124211 SUSE Bug 1124211 https://bugzilla.suse.com/1135824 SUSE Bug 1135824 https://bugzilla.suse.com/1141780 SUSE Bug 1141780 https://bugzilla.suse.com/1147021 SUSE Bug 1147021 https://bugzilla.suse.com/1165297 SUSE Bug 1165297 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-14556 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14556.html CVE-2020-14556 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14577 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14577.html CVE-2020-14577 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14578 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14578.html CVE-2020-14578 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14579 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14579.html CVE-2020-14579 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14581 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14581.html CVE-2020-14581 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-14583 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14583.html CVE-2020-14583 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). CVE-2020-14593 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14593.html CVE-2020-14593 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14621 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14621.html CVE-2020-14621 https://bugzilla.suse.com/1174157 SUSE Bug 1174157 https://bugzilla.suse.com/1175259 SUSE Bug 1175259 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-14779 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14779.html CVE-2020-14779 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14781 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14781.html CVE-2020-14781 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14782 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14782.html CVE-2020-14782 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). CVE-2020-14792 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14792.html CVE-2020-14792 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2020-14796 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14796.html CVE-2020-14796 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-14797 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14797.html CVE-2020-14797 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2020-14798 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14798.html CVE-2020-14798 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1180063 SUSE Bug 1180063 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). CVE-2020-14803 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-14803.html CVE-2020-14803 https://bugzilla.suse.com/1177943 SUSE Bug 1177943 https://bugzilla.suse.com/1181239 SUSE Bug 1181239 https://bugzilla.suse.com/1182186 SUSE Bug 1182186 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2583 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2583.html CVE-2020-2583 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). CVE-2020-2590 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2590.html CVE-2020-2590 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-2593 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2593.html CVE-2020-2593 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2601 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2601.html CVE-2020-2601 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). CVE-2020-2604 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2604.html CVE-2020-2604 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 https://bugzilla.suse.com/1165863 SUSE Bug 1165863 Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2654 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2654.html CVE-2020-2654 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2659 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2659.html CVE-2020-2659 https://bugzilla.suse.com/1160968 SUSE Bug 1160968 https://bugzilla.suse.com/1162972 SUSE Bug 1162972 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2754 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2754.html CVE-2020-2754 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2755 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2755.html CVE-2020-2755 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2756 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2756.html CVE-2020-2756 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2757 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2757.html CVE-2020-2757 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2773 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2773.html CVE-2020-2773 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2781 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2781.html CVE-2020-2781 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). CVE-2020-2800 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2800.html CVE-2020-2800 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-2803 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2803.html CVE-2020-2803 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2020-2805 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2805.html CVE-2020-2805 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). CVE-2020-2830 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-2830.html CVE-2020-2830 https://bugzilla.suse.com/1169511 SUSE Bug 1169511 https://bugzilla.suse.com/1172277 SUSE Bug 1172277 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. It can also be exploited by supplying untrusted data to APIs in the specified Component. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). CVE-2021-2161 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2161.html CVE-2021-2161 https://bugzilla.suse.com/1185056 SUSE Bug 1185056 Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). CVE-2021-2163 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2163.html CVE-2021-2163 https://bugzilla.suse.com/1185055 SUSE Bug 1185055 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). CVE-2021-2341 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2341.html CVE-2021-2341 https://bugzilla.suse.com/1188564 SUSE Bug 1188564 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). CVE-2021-2369 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2369.html CVE-2021-2369 https://bugzilla.suse.com/1188565 SUSE Bug 1188565 Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). CVE-2021-2388 openSUSE Tumbleweed:java-1_8_0-openjdk-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-accessibility-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-demo-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-devel-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-headless-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-javadoc-1.8.0.302-2.2 openSUSE Tumbleweed:java-1_8_0-openjdk-src-1.8.0.302-2.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-2388.html CVE-2021-2388 https://bugzilla.suse.com/1188566 SUSE Bug 1188566