AI Sec Watch

CVE-2016-0466 is an unspecified vulnerability in Oracle Java SE (the Java programming language and runtime environment) versions 6u105, 7u91, and 8u66 that affects system availability. The flaw exists in JAXP (Java API for XML Processing, a library for handling XML documents) and can be exploited remotely through Java Web Start applications, Java applets, or web services that use the affected Java components.

CVE-2013-2415 is an unspecified vulnerability in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, that affects the JAX-WS (Java API for XML Web Services, a tool for building web services) component and may leak sensitive information. The vulnerability requires local access (an attacker already on your computer) to exploit and cannot be used through untrusted applets or Java Web Start applications.

A vulnerability exists in Oracle Java SE versions 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier, as well as OpenJDK 6 and 7, related to JAXP (Java API for XML Processing, a tool for handling XML documents). Remote attackers can exploit this unspecified flaw to compromise the confidentiality, integrity, and availability of affected systems.

CVE-2012-5074 is an unspecified vulnerability in Oracle Java SE 7 Update 7 and earlier versions that affects the Java Runtime Environment (JRE, the software that runs Java programs on your computer). The vulnerability can only be exploited through untrusted Java Web Start applications and untrusted Java applets (small programs that run in web browsers), which are limited by the Java sandbox (a restricted environment that prevents programs from accessing sensitive system resources).