This section lists all the changes in the selected update release.

Issue
Priority
Title
Component
Voting
JDK-8236862
/ CVE-2020-14779
2 Enhance support of Proxy class Serialization 0
JDK-8237995
/ CVE-2020-14782
2 Enhance certificate processing Libraries 0
JDK-8237990
/ CVE-2020-14781
2 Enhanced LDAP contexts JNDI 0
JDK-8241114
/ CVE-2020-14792
2 Better range handling Hotspot 0
JDK-8242695
/ CVE-2020-14798
2 Enhanced Buffer Support Libraries 0
JDK-8242685
/ CVE-2020-14797
2 Better Path Validation Libraries 0
JDK-8242680
/ CVE-2020-14796
2 Improved URI support Libraries 0
JDK-8244136 2 Improved Buffer supports 0

This section organizes the changes in the selected update release by the main component under which each issue is filed.

Other (8)

Issue
Priority
Title
Component
Voting
JDK-8236862 2 Enhance support of Proxy class 0
JDK-8237995 2 Enhance certificate processing 0
JDK-8237990 2 Enhanced LDAP contexts 0
JDK-8241114 2 Better range handling 0
JDK-8242695 2 Enhanced Buffer Support 0
JDK-8242685 2 Better Path Validation 0
JDK-8242680 2 Improved URI support 0
JDK-8244136 2 Improved Buffer supports 0

This section summarizes JDK Common Vulnerabilities and Exposure (CVE) fixes in the selected update release.

CVE Fixes (7)

CVE
Component
Protocol
CVSS Version 3.0 Risk (see Risk Matrix Definitions)
Base Score
Attack Vector
Attack Complex
Privs Req'd
User Interact
Scope
Confidentiality
Integrity
Availability
Notes
CVE-2020-14792
/ JDK-8241114
Hotspot Multiple 4.2 Network High None Required Unchanged Low Low None Note 2 *
CVE-2020-14797
/ JDK-8242685
Libraries Multiple 3.7 Network High None None Unchanged None Low None Note 2 *
CVE-2020-14782
/ JDK-8237995
Libraries Multiple 3.7 Network High None None Unchanged None Low None Note 2 *
CVE-2020-14781
/ JDK-8237990
JNDI Multiple 3.7 Network High None None Unchanged Low None None Note 2 *
CVE-2020-14779
/ JDK-8236862
Serialization Multiple 3.7 Network High None None Unchanged None None Low Note 2 *
CVE-2020-14798
/ JDK-8242695
Libraries Multiple 3.1 Network High None Required Unchanged None Low None Note 1 *
CVE-2020-14796
/ JDK-8242680
Libraries Multiple 3.1 Network High None Required Unchanged Low None None Note 1 *

Notes:

ID Notes
1 This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
2 This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.
  • ID: 1

    Notes: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

  • ID: 2

    Notes: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through untrusted code executed under Java sandbox restrictions. It can also be exploited by supplying data to APIs in the specified Component without using untrusted code executed under Java sandbox restrictions, such as through a web service.