Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3544

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Oct, 2011 | 21:00
Updated At-30 Jul, 2025 | 01:47
Rejected At-
Credits

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Oracle CorporationOracle
Product:Java SE JDK and JRE
Added At:03 Mar, 2022
Due At:24 Mar, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Used in Ransomware

:

Unknown

CWE

:
N/A

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2011-3544
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Oct, 2011 | 21:00
Updated At:30 Jul, 2025 | 01:47
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
vdb-entry
signature
x_refsource_OVAL
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2011-1384.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/50218
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
vdb-entry
x_refsource_XF
http://www.securitytracker.com/id?1026215
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1263-1
vendor-advisory
x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/50218
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securitytracker.com/id?1026215
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1384.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/50218
vdb-entry
x_refsource_BID
x_transferred
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
vdb-entry
x_refsource_XF
x_transferred
http://www.securitytracker.com/id?1026215
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-1263-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/50218
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026215
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-03-03
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2011-3544
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
CVE-2011-3544 added to CISA KEV2022-03-03 00:00:00
Event: CVE-2011-3544 added to CISA KEV
Date: 2022-03-03 00:00:00
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Oct, 2011 | 21:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-03-032022-03-24Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution VulnerabilityApply updates per vendor instructions.
Date Added: 2022-03-03
Due Date: 2022-03-24
Vulnerability Name: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

Oracle Corporation
oracle
>>jdk>>Versions before 1.6.0(exclusive)
cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update10:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update12:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update14:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update16:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update17:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update18:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update19:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update2:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update20:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update21:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update22:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update23:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update24:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update25:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.6.0
cpe:2.3:a:oracle:jdk:1.6.0:update26:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update2:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update21:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update25:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update3:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update4:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update5:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update6:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update7:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update7_b32:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update9:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update9_b31:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.7.0
cpe:2.3:a:oracle:jdk:1.7.0:update9_b32:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>Versions before 1.6.0(exclusive)
cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update12:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update14:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update16:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update17:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlsecalert_us@oracle.com
Third Party Advisory
http://secunia.com/advisories/48308secalert_us@oracle.com
Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xmlsecalert_us@oracle.com
Third Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/secalert_us@oracle.com
Product
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlsecalert_us@oracle.com
Broken Link
http://www.securityfocus.com/bid/50218secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026215secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1263-1secalert_us@oracle.com
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849secalert_us@oracle.com
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947secalert_us@oracle.com
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254866602253&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/48308af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://security.gentoo.org/glsa/glsa-201406-32.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ibm.com/developerworks/java/jdk/alerts/af854a3a-2127-422b-91ae-364da2661108
Product
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/50218af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026215af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1263-1af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/70849af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947af854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48308
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Source: secalert_us@oracle.com
Resource:
Product
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/50218
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1026215
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/48308
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Product
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/50218
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id?1026215
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70849
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13947
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

1797Records found

CVE-2017-12629
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.89% / 99.87%
||
7 Day CHG~0.00%
Published-14 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.The Apache Software Foundation
Product-jboss_enterprise_application_platformsolrdebian_linuxenterprise_linux_serverubuntu_linuxApache Solr before 7.1 with Apache Lucene before 7.1
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-12902
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in print-zephyr.c, several functions.

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12987
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read in print-802_11.c:parse_elements().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12896
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-12899
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.06% / 83.18%
||
7 Day CHG~0.00%
Published-14 Sep, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in print-decnet.c:decnet_print().

Action-Not Available
Vendor-n/aDebian GNU/Linuxtcpdump & libpcapRed Hat, Inc.
Product-enterprise_linux_desktopdebian_linuxenterprise_linux_serverenterprise_linux_server_austcpdumpn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2008-5444
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-79.04% / 99.03%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2024-27776
Matching Score-8
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-8
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.58%
||
7 Day CHG~0.00%
Published-02 Jun, 2024 | 13:13
Updated-10 Apr, 2025 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') may allow Unauthenticated RCE

Action-Not Available
Vendor-Canonical Ltd.Milesight
Product-ubuntu_linuxdevicehubDeviceHubdevicehub
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2006-0262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.81% / 82.08%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9idatabase_serveroracle10gn/a
CVE-2008-5449
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-4.50% / 88.69%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5448.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2006-0270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.24% / 83.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-0274
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.99% / 82.86%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2008-5448
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-84.01% / 99.26%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2017-12149
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.31% / 99.94%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 20:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-10||Apply updates per vendor instructions.

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization and thus allowing an attacker to execute arbitrary code via crafted serialized data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformjbossasJBoss Application Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2006-0287
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-53.18% / 97.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverdatabase_servern/a
CVE-2022-43755
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.21%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher: Non-random authentication token

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Action-Not Available
Vendor-SUSE
Product-rancherRancher
CWE ID-CWE-331
Insufficient Entropy
CVE-2017-11213
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-11.38% / 93.29%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelwindows_8.1enterprise_linux_serverwindows_10flash_playermacoswindowsAdobe Flash Player 27.0.0.183 and earlier versions
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-11215
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.82% / 90.17%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelwindows_8.1enterprise_linux_serverwindows_10flash_playermacoswindowsAdobe Flash Player 27.0.0.183 and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2017-10906
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-1.36% / 79.36%
||
7 Day CHG~0.00%
Published-08 Dec, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Action-Not Available
Vendor-fluentdCloud Native Computing Foundation (CNCF)Red Hat, Inc.
Product-fluentdopenstackFluentd
CVE-2017-11225
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.82% / 90.17%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Adobe Inc.Microsoft CorporationGoogle LLC
Product-enterprise_linux_desktopchrome_osenterprise_linux_workstationlinux_kernelwindows_8.1enterprise_linux_serverwindows_10flash_playermacoswindowsAdobe Flash Player 27.0.0.183 and earlier versions
CWE ID-CWE-416
Use After Free
CVE-2017-1000353
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.

Action-Not Available
Vendor-n/aJenkinsOracle Corporation
Product-communications_cloud_native_core_automated_test_suitejenkinsn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2017-1002157
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 21:00
Updated-16 Sep, 2024 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

Action-Not Available
Vendor-Fedora ModularityRed Hat, Inc.
Product-modulemdmodulemd
CWE ID-CWE-242
Use of Inherently Dangerous Function
CWE ID-CWE-20
Improper Input Validation
CVE-2017-1000116
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.61% / 87.32%
||
7 Day CHG~0.00%
Published-04 Oct, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.

Action-Not Available
Vendor-mercurialn/aRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_desktopenterprise_linux_server_tusmercurialenterprise_linux_workstationenterprise_linux_server_eusdebian_linuxenterprise_linux_serverenterprise_linux_server_ausn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-41731
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.6||HIGH
EPSS-0.07% / 22.18%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 20:09
Updated-25 Mar, 2025 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Watson Knowledge Catalog on Cloud Pak SQL injection

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.

Action-Not Available
Vendor-IBM CorporationRed Hat, Inc.
Product-watson_knowledge_catalog_on_cloud_pak_for_dataopenshiftWatson Knowledge Catalog on-prem
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-4146
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.60%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 02:01
Updated-28 Oct, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EL Injection Vulnerability in Hitachi Replication Manager

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

Action-Not Available
Vendor-Oracle CorporationMicrosoft CorporationLinux Kernel Organization, IncHitachi, Ltd.
Product-windowssolarisreplication_managerlinux_kernelHitachi Replication Managerreplication_manager
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2008-4062
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-1.03% / 76.37%
||
7 Day CHG~0.00%
Published-24 Sep, 2008 | 18:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.

Action-Not Available
Vendor-n/aCanonical Ltd.Mozilla CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxthunderbirdfirefoxseamonkeyn/a
CWE ID-CWE-399
Not Available
CVE-2016-8735
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.00% / 99.88%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 21:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.NetApp, Inc.The Apache Software FoundationCanonical Ltd.Debian GNU/Linux
Product-retail_convenience_and_fuel_pos_softwaremysql_enterprise_monitor7-mode_transition_tooldebian_linuxsnap_creator_frameworkcommunications_instant_messaging_servermicros_retail_xbri_loss_preventiononcommand_insightagile_engineering_data_managementhospitality_guest_accessagile_plmmicros_relate_crm_softwarecommunications_application_session_controllertomcattransportation_managementcommunications_interactive_session_recorderoncommand_shiftubuntu_linuxjboss_enterprise_web_serverApache TomcatTomcat
CVE-2008-4008
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-85.81% / 99.33%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2022-4039
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.12% / 31.90%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 14:00
Updated-24 Sep, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhsso-container-image: unsecured management interface exposed to adjecent network

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onopenshift_container_platform_for_ibm_zopenshift_container_platformenterprise_linuxopenshift_container_platform_for_poweropenshift_container_platform_for_linuxoneRHEL-8 based Middleware ContainersRed Hat Single Sign-On 7
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2008-4006
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.33% / 84.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2016-6662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.17% / 99.51%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Action-Not Available
Vendor-perconan/aMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausmariadbmysqlenterprise_linux_desktoppercona_serverenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxopenstackn/a
CVE-2013-2383
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.36% / 91.33%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2016-7117
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-9.8||CRITICAL
EPSS-4.79% / 89.05%
||
7 Day CHG~0.00%
Published-10 Oct, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

Action-Not Available
Vendor-n/aDebian GNU/LinuxLinux Kernel Organization, IncCanonical Ltd.
Product-debian_linuxlinux_kernelubuntu_linuxn/a
CVE-2022-4116
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-22.15% / 95.58%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.

Action-Not Available
Vendor-quarkusn/aRed Hat, Inc.
Product-build_of_quarkusquarkusquarkus
CVE-2016-2807
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.02%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSE
Product-leapfirefoxlinux_enterpriseopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3522
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-5.54% / 89.89%
||
7 Day CHG~0.00%
Published-02 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

Action-Not Available
Vendor-n/aJasPerRed Hat, Inc.
Product-jasperenterprise_virtualizationn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0798
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.51% / 65.46%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.

Action-Not Available
Vendor-bsdiscon/aOpenBSDRed Hat, Inc.FreeBSD Foundation
Product-bsd_osinternet_faststartopenbsdopenserverunixwarefreebsdlinuxn/a
CVE-2022-39428
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-44.03% / 97.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-17 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-web_applications_desktop_integratorWeb Applications Desktop Integrator
CVE-1999-0192
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.66% / 90.84%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

Action-Not Available
Vendor-n/aSlackwareRed Hat, Inc.
Product-linuxslackware_linuxn/a
CVE-2008-3257
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-78.22% / 98.98%
||
7 Day CHG~0.00%
Published-22 Jul, 2008 | 16:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.

Action-Not Available
Vendor-n/aOracle CorporationBEA Systems, Inc.
Product-apache_connector_in_weblogic_serverweblogic_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3252
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.94% / 96.07%
||
7 Day CHG~0.00%
Published-21 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.

Action-Not Available
Vendor-fedoran/aRed Hat, Inc.
Product-newsxfedoran/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-3446
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.05% / 83.13%
||
7 Day CHG~0.00%
Published-02 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverdatabase_servern/a
CVE-2016-5772
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.80% / 92.16%
||
7 Day CHG~0.00%
Published-07 Aug, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.

Action-Not Available
Vendor-n/aopenSUSESUSEThe PHP GroupDebian GNU/Linux
Product-linux_enterprise_debuginfoleapopensusephpdebian_linuxlinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-415
Double Free
CVE-2015-6013
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-10||HIGH
EPSS-19.92% / 95.25%
||
7 Day CHG~0.00%
Published-22 Jan, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted WK4 file.

Action-Not Available
Vendor-n/aOracle Corporation
Product-outside_in_technologyn/a
CVE-2008-2928
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-23.55% / 95.76%
||
7 Day CHG~0.00%
Published-29 Aug, 2008 | 18:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-directory_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-2662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.80% / 85.55%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.Ruby
Product-ubuntu_linuxdebian_linuxrubyn/a
CWE ID-CWE-189
Not Available
CVE-2016-5411
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.66%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linuxquickstart_cloud_installern/a
CVE-2024-21014
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 74.92%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 21:26
Updated-17 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-hospitality_simphonyHospitality Simphony
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2008-3529
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-58.86% / 98.14%
||
7 Day CHG~0.00%
Published-12 Sep, 2008 | 16:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Action-Not Available
Vendor-n/aApple Inc.Debian GNU/LinuxCanonical Ltd.libxml2 (XMLSoft)
Product-ubuntu_linuxiphone_osdebian_linuxsafarimac_os_xlibxml2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-3437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.21% / 86.52%
||
7 Day CHG~0.00%
Published-02 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2016-4171
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-23.58% / 95.77%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||The impacted product is end-of-life and should be disconnected if still in use.

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationSUSEApple Inc.Red Hat, Inc.Google LLCopenSUSELinux Kernel Organization, Inc
Product-flash_playerchrome_osenterprise_linux_serverlinux_kernellinux_enterprise_workstation_extensionopensusemacosenterprise_linux_desktopenterprise_linux_workstationlinux_enterprise_desktopwindowswindows_8.1mac_os_xwindows_10n/aFlash Player
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 35
  • 36
  • Next
Details not found