Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3557

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-19 Oct, 2011 | 21:00
Updated At-06 Aug, 2024 | 23:37
Rejected At-
Credits

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:19 Oct, 2011 | 21:00
Updated At:06 Aug, 2024 | 23:37
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/50234
vdb-entry
x_refsource_BID
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/48692
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=133365109612558&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
vdb-entry
x_refsource_XF
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/48948
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-1384.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/48915
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/76506
vdb-entry
x_refsource_OSVDB
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-0508.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/49198
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2012-0006.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
vendor-advisory
x_refsource_SUSE
http://marc.info/?l=bugtraq&m=133728004526190&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=133365109612558&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=133728004526190&w=2
vendor-advisory
x_refsource_HP
http://www.securitytracker.com/id?1026215
vdb-entry
x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-1263-1
vendor-advisory
x_refsource_UBUNTU
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/50234
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/48692
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/48948
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/48915
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/76506
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0508.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/49198
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2012-0006.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securitytracker.com/id?1026215
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/50234
vdb-entry
x_refsource_BID
x_transferred
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/48692
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=134254866602253&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=133365109612558&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/48308
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
vdb-entry
x_refsource_XF
x_transferred
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=bugtraq&m=132750579901589&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/48948
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1384.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/48915
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/76506
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0508.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/49198
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2012-0006.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://marc.info/?l=bugtraq&m=133728004526190&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=133365109612558&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=133728004526190&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securitytracker.com/id?1026215
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.ubuntu.com/usn/USN-1263-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://marc.info/?l=bugtraq&m=134254957702612&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.ibm.com/developerworks/java/jdk/alerts/
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/50234
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/48692
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/48308
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/48948
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/48915
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/76506
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0508.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/49198
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2012-0006.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026215
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:19 Oct, 2011 | 21:55
Updated At:11 Apr, 2025 | 00:51

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.7.0
cpe:2.3:a:sun:jdk:1.7.0:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.7.0
cpe:2.3:a:sun:jre:1.7.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>Versions up to r28.1.4(inclusive)
cpe:2.3:a:oracle:jrockit:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.0.0
cpe:2.3:a:oracle:jrockit:r28.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.0.1
cpe:2.3:a:oracle:jrockit:r28.0.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.0.2
cpe:2.3:a:oracle:jrockit:r28.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.1.0
cpe:2.3:a:oracle:jrockit:r28.1.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.1.1
cpe:2.3:a:oracle:jrockit:r28.1.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jrockit>>r28.1.3
cpe:2.3:a:oracle:jrockit:r28.1.3:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>Versions up to 1.6.0(inclusive)
cpe:2.3:a:sun:jdk:*:update_27:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_20:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_21:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_22:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_23:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_24:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_25:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_26:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jdk>>1.6.0
cpe:2.3:a:sun:jdk:1.6.0:update2:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>Versions up to 1.6.0(inclusive)
cpe:2.3:a:sun:jre:*:update_27:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_2:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.htmlsecalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=132750579901589&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=133365109612558&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=133365109612558&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=133728004526190&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=133728004526190&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=134254866602253&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
N/A
http://marc.info/?l=bugtraq&m=134254957702612&w=2secalert_us@oracle.com
N/A
http://osvdb.org/76506secalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0508.htmlsecalert_us@oracle.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlsecalert_us@oracle.com
N/A
http://secunia.com/advisories/48308secalert_us@oracle.com
N/A
http://secunia.com/advisories/48692secalert_us@oracle.com
N/A
http://secunia.com/advisories/48915secalert_us@oracle.com
N/A
http://secunia.com/advisories/48948secalert_us@oracle.com
N/A
http://secunia.com/advisories/49198secalert_us@oracle.com
N/A
http://security.gentoo.org/glsa/glsa-201406-32.xmlsecalert_us@oracle.com
N/A
http://www.ibm.com/developerworks/java/jdk/alerts/secalert_us@oracle.com
N/A
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlsecalert_us@oracle.com
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlsecalert_us@oracle.com
N/A
http://www.redhat.com/support/errata/RHSA-2012-0006.htmlsecalert_us@oracle.com
N/A
http://www.securityfocus.com/bid/50234secalert_us@oracle.com
N/A
http://www.securitytracker.com/id?1026215secalert_us@oracle.com
N/A
http://www.ubuntu.com/usn/USN-1263-1secalert_us@oracle.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/70836secalert_us@oracle.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373secalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=132750579901589&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133365109612558&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133365109612558&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133728004526190&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133728004526190&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134254866602253&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134254957702612&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/76506af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0508.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48308af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48692af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48915af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48948af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/49198af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-201406-32.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/developerworks/java/jdk/alerts/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1384.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2012-0006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/50234af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026215af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1263-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/70836af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://osvdb.org/76506
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0508.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48308
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48692
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48915
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48948
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/49198
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2012-0006.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/50234
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026215
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=132750579901589&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133365109612558&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133728004526190&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254866602253&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134254957702612&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/76506
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0508.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48308
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48692
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48915
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48948
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/49198
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/developerworks/java/jdk/alerts/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1384.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2012-0006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/50234
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026215
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1263-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70836
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14373
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

320Records found
CVE-2008-1196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-34.29% / 96.84%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1192
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-14.81% / 94.25%
||
7 Day CHG~0.00%
Published-06 Mar, 2008 | 21:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-254
Not Available
CVE-2015-7512
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9||CRITICAL
EPSS-14.73% / 94.23%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary code via a large packet.

Action-Not Available
Vendor-n/aQEMURed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverqemuvirtualizationenterprise_linux_eusenterprise_linux_desktopenterprise_linux_workstationdebian_linuxlinuxopenstackn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2015-7547
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-93.42% / 99.81%
||
7 Day CHG~0.00%
Published-18 Feb, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.

Action-Not Available
Vendor-n/aopenSUSESophos Ltd.Red Hat, Inc.Debian GNU/LinuxOracle CorporationF5, Inc.GNUSUSEHP Inc.Canonical Ltd.
Product-enterprise_linux_serverhelion_openstackenterprise_linux_server_eusbig-ip_analyticsserver_migration_packlinux_enterprise_desktopbig-ip_domain_name_systembig-ip_local_traffic_managerdebian_linuxbig-ip_advanced_firewall_managerbig-ip_policy_enforcement_managerlinux_enterprise_software_development_kitfujitsu_m10_firmwarebig-ip_link_controllerenterprise_linux_server_ausexalogic_infrastructureenterprise_linux_hpc_nodeopensusebig-ip_application_acceleration_managerenterprise_linux_desktopubuntu_linuxsuse_linux_enterprise_serverbig-ip_application_security_managerglibcenterprise_linux_workstationunified_threat_management_softwareenterprise_linux_hpc_node_euslinux_enterprise_serverlinux_enterprise_debuginfobig-ip_access_policy_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-14195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-9.51% / 92.52%
||
7 Day CHG~0.00%
Published-16 Jun, 2020 | 15:07
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_contacts_serverdebian_linuxbanking_digital_experiencejackson-databindcommunications_calendar_serveractive_iq_unified_managercommunications_session_route_managercommunications_evolved_communications_application_servercommunications_session_report_managercommunications_instant_messaging_serveragile_plmcommunications_element_managersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2015-4758
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-4919
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Monitoring and Diagnostics SEC.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jd_edwards_productsn/a
CVE-2015-4747
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CEP system.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-4491
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.71% / 90.07%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Action-Not Available
Vendor-n/aMozilla CorporationLinux Kernel Organization, IncopenSUSEGoogle LLCFedora ProjectThe GNOME ProjectOracle CorporationCanonical Ltd.
Product-solarislinux_kernelfirefoxfedoraopensuseubuntu_linuxchromegdk-pixbufn/a
CVE-2015-4759
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, and CVE-2015-4758.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2020-14061
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-6.15% / 90.45%
||
7 Day CHG~0.00%
Published-14 Jun, 2020 | 19:42
Updated-27 Aug, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxNetApp, Inc.FasterXML, LLC.
Product-communications_diameter_signaling_routercommunications_element_managercommunications_evolved_communications_application_serveractive_iq_unified_managerautovue_for_agile_product_lifecycle_managementdebian_linuxsteelstore_cloud_integrated_storagecommunications_instant_messaging_servercommunications_session_route_managercommunications_session_report_manageragile_plmcommunications_contacts_serverjackson-databindcommunications_calendar_serverbanking_digital_experiencen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2015-3330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-24.17% / 95.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle Corporation
Product-enterprise_linuxenterprise_linux_serversolarisenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-6260
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.87% / 74.29%
||
7 Day CHG~0.00%
Published-06 Dec, 2007 | 02:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CWE ID-CWE-255
Not Available
CVE-2015-2635
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-2634
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-1283
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-0.71% / 71.36%
||
7 Day CHG~0.00%
Published-23 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

Action-Not Available
Vendor-libexpat_projectn/aopenSUSESUSEGoogle LLCDebian GNU/LinuxOracle CorporationPython Software FoundationCanonical Ltd.
Product-pythonlibexpatstudio_onsitesolarisleapopensuseubuntu_linuxlinux_enterprise_software_development_kitlinux_enterprise_desktopchromedebian_linuxlinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-1270
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-6.8||MEDIUM
EPSS-1.17% / 77.76%
||
7 Day CHG~0.00%
Published-23 Jul, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Action-Not Available
Vendor-n/aopenSUSERed Hat, Inc.Google LLCDebian GNU/LinuxOracle Corporation
Product-debian_linuxsolarisenterprise_linux_workstation_supplementaryopensuseenterprise_linux_server_supplementarychromeenterprise_linux_server_supplementary_eusenterprise_linux_desktop_supplementaryn/a
CVE-2021-3518
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.59%
||
7 Day CHG~0.00%
Published-18 May, 2021 | 11:20
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/LinuxRed Hat, Inc.
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmententerprise_linuxactive_iq_unified_managerlibxml2mysql_workbenchclustered_data_ontapsnapdrivedebian_linuxmanageability_software_development_kitontap_select_deploy_administration_utilityhci_h410c_firmwarefedoraclustered_data_ontap_antivirus_connectorreal_user_experience_insightjboss_core_servicesenterprise_manager_ops_centerhci_h410centerprise_manager_base_platformlibxml2
CWE ID-CWE-416
Use After Free
CVE-2007-5747
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.77% / 90.13%
||
7 Day CHG~0.00%
Published-17 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-openoffice.orgn/a
CWE ID-CWE-189
Not Available
CVE-2007-4289
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.75% / 72.13%
||
7 Day CHG~0.00%
Published-09 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_portal_servern/a
CVE-2020-14734
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-1.35% / 79.33%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-26 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Text. Successful attacks of this vulnerability can result in takeover of Oracle Text. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-textText
CVE-2007-5153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.81% / 87.66%
||
7 Day CHG~0.00%
Published-01 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_application_serverjava_system_access_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-40438
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9||CRITICAL
EPSS-94.44% / 99.99%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-15||Apply updates per vendor instructions.
mod_proxy SSRF

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-resfF5, Inc.The Apache Software FoundationOracle CorporationFedora ProjectSiemens AGBroadcom Inc.Tenable, Inc.NetApp, Inc.Red Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_for_power_big_endianenterprise_linux_server_workstationenterprise_linux_workstationsinec_nmsenterprise_linux_server_ausbrocade_fabric_operating_system_firmwaresoftware_collectionsenterprise_linux_update_services_for_sap_solutionsclustered_data_ontapenterprise_linux_serverzfs_storage_appliance_kitsecure_global_desktopenterprise_linux_for_power_little_endiansinema_serverenterprise_linux_for_arm_64storagegridf5osenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_server_update_services_for_sap_solutionsenterprise_linuxhttp_serverinstantis_enterprisetrackcloud_backuptenable.scrocky_linuxenterprise_manager_ops_centerruggedcom_nmsenterprise_linux_for_scientific_computingenterprise_linux_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eussinema_remote_connect_serverfedorajboss_core_servicesdebian_linuxenterprise_linux_for_ibm_z_systems_eus_s390xenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_arm_64_eusApache HTTP ServerApache
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2007-3922
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.74% / 87.54%
||
7 Day CHG~0.00%
Published-21 Jul, 2007 | 00:00
Updated-07 Aug, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2007-3655
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-63.58% / 98.34%
||
7 Day CHG~0.00%
Published-10 Jul, 2007 | 19:00
Updated-07 Aug, 2024 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jren/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2191
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-8.72% / 92.12%
||
7 Day CHG~0.00%
Published-24 Apr, 2007 | 17:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

Action-Not Available
Vendor-bsdsanta_cruz_operationn/aHP Inc.Sun Microsystems (Oracle Corporation)IBM CorporationFreePBXLinux Kernel Organization, Inc
Product-solarislinux_kernelsco_unixfreepbxbsdhp-uxtru64aixn/a
CVE-2015-0484
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-1.68% / 81.45%
||
7 Day CHG~0.00%
Published-16 Apr, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492.

Action-Not Available
Vendor-n/aOracle CorporationopenSUSESUSE
Product-opensusejdkjavafxlinux_enterprise_serverjren/a
CVE-2007-2119
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.83% / 87.69%
||
7 Day CHG-3.65%
Published-18 Apr, 2007 | 18:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverdatabase_servern/a
CVE-2007-2115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.58% / 87.29%
||
7 Day CHG~0.00%
Published-18 Apr, 2007 | 18:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Change Data Capture (CDC) component in Oracle Database 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors, aka DB09. NOTE: as of 20070424, oracle has not disputed reliable claims that this issue involves multiple SQL injection vulnerabilities in the DBMS_CDC_PUBLISH with remote authenticated vectors involving the "java classes in CDC.jar."

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2007-2788
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-53.68% / 97.91%
||
7 Day CHG~0.00%
Published-22 May, 2007 | 00:00
Updated-07 Aug, 2024 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-189
Not Available
CVE-2016-9583
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.32% / 54.25%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 17:00
Updated-06 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input.

Action-Not Available
Vendor-JasPerRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationoutside_in_technologyenterprise_linux_server_tusenterprise_linux_desktopjasperjasper
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-0446
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-0390
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.81% / 73.34%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Xstore Point of Sale.

Action-Not Available
Vendor-n/aOracle Corporation
Product-retail_applications_xstoren/a
CVE-2020-14843
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.1||HIGH
EPSS-0.92% / 74.98%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 14:04
Updated-26 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-business_intelligenceBusiness Intelligence Enterprise Edition
CVE-2015-0829
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.65% / 85.16%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0828
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.36% / 79.37%
||
7 Day CHG~0.00%
Published-25 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-firefoxopensusesolarisn/a
CVE-2015-0443
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2020-14060
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-8.72% / 92.12%
||
7 Day CHG~0.00%
Published-14 Jun, 2020 | 20:46
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).

Action-Not Available
Vendor-n/aOracle CorporationFasterXML, LLC.NetApp, Inc.
Product-communications_diameter_signaling_routercommunications_contacts_serverbanking_digital_experiencejackson-databindcommunications_calendar_serveractive_iq_unified_managercommunications_session_route_managercommunications_evolved_communications_application_servercommunications_session_report_manageragile_plmcommunications_element_managersteelstore_cloud_integrated_storagen/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2007-0183
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.73% / 87.52%
||
7 Day CHG~0.00%
Published-11 Jan, 2007 | 02:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-iplanet_web_servern/a
CVE-2015-0444
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.60% / 68.49%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2007-0243
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-36.34% / 96.99%
||
7 Day CHG~0.00%
Published-17 Jan, 2007 | 22:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0426
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.75% / 72.17%
||
7 Day CHG~0.00%
Published-23 Jan, 2007 | 00:00
Updated-07 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_portaln/a
CVE-2015-0445
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.8||MEDIUM
EPSS-0.64% / 69.64%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2006-6703
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-18.48% / 94.99%
||
7 Day CHG~0.00%
Published-23 Dec, 2006 | 01:00
Updated-07 Aug, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle10goracle9in/a
CVE-2017-10278
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-14 Nov, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data as well as unauthorized update, insert or delete access to some of Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Tuxedo. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-tuxedoTuxedo
CVE-2014-9664
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.13% / 77.43%
||
7 Day CHG~0.00%
Published-08 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Action-Not Available
Vendor-freetypen/aopenSUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverdebian_linuxsolarisenterprise_linux_hpc_nodefedoraopensuseenterprise_linux_desktopubuntu_linuxenterprise_linux_server_eusfreetypeenterprise_linux_workstationenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-6276
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.19% / 77.94%
||
7 Day CHG~0.00%
Published-04 Dec, 2006 | 11:00
Updated-07 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_web_serverjava_system_web_proxy_serverjava_system_application_serverone_application_servern/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2017-10346
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-0.42% / 60.89%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2017-10285
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-0.39% / 59.48%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_euse-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerenterprise_linux_worksationelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2014-9751
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.65% / 92.58%
||
7 Day CHG~0.00%
Published-04 Oct, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.

Action-Not Available
Vendor-ntpn/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverlinux_kernelntpmacosenterprise_linux_desktopenterprise_linux_workstationdebian_linuxlinuxn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found