Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-2465

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-18 Jun, 2013 | 22:00
Updated At-30 Jul, 2025 | 01:46
Rejected At-
Credits

Oracle Java SE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
Oracle CorporationOracle
Product:Java SE
Added At:28 Mar, 2022
Due At:18 Apr, 2022

Oracle Java SE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D

Used in Ransomware

:

Known

CWE

:
N/A

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2013-2465
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:18 Jun, 2013 | 22:00
Updated At:30 Jul, 2025 | 01:46
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://rhn.redhat.com/errata/RHSA-2013-1060.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=137545592101387&w=2
vendor-advisory
x_refsource_HP
https://access.redhat.com/errata/RHSA-2014:0414
vendor-advisory
x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/60657
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
vendor-advisory
x_refsource_SUSE
http://marc.info/?l=bugtraq&m=137545505800971&w=2
vendor-advisory
x_refsource_HP
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/54154
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
vendor-advisory
x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
vdb-entry
signature
x_refsource_OVAL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
vendor-advisory
x_refsource_HP
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
vdb-entry
signature
x_refsource_OVAL
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
vendor-advisory
x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2013-1059.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
vendor-advisory
x_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
vdb-entry
signature
x_refsource_OVAL
http://rhn.redhat.com/errata/RHSA-2013-1081.html
vendor-advisory
x_refsource_REDHAT
http://www.us-cert.gov/ncas/alerts/TA13-169A
third-party-advisory
x_refsource_CERT
http://advisories.mageia.org/MGASA-2013-0185.html
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0963.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=975118
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-1456.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
vendor-advisory
x_refsource_MANDRIVA
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1060.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=137545592101387&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/60657
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://marc.info/?l=bugtraq&m=137545505800971&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/54154
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
Resource:
x_refsource_MISC
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1059.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1081.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.us-cert.gov/ncas/alerts/TA13-169A
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://advisories.mageia.org/MGASA-2013-0185.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0963.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=975118
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1456.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21642336
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability
N/A
https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability
N/A
http://rhn.redhat.com/errata/RHSA-2013-1060.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=137545592101387&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://access.redhat.com/errata/RHSA-2014:0414
vendor-advisory
x_refsource_REDHAT
x_transferred
http://security.gentoo.org/glsa/glsa-201406-32.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/60657
vdb-entry
x_refsource_BID
x_transferred
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://marc.info/?l=bugtraq&m=137545505800971&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/54154
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1455.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
vendor-advisory
x_refsource_HP
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
vendor-advisory
x_refsource_HP
x_transferred
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
x_refsource_MISC
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1059.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1081.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.us-cert.gov/ncas/alerts/TA13-169A
third-party-advisory
x_refsource_CERT
x_transferred
http://advisories.mageia.org/MGASA-2013-0185.html
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0963.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=975118
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-1456.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability
Resource: N/A
Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1060.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=137545592101387&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/60657
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=137545505800971&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/54154
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1059.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1081.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.us-cert.gov/ncas/alerts/TA13-169A
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://advisories.mageia.org/MGASA-2013-0185.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0963.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=975118
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1456.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21642336
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-693CWE-693 Protection Mechanism Failure
Type: CWE
CWE ID: CWE-693
Description: CWE-693 Protection Mechanism Failure
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-03-28
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2465
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2013-2465 added to CISA KEV2022-03-28 00:00:00
Event: CVE-2013-2465 added to CISA KEV
Date: 2022-03-28 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:18 Jun, 2013 | 22:55
Updated At:06 May, 2025 | 18:15

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-03-282022-04-18Oracle Java SE Unspecified VulnerabilityApply updates per vendor instructions.
Date Added: 2022-03-28
Due Date: 2022-04-18
Vulnerability Name: Oracle Java SE Unspecified Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update1:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update13:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update15:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update2:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update21:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update3:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update4:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update6:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update7:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.7.0
cpe:2.3:a:oracle:jre:1.7.0:update9:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:-:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update22:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update23:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update24:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update25:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update26:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update27:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update29:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update30:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update31:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update32:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update33:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update34:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update35:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update37:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update38:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update39:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update41:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update43:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.6.0
cpe:2.3:a:oracle:jre:1.6.0:update45:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_1:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_11:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_12:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_13:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_14:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_15:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_17:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_18:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_19:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_20:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_21:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_3:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>jre>>1.6.0
cpe:2.3:a:sun:jre:1.6.0:update_4:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-693Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-693
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Per: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html 'Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets.'
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://advisories.mageia.org/MGASA-2013-0185.htmlsecalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880secalert_us@oracle.com
Broken Link
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040secalert_us@oracle.com
Patch
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlsecalert_us@oracle.com
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=137545505800971&w=2secalert_us@oracle.com
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=137545592101387&w=2secalert_us@oracle.com
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0963.htmlsecalert_us@oracle.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1059.htmlsecalert_us@oracle.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1060.htmlsecalert_us@oracle.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1081.htmlsecalert_us@oracle.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlsecalert_us@oracle.com
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1456.htmlsecalert_us@oracle.com
Third Party Advisory
http://secunia.com/advisories/54154secalert_us@oracle.com
Not Applicable
http://security.gentoo.org/glsa/glsa-201406-32.xmlsecalert_us@oracle.com
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21642336secalert_us@oracle.com
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183secalert_us@oracle.com
Not Applicable
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.htmlsecalert_us@oracle.com
Vendor Advisory
http://www.securityfocus.com/bid/60657secalert_us@oracle.com
Broken Link
Third Party Advisory
VDB Entry
http://www.us-cert.gov/ncas/alerts/TA13-169Asecalert_us@oracle.com
Third Party Advisory
US Government Resource
https://access.redhat.com/errata/RHSA-2014:0414secalert_us@oracle.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=975118secalert_us@oracle.com
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106secalert_us@oracle.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074secalert_us@oracle.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455secalert_us@oracle.com
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703secalert_us@oracle.com
Broken Link
http://advisories.mageia.org/MGASA-2013-0185.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040af854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=137545505800971&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://marc.info/?l=bugtraq&m=137545592101387&w=2af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0963.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1059.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1060.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1081.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1455.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1456.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/54154af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://security.gentoo.org/glsa/glsa-201406-32.xmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21642336af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/60657af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
http://www.us-cert.gov/ncas/alerts/TA13-169Aaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
https://access.redhat.com/errata/RHSA-2014:0414af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=975118af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerabilityaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://advisories.mageia.org/MGASA-2013-0185.html
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
Source: secalert_us@oracle.com
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=137545505800971&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=137545592101387&w=2
Source: secalert_us@oracle.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0963.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1059.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1060.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1081.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1456.html
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/54154
Source: secalert_us@oracle.com
Resource:
Not Applicable
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21642336
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
Source: secalert_us@oracle.com
Resource:
Not Applicable
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/60657
Source: secalert_us@oracle.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/ncas/alerts/TA13-169A
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=975118
Source: secalert_us@oracle.com
Resource:
Issue Tracking
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
Source: secalert_us@oracle.com
Resource:
Broken Link
Hyperlink: http://advisories.mageia.org/MGASA-2013-0185.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=137545505800971&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://marc.info/?l=bugtraq&m=137545592101387&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0963.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1059.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1060.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1081.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1455.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-1456.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://secunia.com/advisories/54154
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://security.gentoo.org/glsa/glsa-201406-32.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21642336
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Not Applicable
Hyperlink: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/60657
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: http://www.us-cert.gov/ncas/alerts/TA13-169A
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: https://access.redhat.com/errata/RHSA-2014:0414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=975118
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2013-2465-detect-java-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2013-2465-mitigate-java-vulnerability
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

968Records found
CVE-2009-1095
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.58% / 94.42%
||
7 Day CHG~0.00%
Published-25 Mar, 2009 | 23:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CWE ID-CWE-189
Not Available
CVE-2006-5352
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.

Action-Not Available
Vendor-n/aOracle Corporation
Product-apexn/a
CVE-2006-5361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03.

Action-Not Available
Vendor-n/aOracle Corporation
Product-collaboration_suiteapplication_servern/a
CVE-2006-5349
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.

Action-Not Available
Vendor-n/aOracle Corporation
Product-http_servern/a
CVE-2006-5369
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.75% / 85.42%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS02.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2006-5360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln# FORM03.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2006-5366
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2006-5375
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.96% / 75.52%
||
7 Day CHG~0.00%
Published-18 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprisen/a
CVE-2008-4910
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.17% / 86.43%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 01:00
Updated-07 Aug, 2024 | 10:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_web_startn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-0451
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-13.91% / 94.06%
||
7 Day CHG~0.00%
Published-21 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452.

Action-Not Available
Vendor-n/aOracle Corporation
Product-goldengaten/a
CVE-2009-0344
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.30% / 84.08%
||
7 Day CHG~0.00%
Published-29 Jan, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-fire_x2100_m2fire_x2200_m2n/a
CWE ID-CWE-264
Not Available
CVE-2016-0693
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-2.13% / 83.48%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2009-0345
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.30% / 84.08%
||
7 Day CHG~0.00%
Published-29 Jan, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-fire_x2100_m2fire_x2200_m2n/a
CWE ID-CWE-264
Not Available
CVE-2016-0687
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-5.41% / 89.76%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2004-1351
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.68% / 94.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-2008-5457
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-83.27% / 99.22%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 02:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2008-5355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-17.77% / 94.87%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-287
Improper Authentication
CVE-2020-14756
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-88.85% / 99.50%
||
7 Day CHG+1.65%
Published-20 Jan, 2021 | 14:49
Updated-26 Sep, 2024 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-utilities_frameworkcoherenceUtilities Framework
CVE-2006-1885
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.30% / 84.09%
||
7 Day CHG~0.00%
Published-20 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_managern/a
CVE-2004-0523
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-13.60% / 93.97%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Action-Not Available
Vendor-tinysofan/aMIT (Massachusetts Institute of Technology)Silicon Graphics, Inc.Sun Microsystems (Oracle Corporation)
Product-propackseamsolaristinysofa_enterprise_serversunoskerberoskerberos_5n/a
CVE-2004-1154
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-27.77% / 96.27%
||
7 Day CHG~0.00%
Published-22 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-trustixn/aRed Hat, Inc.SambaSUSE
Product-sambafedora_coresecure_linuxsuse_linuxn/a
CVE-2008-5010
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.10% / 92.79%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 15:00
Updated-07 Aug, 2024 | 10:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-opensolarissolarisn/a
CVE-2017-14491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-52.38% / 97.84%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aHuawei Technologies Co., Ltd.Debian GNU/LinuxSUSERed Hat, Inc.Aruba NetworksSynology, Inc.NVIDIA CorporationArista Networks, Inc.Canonical Ltd.openSUSEMicrosoft CorporationSiemens AG
Product-enterprise_linux_desktopruggedcom_rm1224_firmwarescalance_w1750d_firmwarescalance_s615enterprise_linux_workstationlinux_for_tegradnsmasqlinux_enterprise_serverleaprouter_managerlinux_enterprise_point_of_salearubaosenterprise_linux_serverdebian_linuxjetson_tk1scalance_s615_firmwaregeforce_experiencelinux_enterprise_debuginfoeosscalance_m-800diskstation_managerhonor_v9_play_firmwarejetson_tx1scalance_w1750druggedcom_rm1224ubuntu_linuxhonor_v9_playscalance_m-800_firmwarewindowsn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-15095
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.87% / 90.99%
||
7 Day CHG~0.00%
Published-06 Feb, 2018 | 15:00
Updated-16 Sep, 2024 | 22:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationFasterXML, LLC.NetApp, Inc.Red Hat, Inc.
Product-communications_diameter_signaling_routerutilities_advanced_spatial_and_operational_analyticsprimavera_unifiercommunications_billing_and_revenue_managemententerprise_manager_for_virtualizationopenshift_container_platformenterprise_linuxglobal_lifecycle_management_opatchautosatellitebanking_platformdatabase_servercommunications_instant_messaging_serveroncommand_shiftsatellite_capsulesnapcenterclusterwaredebian_linuxjackson-databindfinancial_services_analytical_applications_infrastructureoncommand_performance_manageroncommand_balanceidentity_managerjboss_enterprise_application_platformjd_edwards_enterpriseone_toolswebcenter_portaljackson-databind
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2008-5340
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.01% / 87.99%
||
7 Day CHG~0.00%
Published-05 Dec, 2008 | 11:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CWE ID-CWE-264
Not Available
CVE-2008-5444
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-79.04% / 99.03%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5448 and CVE-2008-5449.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2008-5685
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.42% / 84.50%
||
7 Day CHG~0.00%
Published-19 Dec, 2008 | 17:00
Updated-07 Aug, 2024 | 11:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sun_firenetrascappn/a
CVE-2006-0262
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.81% / 82.08%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9idatabase_serveroracle10gn/a
CVE-2008-5449
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-4.50% / 88.69%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5448.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2006-0270
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.24% / 83.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2006-0274
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.99% / 82.86%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2008-5448
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-84.01% / 99.26%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2006-0287
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-53.18% / 97.88%
||
7 Day CHG~0.00%
Published-18 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverdatabase_servern/a
CVE-2022-43755
Matching Score-8
Assigner-SUSE
ShareView Details
Matching Score-8
Assigner-SUSE
CVSS Score-7.1||HIGH
EPSS-0.10% / 28.21%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 15:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rancher: Non-random authentication token

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Action-Not Available
Vendor-SUSE
Product-rancherRancher
CWE ID-CWE-331
Insufficient Entropy
CVE-2008-4541
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.79% / 94.47%
||
7 Day CHG~0.00%
Published-13 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_web_proxy_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3870
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-10||HIGH
EPSS-30.62% / 96.56%
||
7 Day CHG~0.00%
Published-26 May, 2009 | 21:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarisn/a
CWE ID-CWE-189
Not Available
CVE-2008-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-79.31% / 99.04%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000353
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.42% / 99.98%
||
7 Day CHG~0.00%
Published-29 Jan, 2018 | 17:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.

Action-Not Available
Vendor-n/aJenkinsOracle Corporation
Product-communications_cloud_native_core_automated_test_suitejenkinsn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-4146
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.60%
||
7 Day CHG~0.00%
Published-18 Jul, 2023 | 02:01
Updated-28 Oct, 2024 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EL Injection Vulnerability in Hitachi Replication Manager

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

Action-Not Available
Vendor-Oracle CorporationMicrosoft CorporationLinux Kernel Organization, IncHitachi, Ltd.
Product-windowssolarisreplication_managerlinux_kernelHitachi Replication Managerreplication_manager
CWE ID-CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2016-8735
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.00% / 99.88%
||
7 Day CHG~0.00%
Published-06 Apr, 2017 | 21:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-06-02||Apply updates per vendor instructions.

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.

Action-Not Available
Vendor-Oracle CorporationRed Hat, Inc.NetApp, Inc.The Apache Software FoundationCanonical Ltd.Debian GNU/Linux
Product-retail_convenience_and_fuel_pos_softwaremysql_enterprise_monitor7-mode_transition_tooldebian_linuxsnap_creator_frameworkcommunications_instant_messaging_servermicros_retail_xbri_loss_preventiononcommand_insightagile_engineering_data_managementhospitality_guest_accessagile_plmmicros_relate_crm_softwarecommunications_application_session_controllertomcattransportation_managementcommunications_interactive_session_recorderoncommand_shiftubuntu_linuxjboss_enterprise_web_serverApache TomcatTomcat
CVE-2008-4008
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-85.81% / 99.33%
||
7 Day CHG~0.00%
Published-14 Oct, 2008 | 21:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-bea_product_suiten/a
CVE-2008-4619
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.93% / 92.24%
||
7 Day CHG~0.00%
Published-20 Oct, 2008 | 22:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunosn/a
CVE-2008-4006
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-2.33% / 84.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-secure_backupn/a
CVE-2016-6662
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-89.17% / 99.51%
||
7 Day CHG~0.00%
Published-20 Sep, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.

Action-Not Available
Vendor-perconan/aMariaDB FoundationRed Hat, Inc.Debian GNU/LinuxOracle Corporation
Product-enterprise_linuxenterprise_linux_serverenterprise_linux_server_ausmariadbmysqlenterprise_linux_desktoppercona_serverenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationdebian_linuxopenstackn/a
CVE-2013-2383
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.36% / 91.33%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-1999-1467
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.86% / 85.73%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunosn/a
CVE-2016-2807
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.31% / 79.02%
||
7 Day CHG~0.00%
Published-30 Apr, 2016 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSE
Product-leapfirefoxlinux_enterpriseopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0973
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.14% / 86.36%
||
7 Day CHG~0.00%
Published-04 Jan, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CVE-2022-39428
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-44.03% / 97.45%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-17 Sep, 2024 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-web_applications_desktop_integratorWeb Applications Desktop Integrator
CVE-1999-0241
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.13% / 89.47%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

Action-Not Available
Vendor-xfree86_projectn/aSilicon Graphics, Inc.Sun Microsystems (Oracle Corporation)
Product-solarissunosx11r6irixn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 19
  • 20
  • Next
Details not found