Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-3587

Summary
Assigner-oracle
Assigner Org ID-43595867-4340-4103-b7a2-9a5208d29a85
Published At-21 Jul, 2016 | 10:00
Updated At-11 Oct, 2024 | 20:42
Rejected At-
Credits

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:oracle
Assigner Org ID:43595867-4340-4103-b7a2-9a5208d29a85
Published At:21 Jul, 2016 | 10:00
Updated At:11 Oct, 2024 | 20:42
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-3043-1
vendor-advisory
x_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
x_refsource_CONFIRM
https://security.gentoo.org/glsa/201610-08
vendor-advisory
x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
vendor-advisory
x_refsource_SUSE
https://security.netapp.com/advisory/ntap-20160721-0001/
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1475
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
vendor-advisory
x_refsource_SUSE
http://www.securitytracker.com/id/1036365
vdb-entry
x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-43
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/91787
vdb-entry
x_refsource_BID
http://www.securityfocus.com/bid/91904
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2016:1458
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.ubuntu.com/usn/USN-3043-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://security.gentoo.org/glsa/201610-08
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.netapp.com/advisory/ntap-20160721-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1475
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securitytracker.com/id/1036365
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://security.gentoo.org/glsa/201701-43
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/91787
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.securityfocus.com/bid/91904
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1458
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/USN-3043-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
x_refsource_CONFIRM
x_transferred
https://security.gentoo.org/glsa/201610-08
vendor-advisory
x_refsource_GENTOO
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.netapp.com/advisory/ntap-20160721-0001/
x_refsource_CONFIRM
x_transferred
https://access.redhat.com/errata/RHSA-2016:1475
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securitytracker.com/id/1036365
vdb-entry
x_refsource_SECTRACK
x_transferred
https://security.gentoo.org/glsa/201701-43
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/91787
vdb-entry
x_refsource_BID
x_transferred
http://www.securityfocus.com/bid/91904
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2016:1458
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3043-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201610-08
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20160721-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1475
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036365
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201701-43
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91787
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securityfocus.com/bid/91904
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1458
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert_us@oracle.com
Published At:21 Jul, 2016 | 10:14
Updated At:12 Apr, 2025 | 10:46

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.6CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.6
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Oracle Corporation
oracle
>>linux>>6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>linux>>7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update91:*:*:*:*:*:*
Oracle Corporation
oracle
>>jdk>>1.8.0
cpe:2.3:a:oracle:jdk:1.8.0:update92:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update91:*:*:*:*:*:*
Oracle Corporation
oracle
>>jre>>1.8.0
cpe:2.3:a:oracle:jre:1.8.0:update92:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.htmlsecalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.htmlsecalert_us@oracle.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlsecalert_us@oracle.com
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlsecalert_us@oracle.com
Vendor Advisory
http://www.securityfocus.com/bid/91787secalert_us@oracle.com
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/91904secalert_us@oracle.com
N/A
http://www.securitytracker.com/id/1036365secalert_us@oracle.com
N/A
http://www.ubuntu.com/usn/USN-3043-1secalert_us@oracle.com
N/A
https://access.redhat.com/errata/RHSA-2016:1458secalert_us@oracle.com
N/A
https://access.redhat.com/errata/RHSA-2016:1475secalert_us@oracle.com
N/A
https://security.gentoo.org/glsa/201610-08secalert_us@oracle.com
N/A
https://security.gentoo.org/glsa/201701-43secalert_us@oracle.com
N/A
https://security.netapp.com/advisory/ntap-20160721-0001/secalert_us@oracle.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/91787af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/91904af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1036365af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-3043-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2016:1458af854a3a-2127-422b-91ae-364da2661108
N/A
https://access.redhat.com/errata/RHSA-2016:1475af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201610-08af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201701-43af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.netapp.com/advisory/ntap-20160721-0001/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Source: secalert_us@oracle.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Source: secalert_us@oracle.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/91787
Source: secalert_us@oracle.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/91904
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036365
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3043-1
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1458
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1475
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201610-08
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201701-43
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20160721-0001/
Source: secalert_us@oracle.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00033.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2016-08/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/91787
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/91904
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036365
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3043-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1458
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2016:1475
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201610-08
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201701-43
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20160721-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

115Records found
CVE-2008-7233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.22% / 90.67%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 14:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator component, aka AS02.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suite_11iapplication_servern/a
CVE-2008-4197
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-5.08% / 89.55%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

Action-Not Available
Vendor-n/aMicrosoft CorporationFreeBSD FoundationOracle CorporationLinux Kernel Organization, IncOpera
Product-freebsdsolarisopera_browserlinux_kernelwindowsn/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2008-2992
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-93.74% / 99.84%
||
7 Day CHG~0.00%
Published-04 Nov, 2008 | 18:00
Updated-22 Oct, 2025 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.

Action-Not Available
Vendor-n/aAdobe Inc.Oracle Corporation
Product-acrobat_readeracrobatsolarisn/aAcrobat and Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-3443
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-3.40% / 87.13%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information via crafted font data, which triggers an out-of-bounds read.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2012-0724
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-9.3||HIGH
EPSS-1.00% / 76.64%
||
7 Day CHG~0.00%
Published-06 Apr, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725.

Action-Not Available
Vendor-n/aMicrosoft CorporationGoogle LLCAdobe Inc.Apple Inc.Linux Kernel Organization, IncOracle Corporation
Product-airandroidmacoswindowsflash_playerchromesolarislinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3564
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-1.93% / 83.03%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JPA-RS.

Action-Not Available
Vendor-n/aOracle Corporation
Product-toplinkn/a
CVE-2016-3081
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-94.05% / 99.90%
||
7 Day CHG~0.00%
Published-26 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-strutssiebel_e-billingn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-3606
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-3.93% / 88.05%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-linuxjrejdkn/a
CVE-2016-2799
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 70.22%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapopensusefirefoxgraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2334
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-16.30% / 94.66%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.

Action-Not Available
Vendor-7-zipn/aFedora ProjectOracle Corporation
Product-7-zipfedorasolarisn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-2794
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.86%
||
7 Day CHG~0.00%
Published-13 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.

Action-Not Available
Vendor-siln/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-leapfirefoxopensusegraphite2linuxlinux_enterprisen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0686
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-5.41% / 89.92%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2016-0687
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-5.41% / 89.92%
||
7 Day CHG~0.00%
Published-21 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2016-0636
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.1||HIGH
EPSS-8.02% / 91.92%
||
7 Day CHG~0.00%
Published-24 Mar, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle Corporation
Product-enterprise_linux_serverenterprise_linux_hpc_nodeenterprise_linux_desktopjdkenterprise_linux_workstationjreicedtea7n/a
CVE-2007-4467
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.3||HIGH
EPSS-33.32% / 96.80%
||
7 Day CHG~0.00%
Published-31 Aug, 2007 | 00:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later reported that 1.1.8.3 through 1.1.8.25, and probably 1.1.5.x and 1.1.7.x, are affected.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jinitiatorn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4496
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.51% / 80.88%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxsolarisn/a
CVE-2015-4821
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-0.70% / 71.67%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle_and_sun_systems_product_suiten/a
CVE-2015-5165
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-9.72% / 92.75%
||
7 Day CHG~0.00%
Published-12 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.Arista Networks, Inc.Xen ProjectFedora ProjectDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverenterprise_linux_eusenterprise_linux_eus_compute_nodeenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_eusenterprise_linux_for_power_big_endian_eusenterprise_linux_compute_node_eusxendebian_linuxlinuxenterprise_linux_for_power_big_endianopenstackvirtualizationenterprise_linux_server_ausenterprise_linux_server_eus_from_rhuifedoraenterprise_linux_desktopenterprise_linux_for_scientific_computingenterprise_linux_server_tuseosenterprise_linux_workstationenterprise_linux_server_from_rhuilinux_enterprise_serverlinux_enterprise_debuginfon/a
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2015-4901
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-0.88% / 75.00%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2011-5167
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-58.47% / 98.15%
||
7 Day CHG~0.00%
Published-15 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.

Action-Not Available
Vendor-tidestonen/aOracle Corporation
Product-formula_one_activex_controlhyperion_strategic_financen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-5556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-3.94% / 88.07%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CWE ID-CWE-284
Improper Access Control
CVE-2012-0754
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-92.09% / 99.70%
||
7 Day CHG~0.00%
Published-16 Feb, 2012 | 19:00
Updated-17 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-22||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncMicrosoft CorporationApple Inc.Oracle CorporationGoogle LLCAdobe Inc.
Product-solariswindowslinux_kernelflash_playerandroidmac_os_xn/aFlash Player
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-0437
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.23% / 78.83%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aNovellOracle Corporation
Product-jrejdksuse_linux_enterprise_desktopn/a
CVE-2016-3598
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-7.07% / 91.31%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.

Action-Not Available
Vendor-n/aOracle Corporation
Product-linuxjrejdkn/a
CVE-2016-3610
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.6||CRITICAL
EPSS-4.24% / 88.52%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.

Action-Not Available
Vendor-n/aOracle Corporation
Product-linuxjrejdkn/a
CVE-2014-6503
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-10.41% / 93.06%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2014-6456
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-7.67% / 91.71%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 15:15
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2014-4219
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-8.46% / 92.15%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2011-0618
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-5.97% / 90.45%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CVE-2014-4262
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-8.46% / 92.15%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2011-0626
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||HIGH
EPSS-4.49% / 88.84%
||
7 Day CHG~0.00%
Published-13 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625.

Action-Not Available
Vendor-n/aMicrosoft CorporationLinux Kernel Organization, IncGoogle LLCOracle CorporationApple Inc.Adobe Inc.
Product-linux_kernelwindowssolarisandroidflash_playermac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2490
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-3.11% / 86.51%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationHP Inc.
Product-hp-uxdebian_linuxjrejdkn/a
CVE-2014-2397
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-3.21% / 86.72%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-debian_linuxjreubuntu_linuxjdkn/a
CVE-2016-1935
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.49%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationopenSUSE
Product-leapopensusefirefoxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-2410
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-3.09% / 86.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2014-1490
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-1.11% / 77.78%
||
7 Day CHG-0.03%
Published-06 Feb, 2014 | 02:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationCanonical Ltd.SUSEFedora ProjectopenSUSEDebian GNU/Linux
Product-enterprise_manager_ops_centerthunderbirdvm_serverfedorafirefoxubuntu_linuxseamonkeynetwork_security_serviceslinux_enterprise_desktopdebian_linuxopensuselinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2014-1494
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.56% / 67.58%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-solarisfirefoxseamonkeyopensuselinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CVE-2014-4223
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-6.35% / 90.77%
||
7 Day CHG~0.00%
Published-17 Jul, 2014 | 02:36
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2014-1557
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-2.87% / 85.95%
||
7 Day CHG~0.00%
Published-23 Jul, 2014 | 10:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationDebian GNU/Linux
Product-thunderbirdfirefoxfirefox_esrdebian_linuxsolarisn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2014-1507
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.3||HIGH
EPSS-0.94% / 75.77%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via a crafted application that uses a relative pathname for a DeviceStorageFile object.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxossolarisn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2014-0417
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-9.19% / 92.51%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 02:50
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aOracle Corporation
Product-javafxjdkjren/a
CVE-2014-0432
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.93% / 83.03%
||
7 Day CHG~0.00%
Published-15 Apr, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2014-0408
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-4.30% / 88.61%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 02:50
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45, when running on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

Action-Not Available
Vendor-n/aOracle CorporationApple Inc.
Product-jremac_os_xn/a
CVE-2014-0461
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-10.05% / 92.91%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aIBM CorporationCanonical Ltd.Debian GNU/LinuxOracle CorporationMicrosoft Corporation
Product-ubuntu_linuxjdkforms_viewerwindowsdebian_linuxjren/a
CVE-2014-0385
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.60% / 81.38%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 01:33
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u45, when installing on OS X, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2013-5805
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.38% / 79.94%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 17:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing, a different vulnerability than CVE-2013-5806.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2013-5889
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-5.95% / 90.44%
||
7 Day CHG~0.00%
Published-15 Jan, 2014 | 00:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
CVE-2013-5844
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-1.60% / 81.38%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 17:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.

Action-Not Available
Vendor-n/aOracle Corporation
Product-javafxjdkjren/a
CVE-2013-5777
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-0.91% / 75.45%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5775.

Action-Not Available
Vendor-n/aOracle Corporation
Product-javafxjdkjren/a
CVE-2013-5838
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.3||HIGH
EPSS-3.47% / 87.26%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 17:31
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jrejdkn/a
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found