Skip to main content
CVE-2013-2423 LOW POC KEV PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
3.7
EPSS
93.4%
Threat
6.5
CVE-2013-1559 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 68.9%.

Information Disclosure Oracle Fusion Middleware
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
68.9%
Threat
4.4
CVE-2013-2416 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 37.6%.

Java Oracle Information Disclosure Jre Jdk
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
37.6%
CVE-2013-2426 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 25.4% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
25.4%
CVE-2013-2421 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 25.4% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
25.4%
CVE-2013-2431 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.1% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
16.1%
CVE-2013-2422 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.5% and no vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
15.5%
CVE-2013-1537 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

Java Oracle RCE Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
10.2%
CVE-2013-1557 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
8.3%
CVE-2013-2419 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.8%.

Java Oracle Information Disclosure Jre Jdk
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
12.8%
CVE-2013-1518 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
6.8%
CVE-2013-2440 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
6.5%
CVE-2013-2435 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
6.5%
CVE-2013-2420 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
6.3%
CVE-2013-1509 MEDIUM POC THREAT This Month

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 16.0%.

Information Disclosure Oracle Fusion Middleware
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
16.0%
CVE-2013-2432 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
10.0
EPSS
6.0%
CVE-2013-2384 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
5.6%
CVE-2013-2383 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
5.6%
CVE-2013-1558 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
5.4%
CVE-2013-2427 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
10.0
EPSS
2.8%
CVE-2013-2414 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
10.0
EPSS
2.8%
CVE-2013-2436 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
9.3
EPSS
6.1%
CVE-2013-2380 CRITICAL Act Now

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fusion Middleware Jrockit
NVD
CVSS 2.0
10.0
EPSS
2.5%
CVE-2013-1534 CRITICAL Act Now

Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Database Server
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2013-2428 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2013-2425 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
1.6%
CVE-2013-2434 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-1569 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-2429 HIGH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

Buffer Overflow Java Oracle Jre Jdk
NVD
CVSS 2.0
7.6
EPSS
10.7%
CVE-2013-2430 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier;. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
7.6
EPSS
7.3%
CVE-2013-2394 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
7.6
EPSS
6.1%
CVE-2013-1563 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
7.6
EPSS
3.9%
CVE-2013-2439 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier. Rated medium severity (CVSS 6.9). No vendor patch available.

Java Oracle Information Disclosure Jre Jdk +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-2395 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2013-2378 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Enterprise Linux Desktop +4
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-1552 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Enterprise Linux Desktop +4
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-1531 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Enterprise Linux Desktop +4
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-2375 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Enterprise Linux Desktop +4
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-1521 MEDIUM This Month

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle MySQL MariaDB Enterprise Linux Desktop +4
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-1553 MEDIUM This Month

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fusion Middleware
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2013-0405 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2013-2398 MEDIUM This Month

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Siebel Crm
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-1551 MEDIUM This Month

Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Siebel Crm
NVD
CVSS 2.0
6.0
EPSS
0.5%
CVE-2013-2417 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
4.9%
CVE-2013-0411 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. Rated medium severity (CVSS 5.9).

Information Disclosure Oracle Sunos
NVD
CVSS 2.0
5.9
EPSS
0.2%
CVE-2013-2424 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7;. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
3.9%
CVE-2013-2405 MEDIUM This Month

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Primavera Products Suite
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-2397 MEDIUM This Month

Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Microsoft Industry Applications
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-1533 MEDIUM This Month

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Financial Services Software
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-1520 MEDIUM This Month

Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Industry Applications
NVD
CVSS 2.0
5.5
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy