Skip to main content

Java

3274 CVEs product

Monthly

CVE-2014-8892 HIGH This Week

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Java Java Sdk
NVD
CVSS 2.0
7.8
EPSS
1.6%
CVE-2014-8891 CRITICAL Act Now

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Java Java Sdk
NVD
CVSS 2.0
10.0
EPSS
6.6%
CVE-2014-3682 HIGH This Week

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java Jbpm Designer
NVD GitHub
CVSS 2.0
7.5
EPSS
2.1%
CVE-2014-3578 Maven MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Framework
NVD
CVSS 2.0
5.0
EPSS
4.4%
CVE-2014-0227 Maven MEDIUM PATCH This Month

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.2%.

Tomcat Denial Of Service Java Apache
NVD
CVSS 2.0
6.4
EPSS
78.2%
CVE-2014-6195 LOW PATCH Monitor

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS;. Rated low severity (CVSS 1.9).

Microsoft Java IBM Authentication Bypass Tivoli Storage Manager
NVD
CVSS 2.0
1.9
EPSS
0.0%
CVE-2015-0437 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
9.3
EPSS
1.0%
CVE-2015-0421 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0413 LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Rated low severity (CVSS 1.9).

Information Disclosure Java Oracle Jdk Jre +2
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2015-0412 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
7.2
EPSS
1.7%
CVE-2015-0410 MEDIUM PATCH This Month

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +7
NVD
CVSS 2.0
5.0
EPSS
6.4%
CVE-2015-0408 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +6
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2015-0407 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +4
NVD
CVSS 2.0
5.0
EPSS
2.2%
CVE-2015-0406 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 2.0
5.8
EPSS
7.2%
CVE-2015-0403 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Suse Linux Enterprise Desktop Jdk +1
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2015-0400 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Ubuntu Linux Suse Linux Enterprise Desktop +4
NVD
CVSS 2.0
5.0
EPSS
1.5%
CVE-2015-0395 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.3%.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +5
NVD
CVSS 2.0
9.3
EPSS
19.3%
CVE-2015-0383 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via. Rated medium severity (CVSS 5.4).

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +8
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2015-0366 MEDIUM PATCH This Month

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Siebel Crm
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2014-8152 Maven MEDIUM PATCH This Month

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Java Apache Santuario Xml Security For Java
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2014-6601 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Information Disclosure Java Oracle Ubuntu Linux Debian Linux +6
NVD
CVSS 2.0
10.0
EPSS
15.9%
CVE-2014-6593 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD Exploit-DB
CVSS 2.0
4.0
EPSS
71.8%
Threat
4.5
CVE-2014-6591 LOW PATCH Monitor

Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
2.6
EPSS
1.8%
CVE-2014-6587 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2014-6585 LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
2.6
EPSS
1.5%
CVE-2014-6549 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2014-9199 CRITICAL Act Now

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Java Web Client
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-7241 MEDIUM This Month

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Java Tsutaya
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-8120 MEDIUM PATCH This Month

The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown. Rated medium severity (CVSS 4.4).

Information Disclosure Java Thermostat
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2014-8609 HIGH POC This Week

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Privilege Escalation Google Android
NVD
CVSS 2.0
7.2
EPSS
0.5%
CVE-2014-8507 HIGH POC This Week

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Google Android
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.4%
CVE-2014-7911 HIGH Act Now

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 82.2% and no vendor patch available.

Deserialization Google Java RCE Privilege Escalation +1
NVD
CVSS 2.0
7.2
EPSS
82.2%
CVE-2014-3068 MEDIUM This Month

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass
NVD
CVSS 2.0
6.4
EPSS
0.2%
CVE-2014-3065 MEDIUM This Month

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Java RCE Code Injection
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-3625 Maven MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.

Path Traversal Java Spring Framework
NVD
CVSS 2.0
5.0
EPSS
17.0%
CVE-2014-8590 MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java Netweaver Java Application Server
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2014-3654 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-8526 LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Network Data Loss Prevention
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-4624 MEDIUM This Month

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java 6 0 6 0 402 7 0 +1
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-3604 Maven MEDIUM PATCH This Month

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Not Yet Commons Ssl
NVD GitHub VulDB
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-4822 LOW Monitor

IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Java Authentication Bypass Websphere Mq Websphere Mq Explorer
NVD
CVSS 2.0
1.9
EPSS
0.1%
CVE-2014-2068 Maven LOW PATCH Monitor

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Java
NVD GitHub
CVSS 2.0
3.5
EPSS
0.1%
CVE-2014-2064 Maven MEDIUM PATCH This Month

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Java
NVD GitHub
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-6563 MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-6562 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
1.0%
CVE-2014-6560 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-6558 LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
2.6
EPSS
3.0%
CVE-2014-6545 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-6538 MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-6537 MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-6532 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
6.9%
CVE-2014-6531 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
4.3
EPSS
2.6%
CVE-2014-6527 LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jre
NVD
CVSS 2.0
2.6
EPSS
2.7%
CVE-2014-6519 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-6517 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2014-6515 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-6513 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
6.1%
CVE-2014-6512 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
4.3
EPSS
4.2%
CVE-2014-6511 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2014-6506 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.8
EPSS
7.7%
CVE-2014-6504 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-6503 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
9.7%
CVE-2014-6502 LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
2.6
EPSS
3.0%
CVE-2014-6493 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
9.7%
CVE-2014-6492 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Mozilla Information Disclosure Java Oracle Jdk +2
NVD
CVSS 2.0
7.6
EPSS
1.7%
CVE-2014-6485 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jre
NVD
CVSS 2.0
9.3
EPSS
1.1%
CVE-2014-6476 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
4.6%
CVE-2014-6468 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-6467 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-6466 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2014-6458 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2014-6457 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Epss exploitation probability 10.6%.

Information Disclosure Java Oracle Jrockit Jdk +1
NVD
CVSS 2.0
4.0
EPSS
10.6%
CVE-2014-6456 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
9.3
EPSS
7.1%
CVE-2014-6453 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-4295 MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-4294 MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Database Server
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2014-4288 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
6.9%
CVE-2014-7296 MEDIUM This Month

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection Spagobi
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-3558 Maven MEDIUM PATCH This Month

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Hibernate Validator
NVD GitHub
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-3595 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java Satellite Satellite With Embedded Oracle +3
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-5859 MEDIUM This Month

The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Java Star Girl
NVD
CVSS 2.0
5.4
EPSS
0.1%
CVE-2012-6153 Maven MEDIUM PATCH This Month

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Apache Commons Httpclient
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2013-2599 MEDIUM This Month

A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Java Android Msm
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-3089 MEDIUM This Month

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Java Rational Directory Administrator Rational Directory Server
NVD
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-5385 MEDIUM POC This Month

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Shopizer
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2014-0876 LOW PATCH Monitor

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow Java Microsoft +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3086 HIGH This Week

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Java Lotus Notes Lotus Domino +1
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2014-3120 Maven HIGH POC KEV PATCH THREAT Act Now

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Authentication Bypass Elastic
NVD Exploit-DB VulDB
CVSS 3.1
8.1
EPSS
82.6%
Threat
7.1
CVE-2014-4268 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.8%
CVE-2014-4266 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.5%
EPSS 2% CVSS 7.8
HIGH This Week

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Java +1
NVD
EPSS 7% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Java +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Java Jbpm Designer
NVD GitHub
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Java Spring Framework
NVD
EPSS 78% CVSS 6.4
MEDIUM PATCH This Month

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 78.2%.

Tomcat Denial Of Service Java +1
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS;. Rated low severity (CVSS 1.9).

Microsoft Java IBM +2
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +3
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle +3
NVD
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. Rated low severity (CVSS 1.9).

Information Disclosure Java Oracle +4
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle +8
NVD
EPSS 6% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +9
NVD
EPSS 9% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +8
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +6
NVD
EPSS 7% CVSS 5.8
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +3
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle +3
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +6
NVD
EPSS 19% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.3%.

Information Disclosure Java Oracle +7
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via. Rated medium severity (CVSS 5.4).

Information Disclosure Java Oracle +10
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Java Apache +1
NVD
EPSS 16% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.9%.

Information Disclosure Java Oracle +8
NVD
EPSS 72% 4.5 CVSS 4.0
MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.8%.

Information Disclosure Java Oracle +3
NVD Exploit-DB
EPSS 2% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 2% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Java Web Client
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Java +1
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown. Rated medium severity (CVSS 4.4).

Information Disclosure Java Thermostat
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Privilege Escalation Google +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Google +1
NVD Exploit-DB
EPSS 82% CVSS 7.2
HIGH Act Now

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Epss exploitation probability 82.2% and no vendor patch available.

Deserialization Google Java +3
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8. Rated medium severity (CVSS 6.9). No vendor patch available.

IBM Java RCE +1
NVD
EPSS 17% CVSS 5.0
MEDIUM PATCH This Month

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0%.

Path Traversal Java Spring Framework
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE SAP Java +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java +5
NVD
EPSS 0% CVSS 2.1
LOW Monitor

McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Java Network Data Loss Prevention
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java 6 0 +3
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Not Yet Commons Ssl
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW Monitor

IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and Websphere MQ Explorer 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allow local users to discover preconfigured cleartext passwords via. Rated low severity (CVSS 1.9). No vendor patch available.

IBM Java Authentication Bypass +2
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Jenkins Privilege Escalation Java
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Jenkins Information Disclosure Java
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 3% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +3
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 7% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 3% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +1
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +3
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +3
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 8% CVSS 6.8
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 10% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 3% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 10% CVSS 7.6
HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 2% CVSS 7.6
HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Mozilla Information Disclosure Java +4
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +1
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +2
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle +2
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Rated medium severity (CVSS 6.9).

Information Disclosure Java Oracle +2
NVD
EPSS 11% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Epss exploitation probability 10.6%.

Information Disclosure Java Oracle +3
NVD
EPSS 7% CVSS 9.3
CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality,. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle +1
NVD
EPSS 7% CVSS 7.6
HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Information Disclosure Java Oracle +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Code Injection +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Java Hibernate Validator
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Red Hat Java +5
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Java +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure Java Apache +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002,. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Java +2
NVD
EPSS 0% CVSS 5.0
MEDIUM POC This Month

com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Shopizer
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

IBM Denial Of Service Buffer Overflow +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Java +3
NVD
EPSS 83% 7.1 CVSS 8.1
HIGH POC KEV PATCH THREAT Act Now

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Authentication Bypass Elastic
NVD Exploit-DB VulDB
EPSS 4% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Swing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +2
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle +2
NVD
Prev Page 31 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy