Skip to main content

Java

3274 CVEs product

Monthly

CVE-2013-0427 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-0426 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-0425 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
1.5%
CVE-2013-0424 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle XSS Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2013-0423 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
7.6
EPSS
8.0%
CVE-2013-0419 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
7.6
EPSS
4.6%
CVE-2013-0409 MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
5.0
EPSS
4.3%
CVE-2013-0351 HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
7.5
EPSS
8.1%
CVE-2012-4305 CRITICAL Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle RCE Javafx
NVD
CVSS 2.0
9.3
EPSS
5.0%
CVE-2012-4301 CRITICAL Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle RCE Javafx
NVD
CVSS 2.0
10.0
EPSS
5.0%
CVE-2012-3342 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
4.9%
CVE-2012-3213 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.1% and no vendor patch available.

Java Oracle Information Disclosure Jre Jdk
NVD
CVSS 2.0
10.0
EPSS
10.1%
CVE-2012-1543 HIGH This Week

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure Javafx
NVD
CVSS 2.0
7.6
EPSS
1.4%
CVE-2012-1541 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Oracle Apple RCE +2
NVD
CVSS 2.0
10.0
EPSS
9.5%
CVE-2013-1490 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-1489 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3% and no vendor patch available.

Mozilla Google Java Oracle Microsoft +4
NVD
CVSS 2.0
10.0
EPSS
17.3%
CVE-2013-0431 MEDIUM POC KEV THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
5.3
EPSS
91.6%
Threat
6.8
CVE-2013-0652 MEDIUM This Month

GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java Intelligent Platforms Proficy Real Time Information Portal
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2012-3174 CRITICAL Act Now

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java Oracle Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
1.4%
CVE-2012-4823 CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
14.4%
CVE-2012-4822 CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
11.3%
CVE-2012-4821 CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
5.0%
CVE-2012-4820 CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Java Information Disclosure IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
9.4%
CVE-2013-0422 CRITICAL POC KEV THREAT Emergency

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation Oracle Java RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.6%
Threat
7.8
CVE-2012-4550 MEDIUM This Month

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Java
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2012-4549 MEDIUM This Month

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Java
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2012-4534 LOW POC PATCH THREAT Monitor

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.8%.

Tomcat Denial Of Service Apache Java
NVD
CVSS 2.0
2.6
EPSS
22.8%
CVE-2012-4431 Maven MEDIUM PATCH This Month

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

CSRF Privilege Escalation Java Apache Tomcat
NVD
CVSS 2.0
4.3
EPSS
9.8%
CVE-2012-3546 Maven MEDIUM PATCH This Month

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat Privilege Escalation Apache Java
NVD
CVSS 2.0
4.3
EPSS
2.2%
CVE-2012-5055 Maven MEDIUM PATCH This Month

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Java Springsource Spring Security
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-3317 MEDIUM This Month

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Java IBM Websphere Message Broker
NVD
CVSS 2.0
6.9
EPSS
0.2%
CVE-2012-5373 MEDIUM This Month

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Oracle Jdk Jre +1
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-2739 MEDIUM POC This Month

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Oracle Jdk Jre +1
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2012-3431 MEDIUM This Month

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Jboss Enterprise Data Services Platform
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-2733 MEDIUM This Month

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

Tomcat Denial Of Service Apache Java
NVD
CVSS 2.0
5.0
EPSS
20.3%
CVE-2012-3315 MEDIUM This Month

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass Tivoli Federated Identity Manager Tivoli Federated Identity Manager Business Gateway
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5817 Maven HIGH POC This Week

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Ec2 Api Tools Java Library Xfire
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2012-5785 Maven MEDIUM POC PATCH This Month

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Information Disclosure Java Axis2
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5784 Maven MEDIUM POC This Month

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Java Activemq Axis +3
NVD
CVSS 2.0
5.8
EPSS
1.6%
CVE-2012-5783 Maven MEDIUM PATCH This Month

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Information Disclosure Java Httpclient Ubuntu Linux
NVD
CVSS 2.0
5.8
EPSS
0.6%
CVE-2012-3155 MEDIUM PATCH This Month

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Glassfish Server Java System Application Server
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-5089 HIGH PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 10.9%.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
10.9%
CVE-2012-5088 CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

Java Oracle Information Disclosure Jre Jdk
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
79.3%
Threat
5.9
CVE-2012-5087 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
6.1%
CVE-2012-5086 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0%.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2012-5085 LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated remotely exploitable.

Java Oracle Information Disclosure Jdk Jre
NVD
EPSS
0.2%
CVE-2012-5084 HIGH PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 10.9%.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
7.6
EPSS
10.9%
CVE-2012-5083 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.1%.

Java Oracle Information Disclosure Javafx Jdk +1
NVD
CVSS 2.0
10.0
EPSS
10.1%
CVE-2012-5082 MEDIUM PATCH This Month

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Javafx
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-5081 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
73.5%
Threat
4.7
CVE-2012-5080 HIGH PATCH This Week

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Javafx Linux Enterprise Desktop
NVD
CVSS 2.0
7.6
EPSS
1.3%
CVE-2012-5079 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.8%
CVE-2012-5078 CRITICAL PATCH Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Javafx
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2012-5077 LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
2.6
EPSS
2.0%
CVE-2012-5076 CRITICAL POC KEV PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
91.7%
Threat
7.7
CVE-2012-5075 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2012-5074 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
6.4
EPSS
1.9%
CVE-2012-5073 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
3.8%
CVE-2012-5072 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
2.3%
CVE-2012-5071 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
6.4
EPSS
3.1%
CVE-2012-5070 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2012-5069 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
5.8
EPSS
3.1%
CVE-2012-5068 HIGH PATCH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
7.5
EPSS
6.8%
CVE-2012-5067 MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.4%.

Java Oracle Information Disclosure Jdk Jre
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
56.4%
Threat
4.2
CVE-2012-4416 MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
6.4
EPSS
2.7%
CVE-2012-3216 LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
2.6
EPSS
2.4%
CVE-2012-3159 HIGH PATCH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
7.5
EPSS
6.8%
CVE-2012-3143 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.6%.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
12.6%
CVE-2012-1533 CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.9%.

Java Oracle Information Disclosure Jdk Jre
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
65.9%
Threat
5.5
CVE-2012-1532 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0%.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
10.0%
CVE-2012-1531 CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure Javafx Jdk +1
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2012-5353 MEDIUM This Month

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Openathens Service Provider
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-5352 MEDIUM This Month

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Java Open Single Sign On Project Home
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2012-4655 CRITICAL Act Now

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Cisco Secure Desktop
NVD
CVSS 2.0
9.3
EPSS
2.4%
CVE-2012-2316 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Java RCE Openkm
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.4%
CVE-2012-4011 CRITICAL Act Now

The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Google Java Kunai
NVD
CVSS 2.0
9.3
EPSS
2.1%
CVE-2012-4008 MEDIUM This Month

The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Java Google RCE Cybozu Live
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-3136 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
1.0%
CVE-2012-1682 CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD
CVSS 2.0
10.0
EPSS
2.9%
CVE-2012-0547 LOW POC Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT. Rated remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Oracle Information Disclosure Jdk Jre
NVD Exploit-DB
EPSS
9.9%
CVE-2012-4681 CRITICAL POC KEV THREAT Emergency

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName methods, enabling complete sandbox escape for untrusted applets. Massively exploited by exploit kits in 2012.

Java Oracle Authentication Bypass RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
94.1%
Threat
9.8
CVE-2012-2649 MEDIUM This Month

The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Java Google RCE Sleipnir Mobile
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2012-3423 HIGH POC This Week

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Java RCE Icedtea Web
NVD
CVSS 2.0
7.5
EPSS
2.8%
CVE-2012-0213 Maven MEDIUM PATCH This Month

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service Apache Java Poi
NVD
CVSS 2.0
5.0
EPSS
13.1%
CVE-2012-2197 HIGH Act Now

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.9% and no vendor patch available.

Buffer Overflow RCE Java IBM Db2
NVD
CVSS 2.0
7.1
EPSS
12.9%
CVE-2012-1738 MEDIUM This Month

Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Iplanet Web Server Sun Products Suite Java System Web Server
NVD
CVSS 2.0
5.0
EPSS
1.1%
CVE-2012-2496 MEDIUM This Month

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2012-2495 MEDIUM This Month

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco Anyconnect Secure Mobility Client Secure Desktop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2494 MEDIUM This Month

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2493 CRITICAL Act Now

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Microsoft Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
9.3
EPSS
1.3%
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +2
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle XSS +2
NVD
EPSS 8% CVSS 7.6
HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 5% CVSS 7.6
HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 4% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 8% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle RCE +1
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle RCE +1
NVD
EPSS 5% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.1% and no vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Information Disclosure +1
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Oracle +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass +2
NVD
EPSS 17% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.3% and no vendor patch available.

Mozilla Google Java +6
NVD
EPSS 92% 6.8 CVSS 5.3
MEDIUM POC KEV THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java Intelligent Platforms Proficy Real Time Information Portal
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Java Oracle +2
NVD
EPSS 14% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 11% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 9% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Java Information Disclosure +16
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation Oracle Java +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Java
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Java
NVD VulDB
EPSS 23% CVSS 2.6
LOW POC PATCH THREAT Monitor

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 22.8%.

Tomcat Denial Of Service Apache +1
NVD
EPSS 10% CVSS 4.3
MEDIUM PATCH This Month

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

CSRF Privilege Escalation Java +2
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Tomcat Privilege Escalation Apache +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

VMware Information Disclosure Java +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Java IBM +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Java Oracle +3
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Java Oracle +3
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Jboss Enterprise Data Services Platform
NVD
EPSS 20% CVSS 5.0
MEDIUM This Month

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

Tomcat Denial Of Service Apache +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Java Authentication Bypass +2
NVD
EPSS 0% CVSS 7.4
HIGH POC This Week

Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools Java library and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Ec2 Api Tools Java Library +1
NVD
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Information Disclosure Java +1
NVD
EPSS 2% CVSS 5.8
MEDIUM POC This Month

Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apache Information Disclosure Java +5
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Information Disclosure Java +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 11% CVSS 7.6
HIGH PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 10.9%.

Java Oracle Information Disclosure +2
NVD
EPSS 79% 5.9 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 79.3%.

Java Oracle Information Disclosure +2
NVD Exploit-DB
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 10% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0%.

Java Oracle Information Disclosure +2
NVD
EPSS 0%
LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated remotely exploitable.

Java Oracle Information Disclosure +2
NVD
EPSS 11% CVSS 7.6
HIGH PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 10.9%.

Java Oracle Information Disclosure +2
NVD
EPSS 10% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.1%.

Java Oracle Information Disclosure +3
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +1
NVD
EPSS 73% 4.7 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.5%.

Java Oracle Information Disclosure +2
NVD
EPSS 1% CVSS 7.6
HIGH PATCH This Week

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure +2
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +1
NVD
EPSS 2% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure +2
NVD
EPSS 92% 7.7 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Java Oracle Authentication Bypass
NVD Exploit-DB VulDB
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 6.4
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 4% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 3% CVSS 6.4
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 3% CVSS 5.8
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure +2
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 56% 4.2 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 56.4%.

Java Oracle Information Disclosure +2
NVD Exploit-DB
EPSS 3% CVSS 6.4
MEDIUM PATCH This Month

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 2% CVSS 2.6
LOW PATCH Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Java Oracle Information Disclosure +2
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +2
NVD
EPSS 13% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.6%.

Java Oracle Information Disclosure +2
NVD
EPSS 66% 5.5 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 65.9%.

Java Oracle Information Disclosure +2
NVD Exploit-DB
EPSS 10% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.0%.

Java Oracle Information Disclosure +2
NVD
EPSS 9% CVSS 10.0
CRITICAL PATCH Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Java Oracle Information Disclosure +3
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Openathens Service Provider
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Authentication Bypass Java Open Single Sign On Project Home
NVD
EPSS 2% CVSS 9.3
CRITICAL Act Now

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Cisco +1
NVD
EPSS 2% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Java RCE +1
NVD Exploit-DB
EPSS 2% CVSS 9.3
CRITICAL Act Now

The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Google Java +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Java Google +2
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 10%
LOW POC Monitor

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT. Rated remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Oracle Information Disclosure +2
NVD Exploit-DB
EPSS 94% 9.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName methods, enabling complete sandbox escape for untrusted applets. Massively exploited by exploit kits in 2012.

Java Oracle Authentication Bypass +1
NVD Exploit-DB VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection Java Google +2
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Java +2
NVD
EPSS 13% CVSS 5.0
MEDIUM PATCH This Month

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.1%.

Denial Of Service Apache Java +1
NVD
EPSS 13% CVSS 7.1
HIGH Act Now

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.9% and no vendor patch available.

Buffer Overflow RCE Java +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Cisco +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco +1
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Microsoft +2
NVD
Prev Page 36 of 37 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy