Skip to main content

Oncommand Shift

56 CVEs product

Monthly

CVE-2018-5968 Maven HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind Debian Linux Openshift Container Platform +6
NVD GitHub
CVSS 3.1
8.1
EPSS
7.0%
CVE-2018-2638 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +22
NVD
CVSS 3.1
8.3
EPSS
3.3%
CVE-2018-2627 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Rated high severity (CVSS 7.5).

Java Oracle Microsoft Information Disclosure Jdk +19
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2018-2581 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.7
EPSS
2.5%
CVE-2017-10388 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +27
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-10357 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +27
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2017-10356 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +27
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2017-10355 MEDIUM POC PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle Jdk Jre +28
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
6.3%
CVE-2017-10350 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +27
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2017-10349 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +27
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2017-10348 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +27
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2017-10347 MEDIUM PATCH This Month

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +27
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2017-10346 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +27
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2017-10345 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Oracle Jdk Jre +28
NVD
CVSS 3.1
3.1
EPSS
0.8%
CVE-2017-10309 HIGH POC PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle Jdk Jre +24
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
1.8%
CVE-2017-10295 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +28
NVD
CVSS 3.1
4.0
EPSS
0.4%
CVE-2017-10293 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +19
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2017-10285 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +27
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2017-10281 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +28
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2017-10274 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +26
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2016-6796 Maven HIGH PATCH This Week

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass Apache Debian Linux Oncommand Insight +12
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2016-6797 Maven HIGH PATCH This Week

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Tomcat Authentication Bypass Apache Tekelec Platform Distribution Debian Linux +11
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2016-6794 Maven MEDIUM PATCH This Month

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass Apache Debian Linux Jboss Enterprise Web Server +11
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2016-5018 Maven CRITICAL POC PATCH Act Now

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat Authentication Bypass Apache Oncommand Insight Oncommand Shift +12
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2016-0762 Maven MEDIUM PATCH This Month

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Tomcat Apache Information Disclosure Ubuntu Linux Debian Linux +12
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2017-10243 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +25
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2017-10198 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +25
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2017-10193 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +23
NVD
CVSS 3.1
3.1
EPSS
0.3%
CVE-2017-10176 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +19
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2017-10135 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +25
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2017-10125 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Information Disclosure Java Oracle Jdk Jre +16
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2017-10118 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +19
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2017-10116 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +26
NVD
CVSS 3.1
8.3
EPSS
1.7%
CVE-2017-10115 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +26
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2017-10114 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +17
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2017-10111 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +23
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2017-10110 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10109 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +25
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2017-10108 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +26
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2017-10107 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10105 MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +21
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2017-10102 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +25
NVD
CVSS 3.1
9.0
EPSS
0.4%
CVE-2017-10101 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10096 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10090 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +23
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10089 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10087 CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2017-10086 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle Jdk Jre +17
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2017-10081 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +17
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2017-10078 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Java Oracle Jdk Jre +25
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2017-10074 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +23
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2017-10067 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +24
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-10053 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Jdk Jre +26
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2016-9841 CRITICAL Act Now

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Information Disclosure Zlib Leap Opensuse Debian Linux +35
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
13.5%
CVE-2016-10165 HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Little Cms Color Engine Ubuntu Linux +17
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2015-8960 HIGH POC This Week

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Transport Layer Security Clustered Data Ontap Antivirus Connector Data Ontap Edge Host Agent +9
NVD
CVSS 3.1
8.1
EPSS
0.3%
EPSS 7% CVSS 8.1
HIGH PATCH This Week

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Deserialization Jackson Databind +8
NVD GitHub
EPSS 3% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +24
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Rated high severity (CVSS 7.5).

Java Oracle Microsoft +21
NVD
EPSS 3% CVSS 4.7
MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +20
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle +29
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +29
NVD
EPSS 1% CVSS 6.2
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Java Oracle +29
NVD
EPSS 6% CVSS 5.3
MEDIUM POC PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle +30
NVD Exploit-DB
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +29
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +29
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +29
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +29
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +29
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Java Oracle +30
NVD
EPSS 2% CVSS 7.1
HIGH POC PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle +26
NVD Exploit-DB
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +30
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +21
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +29
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +30
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +28
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass Apache +14
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Tomcat Authentication Bypass Apache +13
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Authentication Bypass Apache +13
NVD
EPSS 1% CVSS 9.1
CRITICAL POC PATCH Act Now

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat Authentication Bypass Apache +14
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Tomcat Apache Information Disclosure +14
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +27
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +27
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +25
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +21
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle +27
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Information Disclosure Java Oracle +18
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +21
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle +28
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +28
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle +19
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +25
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +26
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +27
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +28
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +26
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +23
NVD
EPSS 0% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle +27
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +26
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +26
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +25
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +26
NVD
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +26
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Java Oracle +19
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Java Oracle +19
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Java Oracle +27
NVD
EPSS 1% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle +25
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle +26
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle +28
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.5% and no vendor patch available.

Information Disclosure Zlib Leap +37
NVD GitHub VulDB
EPSS 1% CVSS 7.1
HIGH PATCH This Week

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure +19
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC This Week

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Transport Layer Security Clustered Data Ontap Antivirus Connector +11
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy