CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2017/11/08 7:48 a.m.•1 views

USN-3473-1 openjdk-8 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

9.6CVSS6.6AI score0.06365EPSS

Exploits2References15

Japan Vulnerability Notes•added 2017/10/17 7:26 a.m.•1 views

RMI Vulnerability in Hitachi Tuning Manager

Overview A RMI Vulnerability was found in Hitachi Tuning Manager. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

10CVSS6.7AI score

Exploits0References2

RedHat Linux•added 2016/07/18 1:51 p.m.•1 views

OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860...

RedHat Linux•added 2016/02/02 10:0 a.m.•2 views

JDK: J9 JVM allows code to invoke non-public interface methods

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods...

9.1CVSS7.4AI score0.00889EPSS

RedHat Linux•added 2016/01/21 11:54 a.m.•1 views

OpenJDK: logging of RMI connection secrets (JMX, 8130710)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX...

4CVSS7.3AI score0.00201EPSS

RedHat Linux•added 2015/11/25 9:15 p.m.•2 views

OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI...

5CVSS7.3AI score0.02698EPSS

CNVD•added 2015/11/04 12:0 a.m.•2 views

Design Vulnerability in Baidu Moplus SDK (WormHole Vulnerability)

The Moplus SDK is a public development kit developed in-house by Baidu, which is integrated into numerous Android applications. The "WormHole" vulnerability exists in Baidu's Moplus SDK, which is mainly used to enhance the expansion of Baidu's search engine in smart terminals, and to realize the...

6.7AI score

Exploits0References1

RedHat Linux•added 2015/10/22 6:34 p.m.•5 views

OpenJDK: incorrect access control context used in DGCClient (RMI, 8076413)

RedHat Linux•added 2015/10/22 6:34 p.m.•4 views

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

RedHat Linux•added 2015/10/21 9:7 p.m.•3 views

OpenJDK: insufficient proxy class checks in RemoteObjectInvocationHandler (RMI, 8076339)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI...

5CVSS7.3AI score0.02698EPSS

RedHat Linux•added 2015/10/21 6:47 p.m.•0 views

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

RedHat Linux•added 2015/08/12 4:38 p.m.•3 views

OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

10CVSS6.8AI score0.09686EPSS

RedHat Linux•added 2015/07/15 12:1 p.m.•2 views

OpenJDK: RemoteObjectInvocationHandler allows calling finalize() (RMI, 8076409)

10CVSS6.8AI score0.09686EPSS

BDU FSTEC•added 2015/06/30 12:0 a.m.•3 views

The vulnerability of the SAP NetWeaver software integration platform allows a hacker to obtain information about the integration platform and the operating system.

The vulnerability of the SAP NetWeaver integration platform exists due to the lack of restrictions on remote invocation of the GetSystemInstanceList function. Exploiting this vulnerability allows a malicious actor to obtain information about the integration platform and the operating system throu...

5CVSS0.00435EPSS

Exploits0References6Affected Software1

RedHat Linux•added 2013/10/23 4:26 p.m.•2 views

OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

10CVSS6.7AI score0.0828EPSS

RedHat Linux•added 2013/05/14 5:49 p.m.•3 views

OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)

10CVSS6.7AI score0.0828EPSS