CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4166 matches found

Prion•added 2017/10/20 3:29 p.m.•10 views

Privilege escalation

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX socket by default only on local-host, this vulnerability can only be used for privilege escalation...

7.2CVSS7.9AI score0.00142EPSS

Exploits4References2Affected Software1

Cvelist•added 2017/10/20 3:0 p.m.•14 views

CVE-2017-12628

7.9AI score0.00142EPSS

Exploits4References2

RedHat Linux•added 2017/10/20 11:31 a.m.•3 views

OpenJDK: unbounded memory allocation in SimpleTimeZone deserialization (Serialization, 8181323)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

5.3CVSS7.4AI score0.00602EPSS

Exploits0References4

RedHat Linux•added 2017/10/20 11:31 a.m.•2 views

OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

3.1CVSS7.3AI score0.00624EPSS

Exploits0References4

RedHat Linux•added 2017/10/20 11:31 a.m.•3 views

OpenJDK: unbounded memory allocation in ObjectInputStream deserialization (Serialization, 8181597)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

5.3CVSS7.4AI score0.00602EPSS

Exploits0References4

NVD•added 2017/10/19 8:29 p.m.•12 views

CVE-2017-5636

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node...

9.8CVSS9.6AI score0.01198EPSS

Exploits0References2

OSV•added 2017/10/19 8:29 p.m.•19 views

CVE-2017-5636

9.8CVSS7.4AI score0.01198EPSS

Exploits0References2

OSV•added 2017/10/19 5:29 p.m.•2 views

CVE-2017-10347

5.3CVSS5.6AI score0.00602EPSS

Exploits0References18

OSV•added 2017/10/19 5:29 p.m.•2 views

CVE-2017-10357

5.3CVSS5.6AI score

Exploits0References18

OSV•added 2017/10/19 5:29 p.m.•3 views

CVE-2017-10345

3.1CVSS5.5AI score

Exploits0References18

OSV•added 2017/10/19 5:29 p.m.•3 views

CVE-2017-10281

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacke...

5.3CVSS5.5AI score

Exploits0References18

Prion•added 2017/10/19 5:29 p.m.•19 views

Code injection

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacke...

5CVSS5.2AI score0.00602EPSS

Exploits0References18Affected Software17

Prion•added 2017/10/19 5:29 p.m.•17 views

Code injection

5CVSS5.3AI score0.00602EPSS

Exploits0References18Affected Software16

Debian CVE•added 2017/10/19 5:0 p.m.•44 views

CVE-2017-10345

3.1CVSS4.6AI score0.00624EPSS

Exploits0

Cvelist•added 2017/10/19 5:0 p.m.•18 views

CVE-2017-10345

4.5AI score0.00624EPSS

Exploits0References18

CVE•added 2017/10/19 5:0 p.m.•256 views

CVE-2017-10345

CVE-2017-10345 affects Oracle Java SE/Embedded/JRockit serialization. The vulnerability allows an unauthenticated attacker with network access to compromise the target, potentially causing a partial denial of service; exploitation is difficult and may require human interaction. Affected versions ...

3.1CVSS4.2AI score0.00624EPSS

Exploits0References18Affected Software3

Vulnrichment•added 2017/10/19 5:0 p.m.•17 views

CVE-2017-10345

5.3AI score0.00624EPSS

Exploits0References18

Cvelist•added 2017/10/19 5:0 p.m.•29 views

CVE-2017-10281

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacke...

5.5AI score0.00602EPSS

Exploits0References18

CVE•added 2017/10/19 5:0 p.m.•231 views

CVE-2017-10357

CVE-2017-10357 is a Java SE/OpenJDK vulnerability affecting the Serialization component in Oracle Java SE and Java SE Embedded. The Initial document lists affected versions as Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. The Connected documents corroborate multiple OpenJDK/OpenJDK...

5.3CVSS5.4AI score0.00602EPSS

Exploits0References18Affected Software2

Tenable Nessus•added 2017/10/19 12:0 a.m.•261 views

Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 9 Update 1, 8 Update 151, 7 Update 161, or 6 Update 171. It is, therefore, affected by multiple vulnerabilities related to the following components : - 2D Little CMS 2 - Deployment - Hotspot -...

9.8CVSS6.8AI score0.19177EPSS

Exploits8References23

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by