Lucene search
+L

93 matches found

osv
osv
added 2016/11/17 10:29 p.m.5 views

USN-3130-1 openjdk-7 vulnerabilities

It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...

9.6CVSS6.8AI score0.05437EPSS
Exploits0References6
redhat
redhat
added 2016/11/07 9:5 a.m.9 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
openvas
openvas
added 2016/11/04 12:0 a.m.41 views

Ubuntu: Security Advisory (USN-3121-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.2AI score0.05437EPSS
Exploits0References2
redhat
redhat
added 2016/11/02 11:5 a.m.5 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
nessus
nessus
added 2016/10/28 12:0 a.m.260 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-759)

It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. CVE-2016-558...

9.6CVSS7AI score0.05437EPSS
Exploits0References6
redhat
redhat
added 2016/10/20 12:47 p.m.8 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
redhat
redhat
added 2016/10/20 12:37 p.m.14 views

OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)

It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...

8.3CVSS7.4AI score0.03255EPSS
Exploits0References5
nvd
nvd
added 2016/09/11 9:59 p.m.17 views

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

7.6CVSS6.8AI score0.00745EPSS
Exploits0References5
osv
osv
added 2016/09/11 9:59 p.m.15 views

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

7CVSS6.8AI score
Exploits0References5
prion
prion
added 2016/09/11 9:59 p.m.19 views

Design/Logic Flaw

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

7.6CVSS7.1AI score0.00745EPSS
Exploits0References5Affected Software1
ubuntucve
ubuntucve
added 2016/09/11 9:59 p.m.25 views

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

7.6CVSS7.1AI score0.00745EPSS
Exploits0References4
cvelist
cvelist
added 2016/09/11 9:0 p.m.24 views

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

6.8AI score0.00745EPSS
Exploits0References5
debiancve
debiancve
added 2016/09/11 9:0 p.m.35 views

CVE-2016-3890

The Java Debug Wire Protocol JDWP implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842...

7.6CVSS7AI score0.00745EPSS
Exploits0
fedora
fedora
added 2015/07/14 3:47 p.m.24 views

[SECURITY] Fedora 22 Update: rubygem-moped-1.5.3-1.fc22

Moped is a MongoDB driver for Ruby, which exposes a simple, elegant, and fast API. Moped is the supported driver for Mongoid from version 3 and higher. Moped is composed of three parts: an implementation of the BSON specification, an implementation of the Mongo Wire Protocol, and the driver itsel...

7.5CVSS3.1AI score0.06372EPSS
Exploits2
bdu_fstec
bdu_fstec
added 2015/07/08 12:0 a.m.8 views

The vulnerability of the EMC Unisphere data storage management program allows a hacker to execute arbitrary code.

The vulnerability of the EMC Unisphere data storage management program with the installed JDWP service is related to code errors. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...

10CVSS5.9AI score0.04447EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2015/06/29 12:0 a.m.48 views

ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-102: EMC Unisphere for VMAX Remote Code Execution Vulnerability EMC Identifier: ESA-2015-102 CVE Identifier: CVE-2015-0545 Severity Rating: CVSS v2 Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Affected products: • EMC Unisphere for VMAX 8.0.0 ...

10CVSS0.9AI score0.04447EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2015/06/18 12:0 a.m.8 views

The vulnerability of the OnCommand Workflow Automation data storage automation tool allows a hacker to execute arbitrary code.

The OnCommand Workflow Automation tool installer installs the JDWP service Java Debugging Wire Protocol. This service allows a remote attacker to execute arbitrary code through an unspecified vector...

10CVSS6AI score0.12261EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2015/05/31 5:59 p.m.21 views

CVE-2015-3292

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

10CVSS7.8AI score0.12261EPSS
Exploits0References2
prion
prion
added 2015/05/31 5:59 p.m.19 views

Code injection

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

10CVSS8.4AI score0.12261EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2015/05/31 5:0 p.m.33 views

CVE-2015-3292

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

7.8AI score0.12261EPSS
Exploits0References2
Rows per page
Query Builder