Lucene search
K

27 matches found

CVE
CVE
added 2013/07/23 10:0 a.m.255 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2023/04/29 2:40 p.m.253 views

CVE-2023-30441

CVE-2023-30441 affects IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0–8.0.7.11, with potential exposure of sensitive information due to a combination of flaws/configurations. The CVSS base score is 7.5 (HIGH). IBM Bulletins reference remediation by upgrading to newer...

7.5CVSS7.4AI score0.00609EPSS
CVE
CVE
added 2019/08/05 1:40 p.m.135 views

CVE-2019-4473

CVE-2019-4473 is an IBM Java SDK on AIX issue where multiple IBM SDK binaries shipped with IBM products used insecure absolute RPATHs, enabling local code injection and privilege elevation. The connected IBM advisories document this vulnerability across IBM Tivoli/Spectrum Control, Tivoli System ...

8.4CVSS7.7AI score0.0045EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.132 views

CVE-2012-4820

CVE-2012-4820 affects IBM Java Runtime used in IBM WebSphere Real Time and other IBM products. The issue arises when code runs under a security manager, allowing remote attackers to escalate privileges by abusing insecure use of java.lang.reflect.Method invoke(). Affected IBM JREs include release...

9.3CVSS4.5AI score0.05086EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.131 views

CVE-2013-5456

CVE-2013-5456 is an IBM Java SDK vulnerability in which deserialization inside AccessController.doPrivileged could allow a remote attacker to bypass sandbox protections and execute arbitrary code. Affected IBM SDK Java Technology Edition versions include 5.0, 6, and 7 (SRs prior to remediation). ...

9.3CVSS7AI score0.06028EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.111 views

CVE-2012-4821

CVE-2012-4821 is one of several IBM JRE/Java SDK vulnerabilities (CVE-2012-4820/4821/4822/4823) affecting IBM products (e.g., WebSphere Real Time, Tivoli Monitoring, Tivoli Storage Productivity Center, and related IBM runtimes). The root cause is insecure use of Java reflection APIs (getDeclaredM...

9.3CVSS5.5AI score0.06903EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.111 views

CVE-2013-3009

CVE-2013-3009 affects IBM Java runtimes where the com.ibm.CORBA.iiop.ClientDelegate class exposes the java.lang.reflect.Method.invoke method, enabling remote attackers to call setSecurityManager and bypass sandbox protections via vectors related to the AccessController doPrivileged block. Affecte...

9.3CVSS6.4AI score0.04382EPSS
CVE
CVE
added 2014/12/02 1:0 a.m.111 views

CVE-2014-3065

CVE-2014-3065: IBM Java SDK/JRE contains a vulnerability where the default configuration for the shared classes feature potentially allows arbitrary code execution via the shared classes cache by other local users. Affected IBM Java versions include IBM SDK/JAVA 2 Technology Edition (v5.0 SR16 FP...

6.9CVSS4.6AI score0.00559EPSS
CVE
CVE
added 2015/07/02 9:16 p.m.111 views

CVE-2015-0192

Technical details for CVE-2015-0192 are not provided in the connected documents. The initial description names IBM Java vulnerabilities but does not specify affected products, versions, vectors, or fixes in the supplied sources. Monitor for updates.

9.8CVSS4.5AI score0.04542EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.106 views

CVE-2012-4823

CVE-2012-4823 is an IBM JRE vulnerability (arbitrary code execution via insecure use of java.lang.ClassLoder defineClass()) affecting IBM JRE in multiple IBM and partner products. Connected advisories confirm concrete fixes by upgrading the IBM JRE to newer service releases on affected stacks: fo...

9.3CVSS5.2AI score0.06864EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.100 views

CVE-2012-4822

CVE-2012-4822 affects IBM JRE components used in IBM WebSphere Real Time and multiple IBM/Tivoli products (e.g., Tivoli Monitoring, Rational Host On-Demand, WebSphere Real Time, Lotus Notes/Domino). Root cause: insecure use of multiple methods in java.lang.Class enabling remote code execution. Af...

9.3CVSS5.3AI score0.06903EPSS
CVE
CVE
added 2014/12/02 1:0 a.m.96 views

CVE-2014-3068

CVE-2014-3068 affects IBM Java environments used with Tivoli Storage Productivity Center (JRE/JDK 6 SR16 FP1 or earlier; 7 SR7 FP1 or earlier; and other older SRs). The CMS keystore allows brute-force recovery of a private key, enabling attackers to obtain private keys from CMS keystores. Exploit...

6.4CVSS3.6AI score0.01153EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.83 views

CVE-2013-3006

CVE-2013-3006 (IBM Java/JRE) is described across IBM advisories as an unspecified vulnerability in the Java Runtime Environment used by IBM WebSphere Real Time. Affected IBM WebSphere Real Time versions include v2 and v3 SR4-FP2 and earlier, with remediation to upgrade to the IBM Java SDK version...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2015/07/02 9:16 p.m.83 views

CVE-2015-1914

CVE-2015-1914 describes a vulnerability in IBM Java (various releases) where a remote attacker could bypass Java permission checks in the IBM JVM and obtain sensitive information. Affected versions include IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 bef...

5CVSS4.2AI score0.04548EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.82 views

CVE-2013-3007

CVE-2013-3007 is an IBM Java JRE vulnerability affecting IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5, allowing remote execution with full confidentiality, integrity and availability impact. The issue is part of a broader set of Oracle/JVM vulnerabilities addressed in IBM bulletins for Tivo...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.81 views

CVE-2013-3011

CVE-2013-3011 is described as an unspecified vulnerability in IBM Java Runtime Environment affecting multiple IBM JREs (IBM Java 1.4.2 before SR13-FP18, 5.0 before SR16-FP3, 6 before SR14, 6.0.1 before SR6, and 7 before SR5). The impact is stated as remote attackers potentially compromising confi...

9.3CVSS7.7AI score0.04435EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.80 views

CVE-2013-3012

Summary of CVE-2013-3012 (IBM Java JRE) : The initial entry describes an unspecified remote vulnerability in IBM Java runtimes across multiple releases (IBM JREs bundled with IBM products). Connected IBM advisories confirm this CVE is part of a broad set addressed by updating the IBM Java SDK/JRE...

9.3CVSS7.7AI score0.04435EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.80 views

CVE-2013-5457

CVE-2013-5457 affects IBM SDK for Java (IBM JRE/JAVA EE shards) and is discussed across IBM advisories related to WebSphere and IT management products. The vulnerability allows an attacker to execute arbitrary code remotely by abusing the Java security manager, with exploitation tied to IBM Java ...

9.3CVSS7.4AI score0.06101EPSS
CVE
CVE
added 2015/07/02 9:16 p.m.77 views

CVE-2015-1916

CVE-2015-1916 is an IBM Java SSL/TLS (JSSE) related denial-of-service vulnerability. IBM advisories (e.g., IBMs 734104A523B… and related security bulletins) indicate affected IBM Java SDK/JRE versions used in IBM SAN Volume Controller and Storwize family products. The vulnerability allows a remot...

7.5CVSS3.8AI score0.02696EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.73 views

CVE-2013-3008

CVE-2013-3008 affects IBM Java and IBM WebSphere Real Time. The IBM WebSphere Real Time bulletin lists CVE-2013-3008 among Java JRE vulnerabilities, describing an unspecified remote code execution risk via IBM Java 7 prior to 7 SR5. The remediation in that bulletin is to upgrade to IBM WebSphere ...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.70 views

CVE-2013-4041

CVE-2013-4041 is an IBM Java SDK vulnerability affecting IBM SDK Java Technology Edition versions 5.0, 6, and 7 (and related WebSphere bundles) where code running under a security manager could access restricted classes via an unspecified vector. The IBM notices detail multiple CVEs in the Oracle...

6.8CVSS6.2AI score0.02812EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.69 views

CVE-2013-3010

CVE-2013-3010 is an IBM Java vulnerability in the IBM JRE shipped with IBM Java 6.0.1 before SR6 and 7 before SR5, allowing a remote attacker to affect confidentiality, integrity and availability and to execute arbitrary code on affected IBM products. IBM advisories (e.g., WebSphere Real Time) de...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2011/09/02 11:0 p.m.68 views

CVE-2011-0311

CVE-2011-0311 affects IBM Runtimes for Java Technology, specifically IBM Java 1.4.2 SR13 FP9 used in 5.0.0 prior to SR13 and 6.0.0 prior to SR10. The issue arises in the class file parser where a crafted attribute length field in a class file can cause a denial of service through a JVM segmentati...

3.5CVSS6.3AI score0.01781EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.68 views

CVE-2013-5375

CVE-2013-5375 corresponds to an unspecified vulnerability in IBM SDK for Java Technology Edition (IBM JRE) that could allow remote attackers to access restricted classes via XML/XSL-related vectors. The initial entry lists affected IBM SDK/JAVA versions and SR levels: 5.0.x before SR16 FP4, 6.0.x...

6.8CVSS6.1AI score0.02812EPSS
CVE
CVE
added 2014/01/21 6:0 p.m.64 views

CVE-2013-0485

CVE-2013-0485 refers to an unspecified vulnerability in IBM Java SDK versions (7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16) with unknown impact/attack vectors related to Class Libraries. Connected advisories note the issue affecting IBM Rational Developer ...

10CVSS6AI score0.02441EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.64 views

CVE-2013-5458

CVE-2013-5458 is an IBM Java SDK vulnerability affecting IBM WebSphere Real Time. The IBM bulletin indicates that IBM WebSphere Real Time Version 3 Service Refresh 5 and earlier are affected, with remediation by upgrading to Version 3 Service Refresh 6 or later. The vulnerability involves privile...

9.3CVSS7.4AI score0.05391EPSS
CVE
CVE
added 2011/09/02 11:0 p.m.59 views

CVE-2011-3387

CVE-2011-3387 targets IBM Java 1.4.2 SR13 FP9 (IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10). A denial-of-service is caused by a crafted class file attribute length field, due to validation timing, leading to memory consumption or an infinite loop. The issue is distinc...

4CVSS5.9AI score0.01763EPSS