Lucene search
K

17 matches found

CVE
CVE
added 2013/07/23 10:0 a.m.255 views

CVE-2013-4002

CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...

7.1CVSS6.7AI score0.24738EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.132 views

CVE-2012-4820

CVE-2012-4820 affects IBM Java Runtime used in IBM WebSphere Real Time and other IBM products. The issue arises when code runs under a security manager, allowing remote attackers to escalate privileges by abusing insecure use of java.lang.reflect.Method invoke(). Affected IBM JREs include release...

9.3CVSS4.5AI score0.05086EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.132 views

CVE-2013-5456

CVE-2013-5456 is an IBM Java SDK vulnerability in which deserialization inside AccessController.doPrivileged could allow a remote attacker to bypass sandbox protections and execute arbitrary code. Affected IBM SDK Java Technology Edition versions include 5.0, 6, and 7 (SRs prior to remediation). ...

9.3CVSS7AI score0.06028EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.111 views

CVE-2012-4821

CVE-2012-4821 is one of several IBM JRE/Java SDK vulnerabilities (CVE-2012-4820/4821/4822/4823) affecting IBM products (e.g., WebSphere Real Time, Tivoli Monitoring, Tivoli Storage Productivity Center, and related IBM runtimes). The root cause is insecure use of Java reflection APIs (getDeclaredM...

9.3CVSS5.5AI score0.06903EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.111 views

CVE-2013-3009

CVE-2013-3009 affects IBM Java runtimes where the com.ibm.CORBA.iiop.ClientDelegate class exposes the java.lang.reflect.Method.invoke method, enabling remote attackers to call setSecurityManager and bypass sandbox protections via vectors related to the AccessController doPrivileged block. Affecte...

9.3CVSS6.4AI score0.04382EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.106 views

CVE-2012-4823

CVE-2012-4823 is an IBM JRE vulnerability (arbitrary code execution via insecure use of java.lang.ClassLoder defineClass()) affecting IBM JRE in multiple IBM and partner products. Connected advisories confirm concrete fixes by upgrading the IBM JRE to newer service releases on affected stacks: fo...

9.3CVSS5.2AI score0.06864EPSS
CVE
CVE
added 2013/01/11 12:0 a.m.100 views

CVE-2012-4822

CVE-2012-4822 affects IBM JRE components used in IBM WebSphere Real Time and multiple IBM/Tivoli products (e.g., Tivoli Monitoring, Rational Host On-Demand, WebSphere Real Time, Lotus Notes/Domino). Root cause: insecure use of multiple methods in java.lang.Class enabling remote code execution. Af...

9.3CVSS5.3AI score0.06903EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.83 views

CVE-2013-3006

CVE-2013-3006 (IBM Java/JRE) is described across IBM advisories as an unspecified vulnerability in the Java Runtime Environment used by IBM WebSphere Real Time. Affected IBM WebSphere Real Time versions include v2 and v3 SR4-FP2 and earlier, with remediation to upgrade to the IBM Java SDK version...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.83 views

CVE-2013-3007

CVE-2013-3007 is an IBM Java JRE vulnerability affecting IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5, allowing remote execution with full confidentiality, integrity and availability impact. The issue is part of a broader set of Oracle/JVM vulnerabilities addressed in IBM bulletins for Tivo...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.83 views

CVE-2013-3011

CVE-2013-3011 is described as an unspecified vulnerability in IBM Java Runtime Environment affecting multiple IBM JREs (IBM Java 1.4.2 before SR13-FP18, 5.0 before SR16-FP3, 6 before SR14, 6.0.1 before SR6, and 7 before SR5). The impact is stated as remote attackers potentially compromising confi...

9.3CVSS7.7AI score0.04435EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.80 views

CVE-2013-3012

Summary of CVE-2013-3012 (IBM Java JRE) : The initial entry describes an unspecified remote vulnerability in IBM Java runtimes across multiple releases (IBM JREs bundled with IBM products). Connected IBM advisories confirm this CVE is part of a broad set addressed by updating the IBM Java SDK/JRE...

9.3CVSS7.7AI score0.04435EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.80 views

CVE-2013-5457

CVE-2013-5457 affects IBM SDK for Java (IBM JRE/JAVA EE shards) and is discussed across IBM advisories related to WebSphere and IT management products. The vulnerability allows an attacker to execute arbitrary code remotely by abusing the Java security manager, with exploitation tied to IBM Java ...

9.3CVSS7.4AI score0.06101EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.75 views

CVE-2013-3008

CVE-2013-3008 affects IBM Java and IBM WebSphere Real Time. The IBM WebSphere Real Time bulletin lists CVE-2013-3008 among Java JRE vulnerabilities, describing an unspecified remote code execution risk via IBM Java 7 prior to 7 SR5. The remediation in that bulletin is to upgrade to IBM WebSphere ...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.71 views

CVE-2013-4041

CVE-2013-4041 is an IBM Java SDK vulnerability affecting IBM SDK Java Technology Edition versions 5.0, 6, and 7 (and related WebSphere bundles) where code running under a security manager could access restricted classes via an unspecified vector. The IBM notices detail multiple CVEs in the Oracle...

6.8CVSS6.2AI score0.02812EPSS
CVE
CVE
added 2013/07/23 10:0 a.m.70 views

CVE-2013-3010

CVE-2013-3010 is an IBM Java vulnerability in the IBM JRE shipped with IBM Java 6.0.1 before SR6 and 7 before SR5, allowing a remote attacker to affect confidentiality, integrity and availability and to execute arbitrary code on affected IBM products. IBM advisories (e.g., WebSphere Real Time) de...

9.3CVSS6.2AI score0.03973EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.69 views

CVE-2013-5375

CVE-2013-5375 corresponds to an unspecified vulnerability in IBM SDK for Java Technology Edition (IBM JRE) that could allow remote attackers to access restricted classes via XML/XSL-related vectors. The initial entry lists affected IBM SDK/JAVA versions and SR levels: 5.0.x before SR16 FP4, 6.0.x...

6.8CVSS6.1AI score0.02812EPSS
CVE
CVE
added 2013/11/24 6:0 p.m.64 views

CVE-2013-5458

CVE-2013-5458 is an IBM Java SDK vulnerability affecting IBM WebSphere Real Time. The IBM bulletin indicates that IBM WebSphere Real Time Version 3 Service Refresh 5 and earlier are affected, with remediation by upgrading to Version 3 Service Refresh 6 or later. The vulnerability involves privile...

9.3CVSS7.4AI score0.05391EPSS