Lucene search
+L

6 matches found

CVE
CVE
added 2023/08/02 2:21 p.m.393 views

CVE-2022-40609

CVE-2022-40609 describes an unsafe deserialization flaw in IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 , enabling a remote attacker to execute arbitrary code through specially crafted data. The IBM bulletin cites an IBM X-Force base likely high severity (base score 8.1, CVSS 3.x) and no...

9.8CVSS9AI score0.01827EPSS
CVE
CVE
added 2020/02/03 4:45 p.m.151 views

CVE-2019-4732

CVE-2019-4732 affects IBM SDK Java Technology Edition: IBM Java 7.x (7.0.0.0–7.0.10.55, 7.1.0.0–7.1.4.55) and 8.0.0.0–8.0.6.0 could allow a local authenticated attacker to execute arbitrary code due to DLL search order hijacking on Windows. Exploitation would require placing a crafted file in a c...

7.2CVSS6.3AI score0.00561EPSS
CVE
CVE
added 2019/03/11 10:0 p.m.147 views

CVE-2018-1890

CVE-2018-1890 affects IBM SDK Java Technology Edition Version 8 on the AIX platform, where absolute RPATHs in the JVM launcher may enable local code injection and privilege escalation. The vulnerability is documented across IBM advisories (e.g., January 2019 CPU/IBM Java SDK bulletins) and is ref...

7.8CVSS6.7AI score0.00465EPSS
CVE
CVE
added 2018/08/20 9:0 p.m.136 views

CVE-2018-1656

CVE-2018-1656 affects IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) and is referenced in IBM advisories for IBM Tivoli Netcool/ITNCM (6.4.1.x, 6.4.2.x). The underlying issue is path traversal when extracting compressed dump files. Remediation details in the connected...

7.4CVSS6.7AI score0.04513EPSS
CVE
CVE
added 2017/05/22 8:0 p.m.108 views

CVE-2017-1289

CVE-2017-1289 affects IBM SDK Java Technology Edition (Java SE/JDK/JRE). The IBM bulletin details an XML External Entity (XXE) vulnerability in XML processing, enabling a remote attacker to expose sensitive data or exhaust memory. Affected IBM Java versions include older 6, 7, and 8 releases (and...

8.2CVSS8.6AI score0.03632EPSS
CVE
CVE
added 2016/07/02 2:0 p.m.89 views

CVE-2016-3956

CVE-2016-3956 describes an HTTP bearer token leak in the npm CLI, allowing a remote attacker to obtain sensitive information via Authorization headers. Affected npm versions include prior to 2.15.1 and 3.x prior to 3.8.3, used with Node.js 0.10 (before 0.10.44), 0.12 (before 0.12.13), 4 (before 4...

7.5CVSS7.2AI score0.06748EPSS