Lucene search
K

81 matches found

CVE
CVE
added 2016/11/10 9:0 p.m.2128 views

CVE-2016-5195

CVE-2016-5195 (Dirty COW) : A race condition in the Linux kernel’s memory management (mm/gup.c) allows a local user to gain write access to read‑only mappings via a faulty copy‑on‑write handling. Affected: kernel 2.x–4.x prior to 4.8.3. Exploitation was observed in the wild around Oct 2016. Impac...

7.2CVSS7.8AI score0.83524EPSS
In wild
CVE
CVE
added 2017/03/11 2:11 a.m.1772 views

CVE-2017-5638

The CVE-2017-5638 issue affects Apache Struts 2, specifically 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1. The Jakarta Multipart parser mishandles file uploads, leading to remote code execution via crafted Content-Type, Content-Disposition, or Content-Length headers (notably with a #cmd= payloa...

10CVSS9.2AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2017/10/03 3:0 p.m.1592 views

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

8.1CVSS7.5AI score0.99988EPSS
In wildWeb
CVE
CVE
added 2017/09/19 1:0 p.m.1547 views

CVE-2017-12615

CVE-2017-12615 affects Apache Tomcat 7.0.0–7.0.79 on Windows when HTTP PUTs are enabled (readonly=false), allowing an attacker to upload a JSP file that can be executed by the server. Connected documents confirm remote code execution via crafted requests and note remediation through vendor adviso...

8.1CVSS7.4AI score0.99607EPSS
In wild
CVE
CVE
added 2017/09/15 7:0 p.m.1488 views

CVE-2017-9805

CVE-2017-9805 affects the Apache Struts 2 REST plugin. The REST plugin uses an XStreamHandler with an XStream instance to deserialize XML without any type filtering, enabling remote code execution when processing crafted XML payloads. Affected versions are Struts 2.1.1–2.3.x before 2.3.34 and 2.5...

8.1CVSS8.4AI score0.99461EPSS
In wild
CVE
CVE
added 2010/08/04 7:0 p.m.1088 views

CVE-2010-1871

CVE-2010-1871 affects JBoss Seam 2 (jboss-seam2) as used in Red Hat Linux’s JBoss Enterprise Application Platform 4.3.0. The vulnerability stems from inadequate sanitization of inputs to JBoss Expression Language (EL) expressions, enabling remote code execution via a crafted URL when the Java Sec...

8.8CVSS9.5AI score0.83397EPSS
In wild
CVE
CVE
added 2016/04/21 10:0 a.m.779 views

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

10CVSS6.8AI score0.92334EPSS
In wild
CVE
CVE
added 2017/05/23 3:56 a.m.609 views

CVE-2016-9841

CVE-2016-9841 is a vulnerability in zlib 1.2.8 related to improper pointer arithmetic in inffast.c that could have context-dependent impact. Connected advisories confirm public details and show remediation by upgrading zlib to a newer version (e.g., 1.2.11) across affected products and distributi...

9.8CVSS9.9AI score0.07489EPSS
CVE
CVE
added 2018/02/06 3:0 p.m.493 views

CVE-2017-7525

CVE-2017-7525 is a deserialization flaw in jackson-databind enabling code execution via ObjectMapper.readValue on versions before 2.6.7.1, 2.7.9.1, or 2.8.9. Astra Linux notes extend the issue to versions before 2.8.10 and 2.9.1, and newer advisories reference mitigations/updates. Remediation vis...

9.8CVSS9.2AI score0.37925EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.467 views

CVE-2017-3136

CVE-2017-3136 is an assertion-failure denial of service in ISC BIND when handling DNS64 queries with break-dnssec yes. Affected versions span 9.8.0–9.11.1rc1 (exactly as listed: 9.8.0–9.8.8-P1; 9.9.0–9.9.9-P6; 9.9.10b1–9.9.10rc1; 9.10.0–9.10.4-P6; 9.10.5b1–9.10.5rc1; 9.11.0–9.11.0-P3; 9.11.1b1–9....

5.9CVSS6.8AI score0.11093EPSS
CVE
CVE
added 2017/02/03 7:0 p.m.390 views

CVE-2016-10165

CVE-2016-10165 targets Little CMS (lcms2). The Type_MLU_Read function in cmstypes.c may trigger an out-of-bounds heap read when processing a crafted ICC profile, potentially allowing information disclosure or denial of service. Connected IBM advisories confirm the vulnerability details for produc...

7.1CVSS7.9AI score0.02772EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.325 views

CVE-2015-7871

CVE-2015-7871 is an authentication-bypass vulnerability in ntpd caused by handling of crypto-NAK packets. A remote, unauthenticated attacker could force ntpd to peer with attacker-controlled time sources, bypassing authentication and potentially tampering time data. Affected series include NTP 4....

9.8CVSS9.3AI score0.81762EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.300 views

CVE-2017-10355

CVE-2017-10355 is documented across multiple openJDK/OpenJDK-derived advisories (CentOS, Debian, Amazon, IBM, etc.) as a networking vulnerability in the FtpClient component of OpenJDK’s Java SE/Java SE Embedded. Technical details in connected sources specify that the FtpClient did not set default...

5.3CVSS5.3AI score0.16181EPSS
CVE
CVE
added 2018/02/06 3:0 p.m.299 views

CVE-2017-15095

Summary of CVE-2017-15095 and related sightings : The material consistently reports a deserialization flaw in jackson-databind, affecting versions prior to 2.8.10 and 2.9.1. An unauthenticated user could trigger code execution via ObjectMapper.readValue with malicious input. The issue is describe...

9.8CVSS9.2AI score0.08411EPSS
Web
CVE
CVE
added 2017/11/13 10:0 p.m.298 views

CVE-2016-8610

CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...

7.5CVSS7.4AI score0.39657EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.262 views

CVE-2017-10102

CVE-2017-10102 is a remotely exploitable issue in Oracle Java SE and Java SE Embedded (RMI subcomponent) affecting Java SE 6u151, 7u141, 8u131 and Java SE Embedded 8u131. A remote attacker could compromise the target via API data handling over network access, potentially taking over the Java runt...

9CVSS8.7AI score0.02971EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.261 views

CVE-2017-10135

CVE-2017-10135 is a timing-channel vulnerability in the PKCS#8 implementation of the JCE component of OpenJDK/OpenJDK-derived JREs. Public sources in the dataset describe it as a covert timing channel flaw that could enable a remote attacker to glean information about the private key via timing a...

5.9CVSS5.9AI score0.02598EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.260 views

CVE-2017-10115

CVE-2017-10115 is a covert timing-channel vulnerability in the DSA implementation of the JCE in OpenJDK/OpenJRE/JRockit, affecting Java SE 6u151, 7u141, 8u131 and related packages (e.g., OpenJDK 7 on Debian/Ubuntu, RHEL/CentOS, Arch Linux advisories). A remote attacker could potentially exploit t...

7.5CVSS7.2AI score0.02737EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.260 views

CVE-2017-10345

CVE-2017-10345 affects Oracle Java SE/Embedded/JRockit serialization. The vulnerability allows an unauthenticated attacker with network access to compromise the target, potentially causing a partial denial of service; exploitation is difficult and may require human interaction. Affected versions ...

3.1CVSS4.2AI score0.02442EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.259 views

CVE-2017-10268

CVE-2017-10268 affects Oracle MySQL Server (Server: Replication) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.19 and earlier. The vulnerability allows a high-privilege attacker with logon to the infrastructure where MySQL Server executes to compromise the server, potenti...

4.1CVSS4.2AI score0.00702EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10281

CVE-2017-10281 affects Oracle/OpenJDK components (Java SE, Java SE Embedded, JRockit) with the Serialization subcomponent. The vulnerability is exploitable remotely via network protocols and can be triggered by sandboxed Web Start/Applet use or by supplying data to APIs, potentially causing parti...

5.3CVSS5.3AI score0.03305EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.258 views

CVE-2017-10356

CVE-2017-10356 affects OpenJDK/OpenJDK Security component. The root cause is weak password-based encryption keys used to protect private keys stored in keystores, enabling an unauthenticated attacker with sufficient access to compromise protected data. Affected: Java SE components (OpenJDK/OpenJD...

6.2CVSS6.5AI score0.00754EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.257 views

CVE-2017-10087

CVE-2017-10087 is a vulnerability in Oracle Java SE/Java SE Embedded Libraries affecting Java SE 6u151, 7u141, and 8u131, and Java SE Embedded 8u131. The issue is an access-control bypass in the Libraries component that could allow a network-facilitated, unauthenticated attacker to take control o...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.256 views

CVE-2017-10295

CVE-2017-10295 affects OpenJDK (Java SE/Java SE Embedded) Networking: HttpURLConnection/HttpsURLConnection failed to detect newline characters in URLs, enabling potential HTTP header injection via attacker-provided URLs. Public notices in connected docs show affected package openjdk-7/openjdk-8 w...

4.3CVSS5.1AI score0.02199EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.255 views

CVE-2017-10350

CVE-2017-10350 is an OpenJDK/Oracle Java SE vulnerability in the JAX-WS subcomponent that could allow an unauthenticated network attacker to cause a partial denial of service in Java SE/Java SE Embedded deployments (clients loading untrusted code in sandbox). Affected versions per initial descrip...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.254 views

CVE-2017-10116

CVE-2017-10116 affects Oracle Java SE / Java SE Embedded / JRockit (OpenJDK-related vulnerabilities also reflected in various advisories). The vulnerability arises in the Security component’s LDAPCertStore where LDAP referrals to arbitrary URLs could be used by an unauthenticated network attacker...

8.3CVSS8.5AI score0.03524EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.252 views

CVE-2017-10388

CVE-2017-10388 affects the OpenJDK Kerberos client: the sname field from the plain-text KDC reply was used instead of the encrypted part, enabling a potential MITM impersonation of Kerberos services for Java applications acting as Kerberos clients. This vulnerability is documented across multiple...

7.5CVSS7.7AI score0.03206EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.250 views

CVE-2017-10348

CVE-2017-10348 affects OpenJDK/OpenJDK-derived Java SE/Embedded libraries. The vulnerability, exploitable over the network by unauthenticated attackers, can lead to a partial denial of service on Java SE and Java SE Embedded. Public details in the provided materials indicate affected versions var...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.248 views

CVE-2017-10067

CVE-2017-10067 affects Java SE Security in OpenJDK (targets: Java 6u151, 7u141, 8u131). The vulnerability allows a network-accessing, unauthenticated attacker to take control of the Java runtime via multiple protocols; exploitation requires user interaction. Impact aligns with the CVSS 3.0 base s...

7.5CVSS7.9AI score0.03236EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.246 views

CVE-2017-10090

CVE-2017-10090 affects Oracle/OpenJDK libraries (Java SE and Java SE Embedded). The connected documents confirm affected components and versions (Java SE: 7u141, 8u131; Java SE Embedded: 8u131) and describe the root cause as gaps in the Libraries/RMI-related areas that can bypass sandbox restrict...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.245 views

CVE-2017-10346

CVE-2017-10346 is an OpenJDK/Java SE vulnerability affecting multiple OpenJDK components (Hotspot, OpenJDK sandboxes) across affected Java versions (OpenJDK6/7/8/9 in various advisories). The public records in connected documents indicate the issue includes bypassing Java sandbox restrictions via...

9.6CVSS9.1AI score0.02962EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.243 views

CVE-2017-10243

CVE-2017-10243 affects Oracle Java SE, Java SE Embedded, and JRockit (JAX-WS subcomponent). Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. Exploitation: unauthenticated attacker with network access via multiple protocols can read a subset of data and cause a part...

6.5CVSS5.9AI score0.02862EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.240 views

CVE-2017-10081

CVE-2017-10081 is a Sandbox/Access-Restriction bypass in the Hotspot component of OpenJDK. Affected Java runtimes include Java SE 6u151, 7u141, and 8u131 (Java SE Embedded 8u131). Several connected advisories note this as part of a broader OpenJDK set of issues (RMI, JAXP, ImageIO, Libraries, AWT...

4.3CVSS4.5AI score0.0222EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.240 views

CVE-2017-10109

CVE-2017-10109 concerns a serialization flaw in Oracle/OpenJDK Java SE components (Java SE, Java SE Embedded, JRockit). The vulnerability, tied to the Serialization subcomponent, can allow an unauthenticated, network-scoped attacker to trigger a denial of service (partial DoS) by loading untruste...

5.3CVSS5.4AI score0.03114EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.238 views

CVE-2017-10285

CVE-2017-10285 is confirmed to affect Oracle/OpenJDK Java SE and Java SE Embedded, specifically the RMI (Remote Method Invocation) component. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to compromise Java SE/Embedded, with exploitation described...

9.6CVSS9AI score0.03143EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.238 views

CVE-2017-10349

CVE-2017-10349 affects the OpenJDK/JAXP component (Java SE and Java SE Embedded) where the vulnerability stems from unbounded memory growth during object creation from serialized data, enabling unauthenticated network access to cause a partial denial of service. Multiple connected advisories (IBM...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.237 views

CVE-2017-10101

CVE-2017-10101 is a concrete OpenJDK/OpenJDK JAXP vulnerability. Affected: Java SE (6u151, 7u141, 8u131) and Java SE Embedded (8u131). Issue: untrusted code loaded in sandboxed deployments can bypass protections and lead to full takeover of Java SE/Embedded via JAXP. Exploitation is network-based...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.237 views

CVE-2017-10378

CVE-2017-10378 affects the MySQL Server component (Server: Optimizer) with affected versions 5.5.57 and earlier, 5.6.37 and earlier, and 5.7.11 and earlier. The vulnerability is exploitable remotely over multiple protocols by a low-privilege user and can cause the MySQL Server to hang or crash (D...

6.5CVSS6.2AI score0.03264EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.236 views

CVE-2017-10096

CVE-2017-10096 – OpenJDK/JAXP vulnerability (CWE-style) shows a flaw in the Java SE/Java SE Embedded stack, specifically the JAXP component. Affected are Oracle Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability can allow an unauthenticated attacker with network ac...

9.6CVSS9.1AI score0.02555EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.236 views

CVE-2017-10107

CVE-2017-10107 affects OpenJDK/OpenJDK-based packages (RMI) with vulnerable components in Java SE/Java SE Embedded. The connected security data confirms multiple OpenJDK subcomponents are vulnerable, including RMI-related sandbox bypass issues, and lists affected versions such as Java 6u151, 7u14...

9.6CVSS9AI score0.02555EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.235 views

CVE-2017-10053

CVE-2017-10053 is an OpenJDK/OpenJDK 2D JPEGImageReader vulnerability. The issue affects Java SE components (Java SE, Java SE Embedded, JRockit) with affected versions including Java 6u151, 7u141, 8u131 (and 8u131 for Java SE Embedded; JRockit R28.3.14). The vulnerability could allow an unauthent...

5.3CVSS5.3AI score0.0345EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.235 views

CVE-2017-10347

CVE-2017-10347 is a serialization-related vulnerability in Oracle Java SE/JRockit that affects Java SE 6u161, 7u151, 8u144 and 9, and Java SE Embedded 8u144. The issue allows an unauthenticated, networked attacker to cause a partial denial of service in vulnerable deployments that load untrusted ...

5.3CVSS5.5AI score0.03114EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.234 views

CVE-2017-10108

CVE-2017-10108 affects Oracle Java SE, Java SE Embedded, and JRockit (Serialization). Affected versions include Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131; JRockit R28.3.14. The vulnerability allows unauthenticated remote exploitation via multiple protocols, potentially causing a partial...

5.3CVSS5.3AI score0.03114EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.234 views

CVE-2017-10357

CVE-2017-10357 is a Java SE/OpenJDK vulnerability affecting the Serialization component in Oracle Java SE and Java SE Embedded. The Initial document lists affected versions as Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. The Connected documents corroborate multiple OpenJDK/OpenJDK...

5.3CVSS5.4AI score0.03305EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.232 views

CVE-2015-7853

CVE-2015-7853 affects the refclock driver in ntpd (NTP) with the datalen parameter: in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77, a negative datalen value can overflow a data buffer, enabling remote attackers to execute arbitrary code or cause a crash. Concrete details across connected adv...

9.8CVSS9.5AI score0.11781EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.232 views

CVE-2017-10089

CVE-2017-10089 affects Oracle Java SE ImageIO in OpenJDK/OpenJDK-derived disclosures: 6u151, 7u141, 8u131 are vulnerable. The issue allows a network-based, unauthenticated attacker to take control of the Java SE runtime, with UI interaction required, potentially impacting additional products. Aff...

9.6CVSS9.1AI score0.02415EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.231 views

CVE-2017-10110

CVE-2017-10110 affects the Java SE AWT component in Oracle Java SE and is reported in multiple advisories referencing OpenJDK/OpenJDK-derived packages. Affected versions noted across sources include Java SE 6u151, 7u141 and 8u131 (and related OpenJDK/OpenJDK7 packaging in Debian/CentOS/Arch Linux...

9.6CVSS9.1AI score0.02415EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.230 views

CVE-2017-10274

CVE-2017-10274 affects Oracle Java SE Smart Card IO. According to connected IBM advisories, the flaw can be exploited by an unauthenticated attacker over multiple protocols to compromise confidentiality and integrity (C/H, I/H) with high impact, though no availability impact is stated. Affected J...

6.8CVSS6.8AI score0.02635EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.222 views

CVE-2017-10074

CVE-2017-10074 affects OpenJDK/OpenJDK Hotspot in Java SE and Java SE Embedded. Affected: Java SE 6u151, 7u141, 8u131; Java SE Embedded 8u131. Root cause per advisories: Hotspot range-checking overflow in OpenJDK leading to possible arbitrary-code execution under a sandbox-compiled Java applet/ru...

8.3CVSS8.6AI score0.03117EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.220 views

CVE-2017-10193

CVE-2017-10193 affects the Java SE and Java SE Embedded components (OpenJDK) with affected Java SE versions 6u151, 7u141, 8u131 and Java SE Embedded 8u131. The vulnerability enables a network-accessible attacker to compromise Java SE/Embedded when running untrusted code in sandboxed client deploy...

3.1CVSS3.7AI score0.02224EPSS
Total number of security vulnerabilities81