CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-25738 – Code exec via yaml parsing
https://notcve.org/view.php?id=CVE-2021-25738
11 Oct 2021 — Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. Una carga de yaml especialmente diseñado con la librería Kubernetes Java Client puede conllevar a una ejecución de código • http://www.openwall.com/lists/oss-security/2022/08/23/2 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8570 – Kubernetes Java client libraries unvalidated path traversal in Copy implementation
https://notcve.org/view.php?id=CVE-2020-8570
21 Jan 2021 — Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code. Las bibliotecas del cliente de Kubernetes Java en la versión 10.0.0 y las versiones anteriores a 9.0.1, permiten la escritura en rutas fuera del directorio actual cuando copia varios archivos ... • https://github.com/kubernetes-client/java/issues/1491 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 0CVE-2015-0192 – JDK: unspecified Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-0192
13 May 2015 — Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Vulnerabilidad no especificada en IBM Java 8 anterior a SR1, 7 R1 anterior a SR2 FP11, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos ganar privilegios a través de vectores desconocidos... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1914 – JDK: unspecified partial Java sandbox restrictions bypass
https://notcve.org/view.php?id=CVE-2015-1914
13 May 2015 — IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. IBM Java 7 R1 anterior a SR3, 7 anterior a SR9, 6 R1 anterior a SR8 FP4, 6 anterior a SR16 FP4, y 5.0 anterior a SR16 FP10 permite a atacantes remotos evadir 'comprobaciones de permisos' y obtener información sensible a través de vectores relacionados con Java Virtual Ma... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 46EXPL: 0CVE-2014-3068 – JDK: Java CMS keystore provider potentially allows brute-force private key recovery
https://notcve.org/view.php?id=CVE-2014-3068
02 Dec 2014 — IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. IBM Java Runtime Environment (JRE) 7 R1 anterior a SR1 FP1 (7.1.1.1), 7 anterior a SR7 FP1 (7.0.7.1), 6 R1 anterior a SR8 FP1 (6.1.8.1), 6 anterior a SR16 FP1 (6.0.16.1), y anterior a 5.0 SR16 FP7 (5.0... • http://rhn.redhat.com/errata/RHSA-2015-0264.html • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2014-3065 – JDK: privilege escalation via shared class cache
https://notcve.org/view.php?id=CVE-2014-3065
20 Nov 2014 — Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a S... • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0485
https://notcve.org/view.php?id=CVE-2013-0485
21 Jan 2014 — Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. Vulnerabilidad no especificada en IBM Java SDK 7 en versiones anteriores a SR4-FP1, 6 en versiones anteriores a SR13-FP1, 5.0 en versiones anteriores a SR16-FP1 y 1.4.2 en versiones anteriores a SR13-FP16 tiene impacto desconocido y vectores de ataque relacionados con Class Libraries. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-5375 – JDK: unspecified sandbox bypass (XML)
https://notcve.org/view.php?id=CVE-2013-5375
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. Vulnerabilidad no especificada en IBM Java SDK 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, 6.0.0 anteriores a SR15, y 5.0.0 anteriores a SR16 FP4 permite a atacantes remotos acceder a clases restringidas a través de vectores no especificados relacionados con XML y XSL. This update co... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-4041 – JDK: unspecified sandbox bypass (JVM)
https://notcve.org/view.php?id=CVE-2013-4041
07 Nov 2013 — Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors. Vulnerabilidad no especificada en el Java SDK de IBM 5.0.0 anteriores a SR16 FP4, 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos acceder clases restringidas a través de vectores no especificados. This update corrects several security vulnerabilities in the... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html •
CVSS: 9.8EPSS: 9%CPEs: 62EXPL: 0CVE-2013-3012 – JDK: Unspecified security fixes (July 2013)
https://notcve.org/view.php?id=CVE-2013-3012
23 Jul 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3011. Vulnerabilidad sin especificar en Java Runtime Environment (JRE) en IBM Java 1.4.2 anterior a 1.4.2 SR13-FP18, 5.0 anterior a 5.0 SR16-FP3, 6 anterior a 6 SR... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html •