CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
02 Aug 2023 — IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de da... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1289 – JDK: XML External Entity Injection (XXE) error when processing XML data
https://notcve.org/view.php?id=CVE-2017-1289
10 May 2017 — IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. SDK de IBM, Java Technology Edition es vulnerable a un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente confidencial o consumir recursos de memor... • http://www.securityfocus.com/bid/98401 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2016-3956
https://notcve.org/view.php?id=CVE-2016-3956
02 Jul 2016 — The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones ante... • http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 9%CPEs: 161EXPL: 2CVE-2010-4476 – Oracle Java - Floating-Point Value Denial of Service
https://notcve.org/view.php?id=CVE-2010-4476
17 Feb 2011 — The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. El método Double.parseDouble en Jav... • https://www.exploit-db.com/exploits/35304 •
CVSS: 10.0EPSS: 2%CPEs: 161EXPL: 0CVE-2010-4473 – JDK unspecified vulnerability in Sound component
https://notcve.org/view.php?id=CVE-2010-4473
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html •
CVSS: 9.1EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4448 – OpenJDK DNS cache poisoning by untrusted applets (6981922)
https://notcve.org/view.php?id=CVE-2010-4448
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted ap... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html •
CVSS: 9.8EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4450 – OpenJDK Launcher incorrect processing of empty library path entries (6983554)
https://notcve.org/view.php?id=CVE-2010-4450
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor ... • http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released •
CVSS: 10.0EPSS: 1%CPEs: 161EXPL: 0CVE-2010-4469 – OpenJDK Hotspot verifier heap corruption (6878713)
https://notcve.org/view.php?id=CVE-2010-4469
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap c... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html •
CVSS: 7.5EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4475 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4475
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anterio... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html •
CVSS: 7.5EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4447 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4447
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anterio... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html •