Page 8 of 212 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0 • CWE-755: Improper Handling of Exceptional Conditions CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 75EXPL: 0

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0 • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 75EXPL: 0

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00060.html https://access.redhat.com/errata/RHSA-2020:0122 https://access.redhat.com/errata/RHSA-2020:0128 https://access.redhat.com/errata/RHSA-2020:0157 https://access.redhat.com/errata/RHSA-2020:0196 https://access.redhat.com/errata/RHSA-2020:0202 https://access.redhat.com/errata/RHSA-2020:0231 https://access.redhat.com/errata/RHSA-2020:0 • CWE-172: Encoding Error •

CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 0

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explotó con éxito la vulnerabilidad podría ejecutar código arbitrario en el contexto del usuario actual, también se conoce como "ASP.NET Core Remote Code Execution Vulnerability". A memory corruption flaw was found in ASP.NET core. A client can write to freed memory on the server which could result in undefined behavior. • https://access.redhat.com/errata/RHSA-2020:0130 https://access.redhat.com/errata/RHSA-2020:0134 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603 https://access.redhat.com/security/cve/CVE-2020-0603 https://bugzilla.redhat.com/show_bug.cgi?id=1789624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Core application. The highest threat from this flaw is system availability. • https://access.redhat.com/errata/RHSA-2020:0130 https://access.redhat.com/errata/RHSA-2020:0134 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0602 https://bugzilla.redhat.com/show_bug.cgi?id=1789623 • CWE-400: Uncontrolled Resource Consumption •