CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27839
https://notcve.org/view.php?id=CVE-2025-27839
07 Mar 2025 — operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible. • https://github.com/tangem/tangem-sdk-android/commit/24588188fdb51ed469cd59d2c595128c1fe63b07 • CWE-1025: Comparison Using Wrong Factors •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
02 Aug 2023 — IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de da... • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 1%CPEs: 5EXPL: 0CVE-2017-1289 – JDK: XML External Entity Injection (XXE) error when processing XML data
https://notcve.org/view.php?id=CVE-2017-1289
10 May 2017 — IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. SDK de IBM, Java Technology Edition es vulnerable a un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente confidencial o consumir recursos de memor... • http://www.securityfocus.com/bid/98401 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 2%CPEs: 95EXPL: 0CVE-2016-3956
https://notcve.org/view.php?id=CVE-2016-3956
02 Jul 2016 — The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones ante... • http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 161EXPL: 0CVE-2010-4447 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4447
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anterio... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html •
CVSS: 9.1EPSS: 1%CPEs: 161EXPL: 0CVE-2010-4448 – OpenJDK DNS cache poisoning by untrusted applets (6981922)
https://notcve.org/view.php?id=CVE-2010-4448
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted ap... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html •
CVSS: 9.8EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4450 – OpenJDK Launcher incorrect processing of empty library path entries (6983554)
https://notcve.org/view.php?id=CVE-2010-4450
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor ... • http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released •
CVSS: 10.0EPSS: 7%CPEs: 161EXPL: 0CVE-2010-4454 – JDK unspecified vulnerability in Sound component
https://notcve.org/view.php?id=CVE-2010-4454
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html •
CVSS: 10.0EPSS: 4%CPEs: 161EXPL: 0CVE-2010-4469 – OpenJDK Hotspot verifier heap corruption (6878713)
https://notcve.org/view.php?id=CVE-2010-4469
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap c... • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html •
CVSS: 10.0EPSS: 7%CPEs: 161EXPL: 0CVE-2010-4473 – JDK unspecified vulnerability in Sound component
https://notcve.org/view.php?id=CVE-2010-4473
17 Feb 2011 — Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html •