87 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de datos especialmente diseñados, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 https://www.ibm.com/support/pages/node/7017032 https://access.redhat.com/security/cve/CVE-2022-40609 https://bugzilla.redhat.com/show_bug.cgi?id=2228078 • CWE-502: Deserialization of Untrusted Data •

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. SDK de IBM, Java Technology Edition es vulnerable a un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente confidencial o consumir recursos de memoria. • http://www.securityfocus.com/bid/98401 https://access.redhat.com/errata/RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:3453 https://www.ibm.com/support/docview.wss?uid=swg22002169 https://access.redhat.com/security/cve/CVE-2017-1289 https://bugzilla.redhat.com/show_bug.cgi?id=1449603 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0

The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones anteriores a 4.4.2 y 5 en versiones anteriores a 5.10.0, incluye tokens portadores con peticiones arbitrarias, lo que permite a servidores HTTP remotos obtener información sensible leyendo cabeceras de autorización. • http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability http://www-01.ibm.com/support/docview.wss?uid=swg21980827 https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 https://github.com/npm/npm/issues/8380 https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 1%CPEs: 161EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones remotas Java Web Start no confiables y subprogramas Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con HotSpot. NOTA: la información previa fue obtenida de febrero 2011 CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/43350 http://secunia.com/advisories/49198 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa&# •

CVSS: 4.3EPSS: 0%CPEs: 161EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones Java Web Start remotas no confiables y applets de Java no confiables afectar la confidencialidad a través de vectores desconocidos relacionados con Deployment, una vulnerabilidad diferente a CVE-2010-4475. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://secunia.com/advisories/49198 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/erra •