CVE Daily
← All tags

Tag: Oracle JDK

All CVEs associated with "Oracle JDK". Page 29/43 • 5132 CVEs.

Subscribe CVEs: RSS for “Oracle JDK”  ·  RSS (High+Critical only)

About “Oracle JDK”

A curated feed of “Oracle JDK”-related CVEs appears below. We currently track 5132 CVEs for this tag (all time). In the last 365 days, 782 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal').

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-11-09
Critical

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-10-31
Critical

CVE-2015-9245

Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
2017-10-30
Critical

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors in…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2012-0881

Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

CVSS: 7.5 CWE: CWE-399 View on NVD
2017-10-27
Critical

CVE-2016-5003

The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an <ex:serializable> element.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-10-24
High

CVE-2017-1583

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.13)could allow a remote attacker to obtain sensitive information caused by improper error handling by MyFaces in JSF.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-10-20
High

CVE-2017-12628

The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. As James exposes JMX soc…

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-10-19
High

CVE-2017-10388

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2017-10386

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily explo…

CVSS: 4.8 CWE: N/A View on NVD
Medium

CVE-2017-10380

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2017-10357

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10356

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embe…

CVSS: 6.2 CWE: N/A View on NVD
Medium

CVE-2017-10355

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10350

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easil…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10349

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144.…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10348

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10347

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144.…

CVSS: 5.3 CWE: N/A View on NVD
Critical

CVE-2017-10346

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u14…

CVSS: 9.6 CWE: N/A View on NVD
Low

CVE-2017-10345

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…

CVSS: 3.1 CWE: N/A View on NVD
Medium

CVE-2017-10342

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily explo…

CVSS: 5.3 CWE: N/A View on NVD
Low

CVE-2017-10341

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to…

CVSS: 3.7 CWE: N/A View on NVD
High

CVE-2017-10309

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthentic…

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2017-10295

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Em…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2017-10293

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows…

CVSS: 6.1 CWE: N/A View on NVD
Critical

CVE-2017-10285

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. E…

CVSS: 9.6 CWE: N/A View on NVD
Medium

CVE-2017-10281

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10274

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2017-10190

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged att…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2017-15612

mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-10-16
High

CVE-2017-15296

The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Medium

CVE-2017-15294

The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-10-12
High

CVE-2017-9514

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in…

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2017-10-05
Medium

CVE-2017-1000105

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission wa…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
2017-10-04
High

CVE-2017-1541

A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.

CVSS: 7.3 CWE: CWE-20 - Improper Input Validation View on NVD
2017-10-03
High

CVE-2015-6576

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2017-09-28
Critical

CVE-2017-10932

All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-09-22
High

CVE-2017-8012

In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Complian…

CVSS: 7.4 CWE: N/A View on NVD
2017-09-19
High

CVE-2017-14581

The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 allows remote attackers to cause a denial of service (service crash) via a crafted request, aka SAP Security Note 2389181.

CVSS: 7.5 CWE: N/A View on NVD
2017-09-15
Medium

CVE-2017-4926

VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-09-13
High

CVE-2016-8744

Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration…

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-08-31
High

CVE-2017-14063

Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. S…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2017-08-09
High

CVE-2015-4165

The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on w…

CVSS: 7.5 CWE: CWE-264 View on NVD
2017-08-08
Medium

CVE-2017-10243

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded:…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2017-10198

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde…

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2017-10193

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.…

CVSS: 3.1 CWE: N/A View on NVD
High

CVE-2017-10176

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u13…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-10145

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo…

CVSS: 7.4 CWE: N/A View on NVD
Medium

CVE-2017-10135

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u…

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2017-10125

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physi…

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2017-10121

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2017-10118

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JR…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2017-10117

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2017-10116

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedde…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2017-10115

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-10114

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows unauthent…

CVSS: 8.3 CWE: N/A View on NVD
Critical

CVE-2017-10111

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploit…

CVSS: 9.6 CWE: N/A View on NVD
Critical

CVE-2017-10110

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthe…

CVSS: 9.6 CWE: N/A View on NVD
Medium

CVE-2017-10109

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10108

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em…

CVSS: 5.3 CWE: N/A View on NVD
Critical

CVE-2017-10107

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easi…

CVSS: 9.6 CWE: N/A View on NVD
Medium

CVE-2017-10105

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2017-10104

Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo…

CVSS: 7.4 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2017-10102

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Diff…

CVSS: 9.0 CWE: N/A View on NVD
Critical

CVE-2017-10101

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…

CVSS: 9.6 CWE: N/A View on NVD
Critical

CVE-2017-10096

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Eas…

CVSS: 9.6 CWE: N/A View on NVD
Critical

CVE-2017-10090

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easil…

CVSS: 9.6 CWE: N/A View on NVD
Critical

CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows una…

CVSS: 9.6 CWE: N/A View on NVD
Critical

CVE-2017-10087

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131…

CVSS: 9.6 CWE: N/A View on NVD
Critical

CVE-2017-10086

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u141 and 8u131. Easily exploitable vulnerability allows unauthentic…

CVSS: 9.6 CWE: N/A View on NVD
Medium

CVE-2017-10081

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at…

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2017-10067

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2017-10062

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Oracle Java Web Console). The supported version that is affected is 10. Easily exploitable vulnerability all…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10053

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u1…

CVSS: 5.3 CWE: N/A View on NVD
2017-08-07
High

CVE-2017-12637

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2011-4650

Cisco Data Center Network Manager is affected by Excessive Logging During a TCP Flood on Java Ports. If the size of server.log becomes very big because of too much logging by the DCNM server, then th…

CVSS: 7.5 CWE: CWE-399 View on NVD
2017-08-02
High

CVE-2014-8903

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2017-07-25
Medium

CVE-2017-11458

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, a…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2017-11457

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attac…

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2015-5187

Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-07-17
High

CVE-2017-1000034

Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.

CVSS: 8.1 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Critical

CVE-2017-1000030

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain te…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2016-6793

The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the pe…

CVSS: 9.1 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2015-0249

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka…

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2017-07-12
High

CVE-2017-9844

SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP…

CVSS: 7.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-07-10
High

CVE-2017-1337

IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.

CVSS: 8.1 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2017-06-30
Critical

CVE-2017-10670

An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET), exploitable by sending a crafted standard-conform…

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2017-10669

Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages mus…

CVSS: 6.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
Medium

CVE-2017-10668

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker…

CVSS: 5.9 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2017-06-28
High

CVE-2017-7686

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do th…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-06-27
Critical

CVE-2017-9830

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-06-16
High

CVE-2017-9735

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect p…

CVSS: 7.5 CWE: CWE-203 - Observable Discrepancy View on NVD
2017-06-08
Critical

CVE-2017-5878

The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serializ…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-06-06
Medium

CVE-2016-2192

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2016-0768

PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2016-0767

PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.

CVSS: 6.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2017-5664

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwa…

CVSS: 7.5 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2017-06-02
Critical

CVE-2017-9363

Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-05-25
Medium

CVE-2016-0781

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions p…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2017-05-23
High

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/se…

CVSS: 8.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2017-05-22
High

CVE-2017-1289

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive inform…

CVSS: 8.2 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2017-05-19
Critical

CVE-2017-7504

HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default in Red Hat Jboss Application Server <= Jboss 4.X does not restrict the classes fo…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-05-15
High

CVE-2016-8741

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 Authenticat…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-04-28
Medium

CVE-2016-7843

Directory traversal vulnerability in AttacheCase for Java 0.60 and earlier, AttacheCase Lite 1.4.6 and earlier, and AttacheCase Pro 1.5.7 and earlier allows remote attackers to read arbitrary files v…

CVSS: 5.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-04-27
Critical

CVE-2017-3066

Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a Java deserialization vulnerability in the Apache BlazeDS library. Successfu…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2017-04-24
Low

CVE-2017-3626

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerabili…

CVSS: 3.1 CWE: N/A View on NVD
Low

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed…

CVSS: 3.7 CWE: N/A View on NVD
Low

CVE-2017-3539

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121.…

CVSS: 3.1 CWE: N/A View on NVD
Low

CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embed…

CVSS: 3.7 CWE: N/A View on NVD
Medium

CVE-2017-3526

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8…

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2017-3514

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unaut…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2017-3512

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthentica…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2017-3511

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JR…

CVSS: 7.7 CWE: N/A View on NVD
Medium

CVE-2017-3509

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u12…

CVSS: 4.2 CWE: N/A View on NVD
Medium

CVE-2017-1000359

Java out of memory error and significant increase in resource consumption. Component: OpenDaylight odl-mdsal-xsql is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0.

CVSS: 5.3 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
High

CVE-2017-1000357

Denial of Service attack when the switch rejects to receive packets from the controller. Component: This vulnerability affects OpenDaylight odl-l2switch-switch, which is the feature responsible for t…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2017-04-14
High

CVE-2017-7717

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2017-7696

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_res…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2017-04-13
High

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD