CVE-2018-1656
- EPSS 4.51%
- Veröffentlicht 20.08.2018 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:00:08
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
CVE-2018-12539
- EPSS 0.49%
- Veröffentlicht 14.08.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:23
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native ...
CVE-2018-8032
- EPSS 10.55%
- Veröffentlicht 02.08.2018 13:29:00
- Zuletzt bearbeitet 08.05.2025 18:13:51
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2018-1000613
- EPSS 4.77%
- Veröffentlicht 09.07.2018 20:29:00
- Zuletzt bearbeitet 12.05.2025 17:37:16
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv...
CVE-2018-11039
- EPSS 2.78%
- Veröffentlicht 25.06.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:32
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring ...
CVE-2018-1257
- EPSS 3.28%
- Veröffentlicht 11.05.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:28
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...
CVE-2018-2750
- EPSS 1.46%
- Veröffentlicht 19.04.2018 02:29:01
- Zuletzt bearbeitet 21.11.2024 04:04:22
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows unauthenticated atta...
CVE-2017-10091
- EPSS 1.61%
- Veröffentlicht 08.08.2017 15:29:02
- Zuletzt bearbeitet 13.05.2026 00:24:29
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily exploitable vulnerability allows low pr...
CVE-2017-9735
- EPSS 5.8%
- Veröffentlicht 16.06.2017 21:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
CVE-2017-3518
- EPSS 2.52%
- Veröffentlicht 24.04.2017 19:59:03
- Zuletzt bearbeitet 13.05.2026 00:24:29
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability allo...