Skip to main content

57 docs tagged with "Java"

View all tags

CVE-2000-1099

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted J

CVE-2000-1117

The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 a

CVE-2007-0114

Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive

CVE-2008-0239

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 thro

CVE-2008-0240

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows rem

CVE-2008-0241

Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 throu

CVE-2010-0272

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attacke

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attacker

CVE-2012-0391

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whit

CVE-2012-0393

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public

CVE-2012-4549

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enter

CVE-2012-4550

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based a

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear

CVE-2012-4821

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1

CVE-2012-4822

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1

CVE-2012-4823

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and ear

CVE-2013-0422

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitra

CVE-2013-4517

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attacke

CVE-2013-6430

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring

CVE-2013-7250

Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.

CVE-2016-1000027

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue i

CVE-2017-1681

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacke

CVE-2017-8046

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingall

CVE-2018-1000406

A path traversal vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/

CVE-2018-1000407

A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in

CVE-2018-1000408

A denial of service vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in co

CVE-2018-1000409

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in cor

CVE-2018-1000410

An information exposure vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier,

CVE-2018-1000411

A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestOb

CVE-2018-1000412

An improper authorization vulnerability exists in Jenkins Jira Plugin 3.0.1 and earlier in JiraSite.

CVE-2018-1000414

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and ear

CVE-2018-1000417

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and

CVE-2018-1000418

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha

CVE-2018-1000419

An improper authorization vulnerability exists in Jenkins HipChat Plugin 2.2.0 and earlier in HipCha

CVE-2018-1000420

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl

CVE-2018-1000421

An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCl

CVE-2018-1000422

An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earli

CVE-2018-1000423

An insufficiently protected credentials vulnerability exists in Jenkins Crowd 2 Integration Plugin 2

CVE-2018-1000424

An insufficiently protected credentials vulnerability exists in Jenkins Artifactory Plugin 2.16.1 an

CVE-2018-1000425

An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComple

CVE-2018-16169

Cybozu Remote Service 3.0.0 to 3.1.0 allows remote authenticated attackers to upload and execute Jav

CVE-2018-16171

Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to

CVE-2019-3576

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure

CVE-2019-5312

An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc

CVE-2019-5748

In Traccar Server version 4.2, protocol/SpotProtocolDecoder.java might allow XXE attacks.

CVE-2020-0001

In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. Th

CVE-2020-17534

There exists a race condition between the deletion of the temporary file and the creation of the tem

CVE-2020-26118

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introdu

CVE-2021-0317

In createOrUpdate of Permission.java and related code, there is possible permission escalation due t

CVE-2022-4878

A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of

CVE-2023-0017

An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access cont

CVE-2023-29051

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java

CVE-2023-51805

SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain se

CVE-2023-5880

When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into

CVE-2024-21634

Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential d