CVE-2013-1493

Public exploit
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
Max CVSS
10.0
EPSS Score
96.60%
Published
2013-03-05
Updated
2022-05-13

CVE-2012-0507

Known exploited
Public exploit
Used for ransomware
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
Max CVSS
10.0
EPSS Score
97.32%
Published
2012-06-07
Updated
2022-05-13
CISA KEV Added
2022-03-03
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
Max CVSS
10.0
EPSS Score
17.38%
Published
2010-10-19
Updated
2018-10-30

CVE-2010-0361

Public exploit
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
Max CVSS
10.0
EPSS Score
95.11%
Published
2010-01-20
Updated
2011-04-28
Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
Max CVSS
10.0
EPSS Score
0.63%
Published
2009-12-11
Updated
2009-12-14
Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.
Max CVSS
10.0
EPSS Score
2.88%
Published
2008-12-19
Updated
2011-03-08
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
Max CVSS
10.0
EPSS Score
4.60%
Published
2008-11-10
Updated
2017-09-29
Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors.
Max CVSS
9.0
EPSS Score
0.53%
Published
2008-10-23
Updated
2017-08-08
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
Max CVSS
10.0
EPSS Score
24.77%
Published
2008-10-21
Updated
2018-10-30
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
9.29%
Published
2008-05-12
Updated
2018-10-30
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
Max CVSS
10.0
EPSS Score
1.23%
Published
2009-06-01
Updated
2017-08-17
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.
Max CVSS
9.3
EPSS Score
0.07%
Published
2009-06-01
Updated
2009-06-02
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
Max CVSS
10.0
EPSS Score
4.49%
Published
2003-05-05
Updated
2018-10-30
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
Max CVSS
10.0
EPSS Score
17.22%
Published
2003-04-02
Updated
2018-10-30
Denial of service in BIND by improperly closing TCP sessions via so_linger.
Max CVSS
10.0
EPSS Score
0.81%
Published
1999-11-10
Updated
2018-10-30
Denial of service in BIND named via malformed SIG records.
Max CVSS
10.0
EPSS Score
1.92%
Published
1999-11-10
Updated
2018-10-30
Denial of service by sending forged ICMP unreachable packets.
Max CVSS
10.0
EPSS Score
1.26%
Published
1992-07-21
Updated
2022-08-17
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
Max CVSS
10.0
EPSS Score
1.26%
Published
1998-07-15
Updated
2022-08-17
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
Max CVSS
10.0
EPSS Score
1.15%
Published
1998-04-08
Updated
2018-10-30
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!