CVE-2011-5035

Public exploit
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
Max CVSS
5.0
EPSS Score
2.52%
Published
2011-12-30
Updated
2018-01-06
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.
Max CVSS
6.8
EPSS Score
17.19%
Published
2011-12-15
Updated
2023-12-20
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker segment in a JPEG2000 file.
Max CVSS
6.8
EPSS Score
12.32%
Published
2011-12-15
Updated
2023-12-20
Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.3
EPSS Score
1.65%
Published
2011-12-30
Updated
2019-03-08
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container.
Max CVSS
7.8
EPSS Score
1.34%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.
Max CVSS
6.8
EPSS Score
3.83%
Published
2011-10-19
Updated
2018-01-06

CVE-2011-3556

Public exploit
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
Max CVSS
7.5
EPSS Score
45.91%
Published
2011-10-19
Updated
2018-01-06
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Max CVSS
9.3
EPSS Score
1.34%
Published
2011-10-19
Updated
2018-01-06
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
Max CVSS
5.0
EPSS Score
0.55%
Published
2011-10-19
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
Max CVSS
5.8
EPSS Score
0.46%
Published
2011-10-19
Updated
2022-05-13
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
Max CVSS
10.0
EPSS Score
61.67%
Published
2011-10-19
Updated
2018-01-06
Unspecified vulnerability in the Sun Ray component in Oracle Virtualization 4.0 allows remote attackers to affect integrity, related to Authentication. NOTE: this identifier was inadvertently used for an Oracle Industry Applications issue involving TMS Help, but that issue has been assigned CVE-2011-2323.
Max CVSS
6.8
EPSS Score
0.70%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem.
Max CVSS
7.8
EPSS Score
0.12%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad).
Max CVSS
5.0
EPSS Score
1.37%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).
Max CVSS
5.0
EPSS Score
1.37%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality and integrity, related to Job Profile Manager (JPM).
Max CVSS
5.5
EPSS Score
0.15%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0.2, 6.0.0.3, and 6.0.0.4 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal.
Max CVSS
5.0
EPSS Score
0.41%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProfile.
Max CVSS
5.5
EPSS Score
0.21%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Candidate Gateway.
Max CVSS
5.5
EPSS Score
0.15%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.
Max CVSS
6.5
EPSS Score
0.49%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Siebel Core - UIF Client component in Oracle Siebel CRM 8.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Interface.
Max CVSS
5.5
EPSS Score
0.11%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Sun Products Suite 8.0 allows remote attackers to affect availability via unknown vectors related to Authentication.
Max CVSS
7.8
EPSS Score
1.20%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
6.5
EPSS Score
0.26%
Published
2011-10-18
Updated
2017-08-29
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4.0, 10.0.2.0, 10.3.3.0, 10.3.4.0, and 10.3.5.0 allows remote attackers to affect confidentiality via unknown vectors related to Web Services.
Max CVSS
5.0
EPSS Score
0.37%
Published
2011-10-18
Updated
2011-12-24
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security.
Max CVSS
5.5
EPSS Score
0.15%
Published
2011-10-18
Updated
2017-09-09
122 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!