# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-43358 |
22 |
|
Dir. Trav. |
2021-12-01 |
2021-12-02 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. |
2 |
CVE-2014-6524 |
|
|
|
2015-01-21 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |
3 |
CVE-2014-6521 |
|
|
|
2015-01-21 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. |
4 |
CVE-2014-6510 |
|
|
|
2015-01-21 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. |
5 |
CVE-2014-6508 |
|
|
|
2014-10-15 |
2014-11-19 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM). |
6 |
CVE-2014-6473 |
|
|
|
2014-10-15 |
2015-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. |
7 |
CVE-2014-4282 |
|
|
|
2014-10-15 |
2015-11-06 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. |
8 |
CVE-2014-4276 |
|
|
|
2014-10-15 |
2015-11-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). |
9 |
CVE-2013-5852 |
|
|
|
2013-10-16 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832. |
10 |
CVE-2013-5802 |
|
|
|
2013-10-16 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. |
11 |
CVE-2013-3753 |
|
|
|
2013-07-17 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework. |
12 |
CVE-2013-3750 |
|
|
|
2013-07-17 |
2013-07-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM |
13 |
CVE-2013-3748 |
|
|
|
2013-07-17 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover). |
14 |
CVE-2013-2461 |
|
|
Bypass |
2013-06-18 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." |
15 |
CVE-2013-2448 |
|
|
Bypass |
2013-06-18 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." |
16 |
CVE-2013-2445 |
|
|
Bypass |
2013-06-18 |
2022-05-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." |
17 |
CVE-2013-2442 |
|
|
|
2013-06-18 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468. |
18 |
CVE-2013-2430 |
|
|
|
2013-04-17 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. |
19 |
CVE-2013-2429 |
|
|
Mem. Corr. |
2013-04-17 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption. |
20 |
CVE-2013-2394 |
|
|
|
2013-04-17 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. |
21 |
CVE-2013-1563 |
|
|
|
2013-04-17 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. |
22 |
CVE-2013-0429 |
|
|
Bypass |
2013-02-02 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. |
23 |
CVE-2013-0423 |
|
|
|
2013-02-02 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. |
24 |
CVE-2013-0419 |
|
|
|
2013-02-02 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. |
25 |
CVE-2013-0351 |
|
|
|
2013-02-02 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. |
26 |
CVE-2012-5089 |
|
|
|
2012-10-16 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. |
27 |
CVE-2012-5084 |
|
|
|
2012-10-16 |
2022-05-13 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. |
28 |
CVE-2012-5068 |
|
|
|
2012-10-16 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
29 |
CVE-2012-3210 |
|
|
|
2012-10-17 |
2013-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel. |
30 |
CVE-2012-3204 |
|
|
|
2012-10-17 |
2013-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management. |
31 |
CVE-2012-3199 |
|
|
|
2012-10-17 |
2013-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension. |
32 |
CVE-2012-3189 |
|
|
|
2012-10-17 |
2013-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR. |
33 |
CVE-2012-3159 |
|
|
|
2012-10-16 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. |
34 |
CVE-2012-3125 |
|
|
|
2012-07-17 |
2017-08-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP. |
35 |
CVE-2012-3120 |
|
|
|
2012-07-17 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. |
36 |
CVE-2012-1711 |
|
|
|
2012-06-16 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. |
37 |
CVE-2012-0505 |
|
|
|
2012-02-15 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. |
38 |
CVE-2012-0503 |
|
|
|
2012-02-15 |
2022-05-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. |
39 |
CVE-2012-0217 |
119 |
|
Overflow +Priv |
2012-06-12 |
2020-09-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. |
40 |
CVE-2012-0094 |
|
|
|
2012-01-18 |
2018-01-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. |
41 |
CVE-2011-3556 |
|
|
|
2011-10-19 |
2018-01-06 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557. |
42 |
CVE-2011-3550 |
|
|
|
2011-10-19 |
2018-01-06 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. |
43 |
CVE-2011-3543 |
|
|
|
2011-10-18 |
2017-08-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM). |
44 |
CVE-2011-2287 |
|
|
|
2011-07-21 |
2011-10-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd. |
45 |
CVE-2011-2285 |
|
|
|
2011-07-21 |
2011-10-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer. |
46 |
CVE-2011-0866 |
|
|
|
2011-06-14 |
2018-10-30 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment. |
47 |
CVE-2011-0841 |
|
|
|
2011-04-20 |
2012-08-02 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP. |
48 |
CVE-2010-4457 |
|
|
|
2011-01-19 |
2017-08-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS. |
49 |
CVE-2010-4451 |
|
|
|
2011-02-17 |
2017-12-22 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. |
50 |
CVE-2010-4422 |
|
|
|
2011-02-17 |
2017-09-19 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |