CVE-2012-0217

Public exploit
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Max CVSS
7.2
EPSS Score
0.06%
Published
2012-06-12
Updated
2020-09-28

CVE-2011-3556

Public exploit
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
Max CVSS
7.5
EPSS Score
45.91%
Published
2011-10-19
Updated
2018-01-06

CVE-2010-0842

Public exploit
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
Max CVSS
7.5
EPSS Score
96.98%
Published
2010-04-01
Updated
2018-10-30

CVE-2010-0840

Known exploited
Public exploit
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
Max CVSS
7.5
EPSS Score
94.41%
Published
2010-04-01
Updated
2018-10-30
CISA KEV Added
2022-05-25

CVE-2010-0094

Public exploit
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
Max CVSS
7.5
EPSS Score
93.67%
Published
2010-04-01
Updated
2018-10-10

CVE-1999-0517

Public exploit
An SNMP community name is the default (e.g. public), null, or missing.
Max CVSS
7.5
EPSS Score
45.45%
Published
1997-01-01
Updated
2022-08-17

CVE-1999-0502

Public exploit
A Unix account has a default, null, blank, or missing password.
Max CVSS
7.5
EPSS Score
1.30%
Published
1998-03-01
Updated
2022-08-17
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
Max CVSS
7.8
EPSS Score
0.35%
Published
2021-12-01
Updated
2021-12-02
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2020-03-27
Updated
2021-07-21
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
Max CVSS
7.8
EPSS Score
0.60%
Published
2016-03-26
Updated
2017-05-12
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
Max CVSS
7.8
EPSS Score
0.29%
Published
2016-03-26
Updated
2016-12-03
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
Max CVSS
7.8
EPSS Score
0.21%
Published
2016-03-26
Updated
2016-12-03
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
Max CVSS
7.1
EPSS Score
0.57%
Published
2016-03-26
Updated
2017-05-12
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
Max CVSS
7.8
EPSS Score
1.21%
Published
2016-04-06
Updated
2016-12-03
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
Max CVSS
7.8
EPSS Score
0.57%
Published
2016-03-03
Updated
2016-12-03
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.
Max CVSS
7.2
EPSS Score
0.04%
Published
2015-01-21
Updated
2016-12-07
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).
Max CVSS
7.8
EPSS Score
0.62%
Published
2014-10-15
Updated
2014-11-19
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-10-15
Updated
2015-11-06
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-10-15
Updated
2015-11-06
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).
Max CVSS
7.5
EPSS Score
0.56%
Published
2014-10-15
Updated
2015-11-06
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.
Max CVSS
7.6
EPSS Score
1.18%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Max CVSS
7.5
EPSS Score
9.96%
Published
2013-10-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
Max CVSS
7.8
EPSS Score
0.62%
Published
2013-07-17
Updated
2017-08-29
430 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!