Vulnerabilities > Oracle > Glassfish Server > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-10-17 | CVE-2018-3152 | Unspecified vulnerability in Oracle Glassfish Server 3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). | 7.5 |
2018-10-17 | CVE-2018-2911 | Unspecified vulnerability in Oracle Glassfish Server 3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). | 8.3 |
2017-10-19 | CVE-2017-10391 | Unspecified vulnerability in Oracle Glassfish Server 3.0.1/3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). | 7.3 |
2017-07-17 | CVE-2017-1000029 | Information Exposure vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. | 7.5 |
2017-07-17 | CVE-2017-1000028 | Path Traversal vulnerability in Oracle Glassfish Server 4.1 Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | 7.5 |
2017-01-27 | CVE-2017-3250 | Information Exposure vulnerability in Oracle Glassfish Server 2.1.1/3.0.1/3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). | 7.3 |
2017-01-27 | CVE-2017-3249 | Unspecified vulnerability in Oracle Glassfish Server 2.1.1/3.0.1/3.1.2 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). | 7.3 |
2016-10-25 | CVE-2016-5519 | Unspecified vulnerability in Oracle Glassfish Server 2.1.1/3.0.1/3.1.2 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces. | 8.8 |
2016-03-13 | CVE-2016-1950 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | 8.8 |