2018-01-18 | CVE-2018-2602 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). | 4.5 |
2018-01-18 | CVE-2018-2599 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). | 4.8 |
2018-01-18 | CVE-2018-2588 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). | 4.3 |
2018-01-18 | CVE-2018-2581 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). | 4.7 |
2018-01-18 | CVE-2018-2579 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). | 3.7 |
2017-04-13 | CVE-2016-2104 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. | 6.1 |
2016-08-05 | CVE-2016-3097 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | 6.1 |
2016-08-05 | CVE-2016-3080 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes. | 6.1 |
2016-06-06 | CVE-2015-5041 | Information Exposure vulnerability in multiple products The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods. | 9.1 |
2016-06-03 | CVE-2016-0376 | The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. | 8.1 |