aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6640 items

CVE-2014-0376: Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote a

infovulnerability
security
Jan 15, 2014
CVE-2014-0376

CVE-2014-0376 is a vulnerability in Oracle Java SE and OpenJDK that affects the JAXP library (a tool for processing XML documents). The flaw allows remote attackers to compromise data integrity through improper permission checks when creating document builders, but only affects sandboxed Java applications like Web Start apps and applets. The specific details of the vulnerability were not fully disclosed by Oracle.

NVD/CVE Database

CVE-2013-2133: The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) bef

infovulnerability
security
Dec 6, 2013
CVE-2013-2133

CVE-2013-2133 is a security flaw in Red Hat JBossWS (a tool for building web services) used in JBoss Enterprise Application Platform (EAP) before version 6.2.0, where the EJB invocation handler (the component that processes method calls) fails to properly check access restrictions. This allows remote authenticated users (people with login credentials) to bypass security controls and access JAX-WS handlers (special functions that intercept web service requests) that should be restricted, simply by having permission to use the underlying EJB class.

CVE-2013-5851: Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attacke

infovulnerability
security
Oct 16, 2013
CVE-2013-5851

CVE-2013-5851 is an unspecified vulnerability in Oracle Java SE 7u40 and earlier versions that allows remote attackers to exploit the software. The vulnerability affects both standard Java SE and Java SE Embedded, meaning it impacts Java running on regular computers and also on smaller embedded devices (computers built into other products).

CVE-2013-5825: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRoc

infovulnerability
security
Oct 16, 2013
CVE-2013-5825

CVE-2013-5825 is an unspecified vulnerability in older versions of Oracle Java SE (a programming language and runtime environment) and related products that allows remote attackers to disrupt service availability through JAXP (Java API for XML Processing, a tool for handling XML data). The vulnerability can be triggered through sandboxed Java Web Start applications, Java applets, or by sending data directly to affected APIs.

CVE-2013-5820: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and ea

infovulnerability
security
Oct 16, 2013
CVE-2013-5820

A security flaw in Oracle Java SE versions 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier affects the integrity of data through JAX-WS (Java API for XML Web Services, a tool for building web services). The vulnerability can only be exploited through sandboxed Java Web Start applications and sandboxed Java applets (programs that run in a restricted environment within a web browser).

CVE-2013-5802: Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRoc

infovulnerability
security
Oct 16, 2013
CVE-2013-5802

CVE-2013-5802 is an unspecified vulnerability in multiple versions of Oracle Java SE (Java Standard Edition, the main version of Java used by developers) and related Java products that allows remote attackers to compromise confidentiality (keeping data private), integrity (keeping data accurate), and availability (keeping systems running). The vulnerability can be exploited through JAXP (Java API for XML Processing, a tool for handling XML data), including through compromised Java Web Start applications and Java applets (small programs that run in web browsers).

CVE-2013-2415: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and

lowvulnerability
security
Apr 17, 2013
CVE-2013-2415

CVE-2013-2415 is an unspecified vulnerability in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, that affects the JAX-WS (Java API for XML Web Services, a tool for building web services) component and may leak sensitive information. The vulnerability requires local access (an attacker already on your computer) to exploit and cannot be used through untrusted applets or Java Web Start applications.

CVE-2013-1518: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 U

highvulnerability
security
Apr 17, 2013
CVE-2013-1518

A vulnerability exists in Oracle Java SE versions 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier, as well as OpenJDK 6 and 7, related to JAXP (Java API for XML Processing, a tool for handling XML documents). Remote attackers can exploit this unspecified flaw to compromise the confidentiality, integrity, and availability of affected systems.

CVE-2013-0454: The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.

infovulnerability
security
Mar 26, 2013
CVE-2013-0454

A security flaw in Samba 3.6.x (a software that allows file sharing between computers) before version 3.6.6 fails to properly enforce SMB2 share attributes (settings that control how network shares behave). This allows authenticated users (those with valid login credentials) to write to shares marked as read-only, cause data integrity issues with file locking mechanisms, or exploit incorrect handling of visibility settings.

CVE-2013-0435: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 th

infovulnerability
security
Feb 2, 2013
CVE-2013-0435

CVE-2013-0435 is a security flaw in Oracle Java SE 6 and 7 (specifically versions 6 through Update 38, and 7 through Update 11) related to JAX-WS (a Java web services framework) that could allow attackers to access sensitive information. The vulnerability only affects client-side Java deployments and can be exploited through untrusted Java Web Start applications (programs downloaded and run through Java) and untrusted Java applets (small programs embedded in web pages), though these run with limited privileges in a sandbox (a restricted environment).

CVE-2013-0434: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 throu

infovulnerability
security
Feb 2, 2013
CVE-2013-0434

A security flaw was found in Oracle Java SE versions 7 (up to Update 11), 6 (up to Update 38), and older versions, as well as OpenJDK, that could let remote attackers (people attacking from outside your system) access sensitive information through JAXP (Java API for XML Processing, a tool for handling XML files). The exact nature of the vulnerability was not publicly detailed by Oracle, though another vendor suggested it involved a publicly accessible method in JAXP that could expose private data.

CVE-2012-4850: IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate req

infovulnerability
security
Nov 14, 2012
CVE-2012-4850

IBM WebSphere Application Server 8.5 Liberty Profile before version 8.5.0.1 has a security flaw in its JAX-RS component (a tool for building web services) that fails to properly validate incoming requests, allowing attackers to gain unauthorized access. The vulnerability is caused by improper input validation (CWE-20, where the system doesn't properly check data before using it).

CVE-2012-5076: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

criticalvulnerability
security
Oct 16, 2012
CVE-2012-5076EPSS: 91.7%🔥 Actively Exploited

CVE-2012-5074: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

highvulnerability
security
Oct 16, 2012
CVE-2012-5074

CVE-2012-5074 is an unspecified vulnerability in Oracle Java SE 7 Update 7 and earlier versions that affects the Java Runtime Environment (JRE, the software that runs Java programs on your computer). The vulnerability can only be exploited through untrusted Java Web Start applications and untrusted Java applets (small programs that run in web browsers), which are limited by the Java sandbox (a restricted environment that prevents programs from accessing sensitive system resources).

CVE-2012-4604: The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentica

infovulnerability
security
Aug 23, 2012
CVE-2012-4604

CVE-2012-4604 is a flaw in Websense Web Security's TRITON management console that allows attackers to bypass authentication (the process of verifying a user's identity) and access reports they shouldn't see by manipulating cookie fields, specifically the uid and userRoles parameters. The vulnerability affects versions before 7.6 Hotfix 24.

CVE-2011-5102: The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109,

infovulnerability
security
Aug 23, 2012
CVE-2011-5102

A vulnerability in the Investigative Reports web interface of Websense Web Security's TRITON management console allows remote attackers (people without authorized access) to execute commands on the system through unspecified vectors (unknown attack methods). The flaw affects multiple versions of Websense Web Security, Web Filter, Web Security Gateway, and Web Security Gateway Anywhere.

CVE-2012-1724: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and

infovulnerability
security
Jun 16, 2012
CVE-2012-1724

A security flaw exists in Java Runtime Environment (JRE, the software that runs Java programs) versions 7 update 4 and earlier, and version 6 update 32 and earlier, that allows attackers over the internet to disrupt service availability through an unspecified vulnerability related to JAXP (Java API for XML Processing, a tool for handling XML data). The exact nature of the vulnerability was not fully detailed in the advisory.

CVE-2011-1377: The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Serve

infovulnerability
security
Jan 15, 2012
CVE-2011-1377

CVE-2011-1377 is a vulnerability in the Web Services Security component of IBM WebSphere Application Server (WAS) version 6.1 where the Web Services Feature Pack before version 6.1.0.41 does not properly handle enabling WS-Security (a security standard for web services) for JAX-WS applications, potentially causing unspecified security impacts. The vulnerability has an unknown severity rating and the specific attack methods are not detailed in this source.

CVE-2011-5042: Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in SASHA 0.2.0 allows remote attackers to inject arbitr

infovulnerability
security
Dec 30, 2011
CVE-2011-5042

SASHA 0.2.0 contains a cross-site scripting (XSS) vulnerability, a type of security flaw where attackers can inject malicious code into web pages, in its lib.base.php file through the instructors parameter. This allows attackers to inject arbitrary web scripts or HTML code that could compromise users visiting the affected application.

CVE-2011-4160: Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Sola

infovulnerability
security
Nov 23, 2011
CVE-2011-4160

CVE-2011-4160 is an unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 running on multiple operating systems (AIX, HP-UX, Linux, and Solaris) that allows local users (people with access to the same computer) to bypass directory-access restrictions through unknown methods. The vulnerability has a CVSS score (a 0-10 rating of how severe a security flaw is) of 4.0.

Previous329 / 332Next
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Update IBM WebSphere Application Server 8.5 Liberty Profile to version 8.5.0.1 or later.

NVD/CVE Database

CVE-2012-5076 is a vulnerability in Oracle Java SE 7 Update 7 and earlier versions that affects the JAX-WS (Java web services framework) component in the Java Runtime Environment. Remote attackers could exploit this flaw to compromise confidentiality (reading data), integrity (modifying data), and availability (disrupting service) of affected systems.

Fix: Apply updates per vendor instructions. The source references Oracle's October 2012 security advisory (http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html) as a patch vendor advisory with available fixes.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Apply the appropriate hotfix for your version: Hotfix 109 for version 7.1, Hotfix 06 for version 7.1.1, Hotfix 78 for version 7.5, Hotfix 12 for version 7.5.1, Hotfix 24 for version 7.6, and Hotfix 12 for version 7.6.2. Consult Websense vendor advisories for installation instructions.

NVD/CVE Database
NVD/CVE Database

Fix: Upgrade the Web Services Feature Pack to version 6.1.0.41 or later for IBM WebSphere Application Server 6.1.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database