Filtered by vendor Redhat
Subscriptions
Filtered by product Network Satellite
Subscriptions
Total
757 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0085 | 2 Redhat, Sun | 7 Enterprise Linux, Network Satellite, Rhel Extras and 4 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. | ||||
| CVE-2010-0087 | 2 Redhat, Sun | 6 Network Satellite, Rhel Extras, Rhel Extras Sap and 3 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2010-0089 | 2 Redhat, Sun | 6 Network Satellite, Rhel Extras, Rhel Extras Sap and 3 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. | ||||
| CVE-2013-2420 | 3 Oracle, Redhat, Sun | 7 Jdk, Jre, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. | ||||
| CVE-2013-2422 | 3 Oracle, Redhat, Sun | 7 Jdk, Jre, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. | ||||
| CVE-2013-2424 | 3 Oracle, Redhat, Sun | 7 Jdk, Jre, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator. | ||||
| CVE-2013-2430 | 3 Oracle, Redhat, Sun | 8 Javafx, Jdk, Jre and 5 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code. | ||||
| CVE-2013-0401 | 2 Oracle, Redhat | 5 Jdk, Jre, Enterprise Linux and 2 more | 2025-04-11 | N/A |
| The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. | ||||
| CVE-2013-1481 | 3 Oracle, Redhat, Sun | 6 Jdk, Jre, Network Satellite and 3 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||||
| CVE-2012-4822 | 3 Ibm, Redhat, Tivoli Storage Productivity Center | 18 Java, Lotus Domino, Lotus Notes and 15 more | 2025-04-11 | N/A |
| Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." | ||||
| CVE-2012-4823 | 3 Ibm, Redhat, Tivoli Storage Productivity Center | 18 Java, Lotus Domino, Lotus Notes and 15 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." | ||||
| CVE-2013-2429 | 3 Oracle, Redhat, Sun | 7 Jdk, Jre, Enterprise Linux and 4 more | 2025-04-11 | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption. | ||||
| CVE-2020-2659 | 6 Canonical, Debian, Netapp and 3 more | 26 Ubuntu Linux, Debian Linux, Active Iq Unified Manager and 23 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2020-2604 | 7 Canonical, Debian, Mcafee and 4 more | 30 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 27 more | 2024-11-21 | 8.1 High |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-2593 | 7 Canonical, Debian, Mcafee and 4 more | 27 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 24 more | 2024-11-21 | 4.8 Medium |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2020-2583 | 7 Canonical, Debian, Mcafee and 4 more | 27 Ubuntu Linux, Debian Linux, Epolicy Orchestrator and 24 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2019-7317 | 11 Canonical, Debian, Hp and 8 more | 35 Ubuntu Linux, Debian Linux, Xp7 Command View and 32 more | 2024-11-21 | 5.3 Medium |
| png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | ||||
| CVE-2019-2999 | 6 Canonical, Debian, Netapp and 3 more | 21 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 18 more | 2024-11-21 | 4.7 Medium |
| Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2019-2996 | 3 Netapp, Oracle, Redhat | 16 E-series Santricity Os Controller, E-series Santricity Storage Manager, E-series Santricity Unified Manager and 13 more | 2024-11-21 | 4.2 Medium |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). | ||||
| CVE-2019-2992 | 6 Canonical, Debian, Netapp and 3 more | 21 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 18 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||