Filtered by vendor Oracle
Subscriptions
Filtered by product Glassfish Server
Subscriptions
Total
41 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-3608 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | ||||
CVE-2016-3607 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container. | ||||
CVE-2016-1950 | 5 Apple, Mozilla, Opensuse and 2 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2024-11-21 | N/A |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. | ||||
CVE-2015-7182 | 3 Mozilla, Oracle, Redhat | 11 Firefox, Network Security Services, Glassfish Server and 8 more | 2024-11-21 | N/A |
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. | ||||
CVE-2015-3237 | 3 Haxx, Hp, Oracle | 5 Curl, Libcurl, System Management Homepage and 2 more | 2024-11-21 | N/A |
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. | ||||
CVE-2013-1620 | 4 Canonical, Mozilla, Oracle and 1 more | 16 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 13 more | 2024-11-21 | N/A |
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. | ||||
CVE-2013-1508 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. | ||||
CVE-2012-3155 | 2 Oracle, Sun | 2 Glassfish Server, Java System Application Server | 2024-11-21 | N/A |
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. | ||||
CVE-2012-0551 | 3 Oracle, Redhat, Sun | 7 Glassfish Server, Jdk, Jre and 4 more | 2024-11-21 | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. | ||||
CVE-2012-0550 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. | ||||
CVE-2012-0104 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. | ||||
CVE-2012-0081 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. | ||||
CVE-2011-5035 | 2 Oracle, Redhat | 4 Glassfish Server, Enterprise Linux, Network Satellite and 1 more | 2024-11-21 | N/A |
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. | ||||
CVE-2011-3559 | 1 Oracle | 3 Communications Server, Glassfish Server, Java System Application Server | 2024-11-21 | N/A |
Unspecified vulnerability in Oracle Communications Server 2.0; GlassFish Enterprise Server 2.1.1, 3.0.1, and 3.1.1; and Sun Java System App Server 8.1 and 8.2 allows remote attackers to affect availability via unknown vectors related to Web Container. | ||||
CVE-2011-0807 | 2 Oracle, Sun | 2 Glassfish Server, Java System Application Server | 2024-11-21 | N/A |
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. | ||||
CVE-2010-4438 | 1 Oracle | 2 Glassfish Server, Java System Message Queue | 2024-11-21 | N/A |
Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Message Service (JMS). | ||||
CVE-2010-2397 | 1 Oracle | 2 Glassfish Server, Java System Application Server | 2024-11-21 | N/A |
Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. | ||||
CVE-2009-1554 | 2 Oracle, Sun | 2 Glassfish Server, Woodstock | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. | ||||
CVE-2009-1553 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2) configuration/configuration.jsf, (3) customMBeans/customMBeans.jsf, (4) resourceNode/resources.jsf, (5) sysnet/registration.jsf, or (6) webService/webServicesGeneral.jsf; or the name parameter to (7) configuration/auditModuleEdit.jsf, (8) configuration/httpListenerEdit.jsf, or (9) resourceNode/jdbcResourceEdit.jsf. | ||||
CVE-2008-5266 | 2 Oracle, Sun | 2 Glassfish Server, Java System Application Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751. |