cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2014-8873,https://securityvulnerability.io/vulnerability/CVE-2014-8873,,"A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file.",Oracle,Openjdk,,,0.009189999662339687,false,false,false,false,,false,false,2015-11-09T16:00:00.000Z,0
CVE-2014-2405,https://securityvulnerability.io/vulnerability/CVE-2014-2405,,"Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.",Oracle,Openjdk,,,0.008080000057816505,false,false,false,false,,false,false,2014-05-14T00:00:00.000Z,0
CVE-2014-0462,https://securityvulnerability.io/vulnerability/CVE-2014-0462,,"Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.",Oracle,Openjdk,,,0.008080000057816505,false,false,false,false,,false,false,2014-05-14T00:00:00.000Z,0
CVE-2014-1876,https://securityvulnerability.io/vulnerability/CVE-2014-1876,,"The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log.",Oracle,Openjdk,,,0.0004400000034365803,false,false,false,false,,false,false,2014-02-10T23:00:00.000Z,0
CVE-2012-5373,https://securityvulnerability.io/vulnerability/CVE-2012-5373,,"Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.",Oracle,"Jdk,Jre,Openjdk",,,0.00215999991632998,false,false,false,false,,false,false,2012-11-28T11:00:00.000Z,0
CVE-2009-3882,https://securityvulnerability.io/vulnerability/CVE-2009-3882,,"Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to ""information leaks in mutable variables,"" aka Bug Id 6657026.",Oracle,Openjdk,,,0.008539999835193157,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-3884,https://securityvulnerability.io/vulnerability/CVE-2009-3884,,"The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.",Oracle,"Jre,Openjdk",,,0.007379999849945307,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-3728,https://securityvulnerability.io/vulnerability/CVE-2009-3728,,"Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.",Oracle,"Jre,Openjdk",,,0.006949999835342169,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-3879,https://securityvulnerability.io/vulnerability/CVE-2009-3879,,"Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057.",Oracle,"Jre,Openjdk",,,0.007679999805986881,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-3880,https://securityvulnerability.io/vulnerability/CVE-2009-3880,,"The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512.",Oracle,"Jre,Openjdk",,,0.005200000014156103,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-3881,https://securityvulnerability.io/vulnerability/CVE-2009-3881,,"Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an ""information leak vulnerability,"" aka Bug Id 6636650.",Oracle,"Jre,Openjdk",,,0.018859999254345894,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-3883,https://securityvulnerability.io/vulnerability/CVE-2009-3883,,"Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to ""information leaks in mutable variables,"" aka Bug Id 6657138.",Oracle,Openjdk,,,0.01310999970883131,false,false,false,false,,false,false,2009-11-09T19:00:00.000Z,0
CVE-2009-2475,https://securityvulnerability.io/vulnerability/CVE-2009-2475,,"Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673.",Oracle,"Java Se,Openjdk",,,0.00810999982059002,false,false,false,false,,false,false,2009-08-10T18:00:00.000Z,0
CVE-2009-2690,https://securityvulnerability.io/vulnerability/CVE-2009-2690,,"The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.",Oracle,"Openjdk,Java Se",,,0.006479999981820583,false,false,false,false,,false,false,2009-08-10T18:00:00.000Z,0
CVE-2009-2476,https://securityvulnerability.io/vulnerability/CVE-2009-2476,,"The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.",Oracle,"Openjdk,Java Se",,,0.011889999732375145,false,false,false,false,,false,false,2009-08-10T18:00:00.000Z,0
CVE-2009-2689,https://securityvulnerability.io/vulnerability/CVE-2009-2689,,"JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.",Oracle,"Java Se,Openjdk",,,0.015159999951720238,false,false,false,false,,false,false,2009-08-10T18:00:00.000Z,0
CVE-2009-1896,https://securityvulnerability.io/vulnerability/CVE-2009-1896,,"The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.",Oracle,Openjdk,,,0.008580000139772892,false,false,false,false,,false,false,2009-08-10T18:00:00.000Z,0
CVE-2009-0794,https://securityvulnerability.io/vulnerability/CVE-2009-0794,,"Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line.",Oracle,Openjdk,,,0.04749000072479248,false,false,false,false,,false,false,2009-04-13T16:00:00.000Z,0
CVE-2009-0793,https://securityvulnerability.io/vulnerability/CVE-2009-0793,,"cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for ""transformations of monochrome profiles.""",Oracle,"Openjdk,Lcms",,,0.07430999726057053,false,false,false,false,,false,false,2009-04-09T15:00:00.000Z,0