Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Product filter

Glassfish Server Subscribe

Filter

38 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-3626 1 Oracle 1 Glassfish Server 2019-10-03 2.6
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network...
CVE-2018-3210 1 Oracle 1 Glassfish Server 2019-10-03 5.0
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2018-2911 1 Oracle 1 Glassfish Server 2019-10-03 6.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2017-10385 1 Oracle 1 Glassfish Server 2019-10-03 6.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2017-10400 1 Oracle 1 Glassfish Server 2019-10-03 5.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated...
CVE-2017-3247 1 Oracle 1 Glassfish Server 2019-10-03 4.3
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-3152 1 Oracle 1 Glassfish Server 2019-10-03 5.0
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network...
CVE-2017-10393 1 Oracle 1 Glassfish Server 2019-10-03 6.8
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2017-10391 1 Oracle 1 Glassfish Server 2019-10-03 7.5
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2018-14324 1 Oracle 1 Glassfish Server 2019-05-20 10.0
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations,...
CVE-2017-1000028 1 Oracle 1 Glassfish Server 2019-05-03 5.0
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
CVE-2016-1950 5 Mozilla, Apple, Oracle and 2 more 15 Glassfish Server, Firefox Esr, Iplanet Web Proxy Server and 12 more 2019-03-08 6.8
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code...
CVE-2015-3237 3 Hp, Haxx, Oracle 5 Enterprise Manager Ops Center, System Management Homepage, Curl and 2 more 2018-10-17 6.4
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
CVE-2008-5266 2 Oracle, Sun 2 Glassfish Server, Java System Application Server 2018-10-11 4.3
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject...
CVE-2008-2751 2 Oracle, Sun 2 Glassfish Server, Java System Application Server 2018-10-11 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.1_01 allow remote attackers to inject arbitrary web script or HTML via the (1)...
CVE-2009-1553 1 Oracle 1 Glassfish Server 2018-10-10 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Console in Sun GlassFish Enterprise Server 2.1 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) applications/applications.jsf, (2)...
CVE-2012-0551 2 Oracle, Sun 5 Jdk, Glassfish Server, Jre and 2 more 2018-01-18 5.8
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1,...
CVE-2011-5035 1 Oracle 1 Glassfish Server 2018-01-06 5.0
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash...
CVE-2012-0550 1 Oracle 1 Glassfish Server 2017-12-07 6.8
Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...
CVE-2015-7182 2 Mozilla, Oracle 8 Glassfish Server, Firefox Esr, Iplanet Web Proxy Server and 5 more 2017-11-04 7.5
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to...