Page 101 of 648 results (0.008 seconds)

CVSS: 10.0EPSS: 94%CPEs: 174EXPL: 0

CVE-2013-0809 – Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-0809

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Vulnerabilidad sin especificar en el componente 2D en el componente JRE en Oracle Java SE 7 Update 15 y anteriores, 6 Update 41 y anteriores y 5.0 Update 40 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-1493. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AWT mediaLib. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://rhn • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 1%CPEs: 98EXPL: 0

CVE-2013-1487 – JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)

https://notcve.org/view.php?id=CVE-2013-1487

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE 7 Update 13 y anteriores y 6 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.securityfocus.com/bid/58031 http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov/cas/techalerts/TA13-051A.html https://oval.cisecurity.org/repository/search/definition/oval& •

CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0

CVE-2013-1484 – Oracle Java setUncaughtExceptionHandler Security Manager Bypass Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-1484

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las bibliotecas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within java.lang.Thread's setUncaughtExceptionHandler method allowing for a callback to be run with using the JDK's access control context. This allows a malicious applet to execute attacker supplied code resulting in remote code execution under the context of the process. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov& •

CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0

CVE-2013-1485 – Oracle Java doPrivilegedWithCombiner Security Manager Bypass Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-1485

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores permite a atacantes remotos para afectar la integridad a través de vectores desconocidos relacionados con las bibliotecas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specific bypass exists within usage of MethodHandles invoking AccessController.doPrivilegedWithCombiner. This allows a malicious applet to execute attacker supplied code resulting in remote code execution under the context of the process. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov& •

CVSS: 10.0EPSS: 1%CPEs: 170EXPL: 0

CVE-2013-1486 – OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)

https://notcve.org/view.php?id=CVE-2013-1486

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores, 6 Update 39 y anteriores, y v5.0 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455. •