CVSS: 10.0EPSS: 1%CPEs: 49EXPL: 0CVE-2011-0817 – Oracle Java IE Browser Plugin Corrupted Window Procedure Hook Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0817
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 6 Update 25 y anteriores, cuando se ejecuta en Windows, permite a aplicaciones Java Web Start y Java applets no confiables afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Sun Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JP2IEXP.dll browser plugin. The module creates a window hook when an applet is instantiated within the context of a browser. • http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html http://marc.info/?l=bugtraq&m=132439520301822&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44930 http://www.ibm.com/developerworks/java/jdk/alerts http://www.oracle&# •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-0706
https://notcve.org/view.php?id=CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." La clase JNLPClassLoader en IcedTea-Web anterior a versión 1.0.1, tal y como es usado en OpenJDK Runtime Environment versión 1.6.0, permite a los atacantes remotos alcanzar privilegios por medio de vectores desconocidos relacionados con varios firmantes y la asignación de "an inappropriate security descriptor”. • http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://secunia.com/advisories/43350 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa-2224 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://www.securityfocus.com/bid/46439 https://bugzilla.r • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 161EXPL: 0CVE-2010-4469 – OpenJDK Hotspot verifier heap corruption (6878713)
https://notcve.org/view.php?id=CVE-2010-4469
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs." Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones remotas Java Web Start no confiables y subprogramas Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con HotSpot. NOTA: la información previa fue obtenida de febrero 2011 CPU. • http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/43350 http://secunia.com/advisories/49198 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa&# •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2010-4467 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4467
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v10 hasta v6 Update v23 permite a aplicaciones remotas Java Web Start no confiables y Java applets no confiables vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con JDBC. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://www.securityfocus.com/bid/46395 https://exchange.xforce.ibmcloud.com/vulnerabilities/65398 https& •
CVSS: 4.3EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4447 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4447
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones Java Web Start remotas no confiables y applets de Java no confiables afectar la confidencialidad a través de vectores desconocidos relacionados con Deployment, una vulnerabilidad diferente a CVE-2010-4475. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://secunia.com/advisories/49198 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/erra •