Page 102 of 668 results (0.016 seconds)

CVSS: 10.0EPSS: 28%CPEs: 3EXPL: 0

CVE-2013-0402 – Oracle Java FLV Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-0402

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Un desbordamiento de búfer basado en memoria dinámica ('heap') en Oracle Java 7 Update v17 y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, como fue demostrado por VUPEN durante el concurso Pwn2Own en CanSecWest 2013. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FLV files. The issue lies in the parsing of a FLV file with two video tags using the On2 VP6 codec. • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15728 https://twitter.com/thezdi/status/309484730506698752 https://access.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 1

CVE-2013-1488 – Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-1488

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. El componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que implican reflexión, Libraries, "improper toString calls," y el administrador del controlador JDBC , como fue demostrado por James Forshaw durante una competencia de Pwn2Own en CanSecWest 2013. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. • https://www.exploit-db.com/exploits/26135 http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 96%CPEs: 174EXPL: 2

CVE-2013-1493 – Oracle Java cmmColorConvert Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-1493

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. La funcionalidad de la gestión de color (CMM) en el componente 2D en Oracle Java SE 7 Update v15 y anteriores, 6 Update 41 y anteriores, y v5.0 Update 40 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída) a través de una imagen con parámetros raster especialmente elaborados, lo que provoca (1) una lectura fuera de los límites o (2) la corrupción de memoria en la JVM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the sun.java2d.cmm.kcms.CMM.cmmColorConvert's native function. The issue lies in the handling of the destCMMImageLayout argument, which is not properly validated before being used. • https://www.exploit-db.com/exploits/24904 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 94%CPEs: 174EXPL: 0

CVE-2013-0809 – Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-0809

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Vulnerabilidad sin especificar en el componente 2D en el componente JRE en Oracle Java SE 7 Update 15 y anteriores, 6 Update 41 y anteriores y 5.0 Update 40 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-1493. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AWT mediaLib. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://rhn • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 1%CPEs: 98EXPL: 0

CVE-2013-1487 – JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)

https://notcve.org/view.php?id=CVE-2013-1487

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE 7 Update 13 y anteriores y 6 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.securityfocus.com/bid/58031 http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov/cas/techalerts/TA13-051A.html https://oval.cisecurity.org/repository/search/definition/oval& •