CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2013-1484 – Oracle Java setUncaughtExceptionHandler Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1484
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las bibliotecas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within java.lang.Thread's setUncaughtExceptionHandler method allowing for a callback to be run with using the JDK's access control context. This allows a malicious applet to execute attacker supplied code resulting in remote code execution under the context of the process. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov& •
CVSS: 7.5EPSS: 4%CPEs: 22EXPL: 0CVE-2013-1485 – Oracle Java doPrivilegedWithCombiner Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1485
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores permite a atacantes remotos para afectar la integridad a través de vectores desconocidos relacionados con las bibliotecas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or run a malicious file. The specific bypass exists within usage of MethodHandles invoking AccessController.doPrivilegedWithCombiner. This allows a malicious applet to execute attacker supplied code resulting in remote code execution under the context of the process. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov& •
CVSS: 10.0EPSS: 1%CPEs: 170EXPL: 0CVE-2013-1486 – OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
https://notcve.org/view.php?id=CVE-2013-1486
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores, 6 Update 39 y anteriores, y v5.0 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455. •
CVSS: 6.4EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0432 – OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
https://notcve.org/view.php?id=CVE-2013-0432
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la integridad mediante vectores relacionados con AWT. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/e46d557465da http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •
CVSS: 7.6EPSS: 1%CPEs: 94EXPL: 0CVE-2013-0423 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2013-0423
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con Deplyment, una vulnerabilidad diferente a otros CVEs listandos en el February 2013 CPU. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •