CVSS: 10.0EPSS: 6%CPEs: 94EXPL: 0CVE-2012-1541 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2012-1541
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con Deployment, una vulnerabilidad diferente a otros CVEs listados en el February 2013 CPU. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0426 – OpenJDK: logging insufficient access control checks (Libraries, 6664528)
https://notcve.org/view.php?id=CVE-2013-0426
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, y v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialiad, integridad y disponibilidad mediante vectores desconocidos relacionados con Libraries, una vulnerabilidad diferente a CVE-2013-0425 y CVE-2013-0428. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0425 – OpenJDK: logging insufficient access control checks (Libraries, 6664509)
https://notcve.org/view.php?id=CVE-2013-0425
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Vulnerabilidad sin especificar en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 a la Update 11, 6 a la Update 38, y v5.0 a la Update 38, y v1.4.2_40 y anteriores, permite que atacantes remotos comprometan la integridad, confidencialidad y disponibilidad a través de vectores no especificados relacionados con "Libraries". Vulnerabilidad distinta de CVE-2013-0428 y CVE-2013-0426. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •
CVSS: 5.0EPSS: 1%CPEs: 164EXPL: 0CVE-2013-0433 – OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
https://notcve.org/view.php?id=CVE-2013-0433
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. Vulnerabilidad sin especificar en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 a la Update 11, 6 a la Update 38, y v5.0 a la Update 38, permite que atacantes remotos comprometan la integridad a través de vectores no especificados relacionados con el "Networking". • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn. •
CVSS: 7.6EPSS: 1%CPEs: 94EXPL: 0CVE-2013-0419 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2013-0419
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Vulnerabilidad sin especificar en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 a la Update 11, 6 a la Update 38, permite que atacantes remotos comprometan la integridad, confidencialidad y disponibilidad a través de vectores no especificados relacionados con "Deployment". Vulnerabilidad distinta de otros CVEs listados en febrero de 2003. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •