CVSS: 5.0EPSS: 6%CPEs: 241EXPL: 0CVE-2013-0440 – OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
https://notcve.org/view.php?id=CVE-2013-0440
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 hasta Update 11, versión 6 hasta Update 38, versión 5.0 hasta Update 38, y versión 1.4.2_40 y anteriores, y OpenJDK versión 7 de Oracle, permite a los atacantes remotos afectar la disponibilidad por medio de vectores relacionados con JSSE. NOTA: la información anterior es de la CPU de febrero de 2013. • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/5c1e8b779c65 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2&# •
CVSS: 7.6EPSS: 4%CPEs: 164EXPL: 0CVE-2013-0429 – OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
https://notcve.org/view.php?id=CVE-2013-0429
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, y v5.0 hasta Update 38 permite a atacantes remotos afectar la confidencialiad, integridad y disponibilidad mediante vectores relacionados con CORBA. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/c1ed8145c1b8 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http:/& •
CVSS: 5.0EPSS: 0%CPEs: 241EXPL: 0CVE-2013-0434 – OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
https://notcve.org/view.php?id=CVE-2013-0434
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialidad mediante vectores relacionados con JAXP. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&am •
CVSS: 10.0EPSS: 1%CPEs: 29EXPL: 0CVE-2013-0437 – JDK: unspecified vulnerability fixed in 7u13 (2D)
https://notcve.org/view.php?id=CVE-2013-0437
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y JavaFX v2.2.4 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con 2D. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16492 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mit •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0449 – JDK: unspecified vulnerability fixed in 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2013-0449
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Vulnerabilidad sin especificar en el Java Runtime Environment (JRE) de Oracle Java SE v7 hasta la Update v11 permite ataques remotos que afectan a la confidencialidad por vectores desconocidos relacionados con Deployment • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16610 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mit •