CVE-2013-0450 – OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
https://notcve.org/view.php?id=CVE-2013-0450
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. Vulnerabilidad sin especificar en Java Runtime Environmet (JRE) de Oracle Java SE v7 hasta Update v11, desde la v6 hasta la Update v38, y desde la v5.0 hasta Update v38 que permite ataques remotos que afectan a la confidencialidad, integridad, y disponibilidad por vectores relacionados con JMX • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6e0d9f4942af http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn. •
CVE-2013-0435 – OpenJDK: com.sun.xml.internal.* not restricted packages (JAX-WS, 7201068)
https://notcve.org/view.php?id=CVE-2013-0435
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, permite a atacantes remotos afectar la confidencialidad mediante vectores relacionados con JAX-WS. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906892 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/c1fa21042291 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http:/ •
CVE-2012-3342 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2012-3342
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con Deployment, una vulnerabilidad diferente a otros CVEs listados en el February 2013 CPU. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •
CVE-2013-0445 – OpenJDK: insufficient privilege checking issue (AWT, 8001057)
https://notcve.org/view.php?id=CVE-2013-0445
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. Vulnerabilidad no especificada en el componente Java Runtime Enviroment (JRE) en Oracle Java SE v7 hasta Update 11, v6 hasta Update 38, y v5.0 hasta Update 38 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediantes vectores relacionados con AWT. • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-0245.html h •
CVE-2013-1476 – OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
https://notcve.org/view.php?id=CVE-2013-1476
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11, v6 hasta Update 38, v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con CORBA, una vulnerabilidad diferente a CVE-2013-0441 and CVE-2013-1475. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&a •