CVSS: 9.3EPSS: 82%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar códigoa través de vectores relacionados con "uso inseguro de uso [de] métodos múltiples en la clase java.lang.class class." • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-3308
https://notcve.org/view.php?id=CVE-2012-3308
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en IBM Sametime v8.0.2 a v8.5.2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un chat de mensajería instantánea. • http://www.ibm.com/support/docview.wss?uid=swg21599114 http://www.ibm.com/support/docview.wss?uid=swg21607903 http://www.securitytracker.com/id?1027402 https://exchange.xforce.ibmcloud.com/vulnerabilities/77567 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •