CVSS: 10.0EPSS: 12%CPEs: 4EXPL: 0CVE-2012-1721 – Oracle Java WebStart Changing System Properties Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1721
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722. Vulnerabilidad no especificada en el componente Java Runtime Enviroment (JRE) en Oracle Java SE v7 actualización 4 y anteriores, y v6 actualización 32 y anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con el despliegue, una vulnerabilidad diferente de CVE-2012-1722. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "<all-permissions/>" and only references signed, trusted JAR files, it can set all System properties. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://marc.info/?l=bugtraq&m=134496371727681&w=2 http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html http://www.securityfocus.com/bid/53959 https://oval.cisecu •
CVSS: 5.0EPSS: 3%CPEs: 8EXPL: 0CVE-2012-1718 – OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
https://notcve.org/view.php?id=CVE-2012-1718
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. Vulnerabilidad no especificada en el componente Java Runtime Enviroment (JRE) en Oracle Java SE v7 actualización 4 y anteriores, v6 actualización 32 y anteriores, v5 actualización 35 y anteriores, y v1.4.2_37 y anteriores que permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con la seguridad. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://marc.info/?l=bugtraq&m=134496371727681&w=2 http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.red •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2012-1711 – OpenJDK: improper protection of CORBA data models (CORBA, 7079902)
https://notcve.org/view.php?id=CVE-2012-1711
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. Vulnerablidad no especificada en el componente Java Runtime Enviroment (JRE) en Oracle Java SE v7 actualización 4 y anteriores, v6 actualización 32 y anteriores, v5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite a atacantes remotos afectar la confidencialidad y la disponibilidad, relacionado con CORBA. • http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://marc.info/?l=bugtraq&m=134496371727681&w=2 http://rhn.redhat.com/errata/RHSA-2012-0734.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:095 http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html http://www.securityfocus.com/bid/53949 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3 •
CVSS: 10.0EPSS: 1%CPEs: 139EXPL: 0CVE-2012-1725 – OpenJDK: insufficient invokespecial <init> verification (HotSpot, 7160757)
https://notcve.org/view.php?id=CVE-2012-1725
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE v7 Update 4 y anteriores, v6 Update 32 y anteriores, y v5 actualización 35 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el hotspot . • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://marc.info/?l=bugtraq&m=134496371727681&w=2 http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA&# •
CVSS: 5.0EPSS: 0%CPEs: 214EXPL: 0CVE-2012-1719 – OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
https://notcve.org/view.php?id=CVE-2012-1719
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite a atacantes remotos afectar a la integridad, en relación con CORBA. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://marc.info/?l=bugtraq&m=134496371727681&w=2 http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.red •