CVE-2012-0503 – OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)
https://notcve.org/view.php?id=CVE-2012-0503
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, 5.0 Update 33 y anteriores, v1.4.2_35 y anteriores permite a distancia las aplicaciones Java Web Start y applets de Java que no son de confianza afectar a la confidencialidad, integridad y disponibilidad, en relación a la i18n. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •
CVE-2011-3563 – OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)
https://notcve.org/view.php?id=CVE-2011-3563
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, 5.0 Update 33 y anteriores, v1.4.2_35 y anteriores permite a atacantes remotos afectar a la confidencialidad y la disponibilidad a través de vectores desconocidos relacionan con el sonido. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •
CVE-2011-3545 – Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3545
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE JDK y JRE 6 Update 27 y anteriores, v5.0 Update 31 y anteriores, y v1.4.2_33 y anteriores, y JRockit vR28.1.4 y anteriores, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionado con el Sound. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because Java does not sufficiently verify parameters certain functions. The function MixerSequencer.nAddControllerEventCallback fails to check for negative index numbers before writing user supplied data into a static array. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •
CVE-2011-3556 – Java RMI - Server Insecure Default Configuration Java Code Execution
https://notcve.org/view.php?id=CVE-2011-3556
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE JDK y JRE 7, 6 Update 27 y versiones anteriores, 5.0 Update 31 y versiones anteriores, 1.4.2_33 y versiones anteriores y JRockit R28.1.4 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad, relacionada con RMI, una vulnerabilidad diferente a CVE-2011-3557. • https://www.exploit-db.com/exploits/17535 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •
CVE-2011-3547 – OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)
https://notcve.org/view.php?id=CVE-2011-3547
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7, v6 Update 27 y anteriores, v5.0 Update 31 y anteriores, y v1.4.2_33 y anteriores permite a aplicaciones remotas Java Web Start y applets de Java no confiables afectar la confidencialidad a través de vectores desconocidos relacionados con la red. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •