CVSS: 10.0EPSS: 1%CPEs: 94EXPL: 0CVE-2012-3342 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2012-3342
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con Deployment, una vulnerabilidad diferente a otros CVEs listados en el February 2013 CPU. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0448 – JDK: unspecified vulnerability fixed in 7u13 (Libraries)
https://notcve.org/view.php?id=CVE-2013-0448
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. Vulnerabilidad no especificada en el componente Java Runtime Enviroment (JRE) en Oracle Java SE v7 hasta Update 11 permite a atacantes remotos afectar la integridad mediante vectores relacionados con Libraries. • http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16264 https://access.redhat.com/security/cve/CVE-2013-0448 https://bugzilla.redhat.com/show_bug.cgi?id=906934 •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2013-1489 – 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)
https://notcve.org/view.php?id=CVE-2013-1489
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 10 y Update 11 de Oracle, cuando se ejecuta en Windows con Internet Explorer, Firefox, Opera y Google Chrome, permite a los atacantes remotos omitir el nivel de seguridad "Very High" del Panel de Control de Java y ejecutar código Java no firmado sin consultar al usuario por medio de vectores desconocidos, también se conoce como "Issue 53" y la vulnerabilidad "Java Security Slider". • http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://seclists.org/fulldisclosure/2013/Jan/241 http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets http://www.informationweek.com/security/applicatio •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1490
https://notcve.org/view.php?id=CVE-2013-1490
Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an established history of releasing vulnerability reports that have been fixed by vendors. NOTE: this issue also exists in SE 6, but it cannot be exploited without a separate vulnerability. Vulnerabilidad no especificada en Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) permite a atacantes remotos asistidos por el usuario evitar el recinto de seguridad de Java (Sandbox) a través de vectores no especificados, también conocido como "Problema 51", una vulnerabilidad diferente a CVE-2013-0431. • http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://seclists.org/fulldisclosure/2013/Jan/142 http://seclists.org/fulldisclosure/2013/Jan/195 http://www.informationweek.com/security/application-security/java-hacker-uncovers-two-flaws-in-latest/240146717 http://www.securityfocus.com/archive/1/525387/30/0/threaded •
CVSS: 10.0EPSS: 9%CPEs: 20EXPL: 0CVE-2012-3174 – Oracle Java Runtime Environment MethodHandle Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-3174
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. Vulnerabilidad no especificada en Oracle Java 7 anterior a Update 11 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos una vulnerabilidad diferente a CVE-2013-0422. NOTA: algunas partes se han asignado en CVE-2012-3174 a un problema relacionado con el uso recurrente de la Reflection API, pero ese tema ya está cubierto como parte de CVE-2013-0422. • http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00025.html http://rhn.redhat.com/errata/RHSA-2013-0156.html http://rhn.redhat.com/errata/RHSA-2013-0165.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:095 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html http://www.ubuntu.com/usn/USN-1693-1 https://wiki.mageia&# • CWE-264: Permissions, Privileges, and Access Controls •