CVSS: 10.0EPSS: 1%CPEs: 48EXPL: 0CVE-2011-0863 – Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0863
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 6 Update 25 y anteriores, v5.0 Update 29 y anteriores, permite aplicaciones Java Web Start y Java applets que no son de confianza afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java webstart parses certain properties from the jnlp file. Due to insufficient quote escaping it is possible to supply additional command line parameters to the java process. • http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html http://marc.info/?l=bugtraq&m=132439520301822&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/44818 http://secunia.com •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-0706
https://notcve.org/view.php?id=CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." La clase JNLPClassLoader en IcedTea-Web anterior a versión 1.0.1, tal y como es usado en OpenJDK Runtime Environment versión 1.6.0, permite a los atacantes remotos alcanzar privilegios por medio de vectores desconocidos relacionados con varios firmantes y la asignación de "an inappropriate security descriptor”. • http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://secunia.com/advisories/43350 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa-2224 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://www.securityfocus.com/bid/46439 https://bugzilla.r • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 1%CPEs: 45EXPL: 0CVE-2010-4422 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4422
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v23 y anteriores permite a atacantes remotos vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mi •
CVSS: 10.0EPSS: 1%CPEs: 28EXPL: 0CVE-2010-4467 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4467
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v10 hasta v6 Update v23 permite a aplicaciones remotas Java Web Start no confiables y Java applets no confiables vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con JDBC. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.html http://www.securityfocus.com/bid/46395 https://exchange.xforce.ibmcloud.com/vulnerabilities/65398 https& •
CVSS: 7.6EPSS: 1%CPEs: 45EXPL: 0CVE-2010-4451 – JDK unspecified vulnerability in Install component
https://notcve.org/view.php?id=CVE-2010-4451
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v23 y anteriores para Windows, cuando se usa Java Update, permite a atacantes remotos vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Install. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.securityfocus.com/bid/46405 https://exchange.xforce.ibmcloud.com/vulnerabilities/65402 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13942 https://access.redhat.com/security/cve/CVE-2010-4451 https:// •