CVSS: 8.1EPSS: 0%CPEs: 241EXPL: 0CVE-2013-0440 – OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
https://notcve.org/view.php?id=CVE-2013-0440
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets tha... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 10.0EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0428 – OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
https://notcve.org/view.php?id=CVE-2013-0428
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 10.0EPSS: 1%CPEs: 241EXPL: 0CVE-2013-1475 – OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)
https://notcve.org/view.php?id=CVE-2013-1475
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.ja... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 6.1EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0424 – OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
https://notcve.org/view.php?id=CVE-2013-0424
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not proper... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 6%CPEs: 219EXPL: 0CVE-2013-1481 – Oracle Java PV_ProcessSampleWithSMOD Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1481
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 6 hasta la actualización 38, 5,0 hasta la actualización 38 y v1.4.2_40 y anteriores permite a atacantes remotos para afectar la confidenc... • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5373
https://notcve.org/view.php?id=CVE-2012-5373
28 Nov 2012 — Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. Oracle Java SE 7 y anteriores, y OpenJDK 7 y anteriores, calcula l... • http://2012.appsec-forum.ch/conferences/#c17 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 1CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
28 Nov 2012 — Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar... • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 2%CPEs: 224EXPL: 0CVE-2012-5077 – OpenJDK: SecureRandom mulitple seeders information disclosure (Security, 7167656)
https://notcve.org/view.php?id=CVE-2012-5077
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE Update v7 a 7 y versiones anteriores, v6 Update 35 y anteriores, v5.0 Update 36 y anteriores y v1.4.2_38 y anteriores permite a... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •
CVSS: 10.0EPSS: 79%CPEs: 16EXPL: 1CVE-2012-5088 – Java Applet - Method Handle Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-5088
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update v7 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las biblioteca... • https://www.exploit-db.com/exploits/24308 •
CVSS: 10.0EPSS: 9%CPEs: 234EXPL: 0CVE-2012-5083 – JDK: unspecified vulnerability (2D)
https://notcve.org/view.php?id=CVE-2012-5083
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, v5.0 Update 36 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •