Page 158 of 939 results (0.010 seconds)

CVSS: 10.0EPSS: 78%CPEs: 22EXPL: 4

CVE-2010-0886 – JAVA Web Start - Arbitrary Command-Line Injection

https://notcve.org/view.php?id=CVE-2010-0886

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad sin especificar en el componente Java Deployment Toolkit en Oracle Java SE y Java para Business JDK y JRE 6 Update 10 a la 19, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • https://www.exploit-db.com/exploits/12122 https://www.exploit-db.com/exploits/41700 https://www.exploit-db.com/exploits/12117 https://www.exploit-db.com/exploits/16585 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/39819 http://sunsolve.sun.com/search/document.do?assetkey=1-66-279590-1 h •

CVSS: 9.3EPSS: 93%CPEs: 4EXPL: 2

CVE-2010-1423 – Sun Java Web Start Plugin - Command Line Argument Injection

https://notcve.org/view.php?id=CVE-2010-1423

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección de argumento en el manejador URI en (a) Java NPAPI plugin y (b) Java Deployment Toolkit en Java v6 Update v10, 1v9, y otras versiones, cuando corre en Windows y probablemente en Linux, permite a atacantes remotos ejecutar código de su elección a través del argumento (1) -J o (2) -XXaltjvm en javaws.exe, que es procesado por el método launch. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/41700 http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html http://osvdb.org/63648 http://secunia.com/advisories/39260 http://www.kb.cert.org/vuls/id/886582 http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1 http://www.securitytracker.com/id?1023840 http://www.vupen.com/english/advisories/2010/0853 https://exchange.xforce.ibmcloud.com/vulnerabilities/57615 https://oval.cisecurity.org/re • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.1EPSS: 2%CPEs: 238EXPL: 0

CVE-2010-0085 – OpenJDK File TOCTOU deserialization vulnerability (6736390)

https://notcve.org/view.php?id=CVE-2010-0085

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-0088. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.5EPSS: 3%CPEs: 238EXPL: 0

CVE-2010-0848 – OpenJDK AWT Library Invalid Index Vulnerability (6914823)

https://notcve.org/view.php?id=CVE-2010-0848

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java 2D en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 •

CVSS: 10.0EPSS: 19%CPEs: 8EXPL: 0

CVE-2010-0843 – Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0843

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. Vulnerabilidad no especificada en el componente Sound en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Marzo 2010. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://osvdb •