Page 19 of 430 results (0.020 seconds)

CVSS: 10.0EPSS: 96%CPEs: 174EXPL: 2

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. La funcionalidad de la gestión de color (CMM) en el componente 2D en Oracle Java SE 7 Update v15 y anteriores, 6 Update 41 y anteriores, y v5.0 Update 40 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída) a través de una imagen con parámetros raster especialmente elaborados, lo que provoca (1) una lectura fuera de los límites o (2) la corrupción de memoria en la JVM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the sun.java2d.cmm.kcms.CMM.cmmColorConvert's native function. The issue lies in the handling of the destCMMImageLayout argument, which is not properly validated before being used. • https://www.exploit-db.com/exploits/24904 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 94%CPEs: 174EXPL: 0

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Vulnerabilidad sin especificar en el componente 2D en el componente JRE en Oracle Java SE 7 Update 15 y anteriores, 6 Update 41 y anteriores y 5.0 Update 40 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-1493. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AWT mediaLib. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://rhn • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 1%CPEs: 98EXPL: 0

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE 7 Update 13 y anteriores y 6 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html http://www.securityfocus.com/bid/58031 http://www.ubuntu.com/usn/USN-1735-1 http://www.us-cert.gov/cas/techalerts/TA13-051A.html https://oval.cisecurity.org/repository/search/definition/oval& •

CVSS: 10.0EPSS: 1%CPEs: 170EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores, 6 Update 39 y anteriores, y v5.0 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455. •

CVSS: 10.0EPSS: 6%CPEs: 94EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con Deployment, una vulnerabilidad diferente a otros CVEs listados en el February 2013 CPU. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •