Page 2 of 22 results (0.008 seconds)

CVSS: 6.9EPSS: 0%CPEs: 46EXPL: 0

CVE-2014-3065 – JDK: privilege escalation via shared class cache

https://notcve.org/view.php?id=CVE-2014-3065

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a SR16 FP8 (5.0.16.8) permite a usuarios locales ejecutar código arbitrario a través de vectores relacionados con el caché de clases compartidas. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2014-1876.html http:&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0

CVE-2014-0878 – JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers

https://notcve.org/view.php?id=CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRandom en IBM SDK Java Technology Edition 5.0 anterior a Service Refresh 16 FP6, 6 anterior a Service Refresh 16, 6.0.1 anterior a Service Refresh 8, 7 anterior a Service Refresh 7 y 7R1 anterior a Service Refresh 1 facilita a atacantes dependientes de contexto anular mecanismos de protección criptográficos mediante la predicción de la salida del generador de números aleatorias. • http://secunia.com/advisories/59022 http://secunia.com/advisories/59023 http://secunia.com/advisories/59058 http://secunia.com/advisories/61264 http://www-01.ibm.com/support/docview.wss?uid=swg21672043 http://www-01.ibm.com/support/docview.wss?uid=swg21673836 http://www-01.ibm.com/support/docview.wss?uid=swg21674539 http://www-01.ibm.com/support/docview.wss?uid=swg21676672 http://www-01.ibm.com/support/docview.wss? • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-0485

https://notcve.org/view.php?id=CVE-2013-0485

Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown impact and attack vectors related to Class Libraries. Vulnerabilidad no especificada en IBM Java SDK 7 en versiones anteriores a SR4-FP1, 6 en versiones anteriores a SR13-FP1, 5.0 en versiones anteriores a SR16-FP1 y 1.4.2 en versiones anteriores a SR13-FP16 tiene impacto desconocido y vectores de ataque relacionados con Class Libraries. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://www.ibm.com/developerworks/java/jdk/aix/142_64/fixes.html#SR13FP16 http://www.ibm.com/developerworks/java/jdk/aix/j532/fixes.html#SR16FP1 http://www.ibm.com/developerworks/java/jdk/aix/j664/Java6_64.fixes.html#SR13FP1 http://www.ibm.com/developerworks/java/jdk/aix/j732/Java7.fixes.html#SR4FP1 https://bugzilla.redhat.com/show_bug.cgi?id=950072 •

CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0

CVE-2013-5375 – JDK: unspecified sandbox bypass (XML)

https://notcve.org/view.php?id=CVE-2013-5375

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL. Vulnerabilidad no especificada en IBM Java SDK 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, 6.0.0 anteriores a SR15, y 5.0.0 anteriores a SR16 FP4 permite a atacantes remotos acceder a clases restringidas a través de vectores no especificados relacionados con XML y XSL. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1509.html http://rhn.redhat.com/errata/RHSA-2013-1793.html http://secunia.com/advisories/56338 http://www-01.ibm.com/support/docview.wss?uid=swg1IV51089 http://www-01.ibm.com/support/docview.wss?uid=swg1IV51090 http://www-01.ibm.com/support/docview.wss?uid •

CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 0

CVE-2013-5457 – JDK: unspecified sandbox bypass (ORB)

https://notcve.org/view.php?id=CVE-2013-5457

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad no especificada en Java SDK de IBM, versiones 7.0.0 anteriores a SR6, 6.0.1 anteriores a SR7, y 6.0.0 anteriores a SR15 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-1507.html http://rhn.redhat.com/errata/RHSA-2013-1508.html http://rhn.redhat.com/errata/RHSA-2013-1793.html http://secunia.com/advisories/56338 http://www-01.ibm.com/support/docview.wss?uid=swg1IV51334 http://www-01.ibm.com/support/docview.wss?uid=swg21655201 http://www-01.ibm.com/support/docview.wss?uid=swg21655202 https://exchange.xforce.ibmcloud.com/vulnerabili •