CVSS: 10.0EPSS: 96%CPEs: 74EXPL: 3CVE-2012-0507 – Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0507
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE), de Oracle Java SE v7 Update 2 y versiones anteriores, v6 Update 30 y anteriores, y v5.0 Update 33 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la "Concurrencia". • https://www.exploit-db.com/exploits/18679 http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 h •
CVSS: 10.0EPSS: 96%CPEs: 98EXPL: 1CVE-2011-3544 – Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3544
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7 y v6 Update 27 y anteriores permite a aplicaciones remotas Java Web Start y applets Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con secuencias de comandos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. • https://www.exploit-db.com/exploits/18171 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48308 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.ibm.com/developerworks/java/jdk/alerts http://ww •
CVSS: 5.0EPSS: 17%CPEs: 56EXPL: 0CVE-2009-2625 – JDK: XML parsing Denial-Of-Service (6845701)
https://notcve.org/view.php?id=CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. Apache Xerces2 Java, tal como se utiliza en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior a la actualización 15 y el JDK y JRE v5.0 antes de la actualización 20, y en otros productos, permite a atacantes remotos provocar una denegación de servicio (bucle infinito y la cuelgue de aplicación) a través de una entrada XML malformada, como lo demuestra Codenomicon XML fuzzing framework. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://rhn.redhat.com/errata/RHSA-2012-1232.html http://rhn.redhat.co •