CVE-2013-2440 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
https://notcve.org/view.php?id=CVE-2013-2440
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores y v6 Update v43 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación, una vulnerabilidad diferente a CVE-2013-2435. • http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http:/ •
CVE-2013-2419 – Java Web Start Launcher ActiveX Control - Memory Corruption
https://notcve.org/view.php?id=CVE-2013-2419
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 17 y versiones anteriores, 6 Update 43 y versiones anteriores y 5.0 Update 41 y versiones anteriores; y OpenJDK 6 y 7; permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con 2D. NOTA: la información previa es de la CPU Abril de 2013. • https://www.exploit-db.com/exploits/24966 http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://bugs.icu-project.org/trac/ticket/10107 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security- •
CVE-2013-2422 – OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
https://notcve.org/view.php?id=CVE-2013-2422
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores y versión 6 Update 43 y anteriores; y OpenJDK versiones 6 y 7 de Oracle; permite atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos relacionados con Libraries. NOTA: la información anterior procede de la CPU de abril de 2013. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2899c3dbf5e8 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html ht •
CVE-2013-2433 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
https://notcve.org/view.php?id=CVE-2013-2433
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores y v6 Update v43 y anteriores permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con la implementación, una vulnerabilidad diferente a CVE-2013-1540. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://marc.info/?l=bugtraq&m=137545592101387&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http& •
CVE-2013-2429 – OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)
https://notcve.org/view.php?id=CVE-2013-2429
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, versión 6 Update 43 y anteriores, y versión 5.0 Update 41 y anteriores; y OpenJDK versiones 6 y 7 de Oracle; permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos relacionados a ImageIO. NOTA: la información anterior es de la CPU de abril de 2013. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/90c9f1577a0b http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html& •