CVSS: 8.1EPSS: 2%CPEs: 164EXPL: 0CVE-2013-0427 – OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
https://notcve.org/view.php?id=CVE-2013-0427
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. Vulnerabilidad sin especif... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907455 •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0428 – OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
https://notcve.org/view.php?id=CVE-2013-0428
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 8.1EPSS: 5%CPEs: 164EXPL: 0CVE-2013-0429 – OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
https://notcve.org/view.php?id=CVE-2013-0429
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thr... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460 •
CVSS: 8.1EPSS: 2%CPEs: 241EXPL: 0CVE-2013-0432 – OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
https://notcve.org/view.php?id=CVE-2013-0432
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Vulnerabilidad no ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 •
CVSS: 8.1EPSS: 2%CPEs: 164EXPL: 0CVE-2013-0433 – OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
https://notcve.org/view.php?id=CVE-2013-0433
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddre... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
28 Nov 2012 — Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar... • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5373
https://notcve.org/view.php?id=CVE-2012-5373
28 Nov 2012 — Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. Oracle Java SE 7 y anteriores, y OpenJDK 7 y anteriores, calcula l... • http://2012.appsec-forum.ch/conferences/#c17 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2012-3202
https://notcve.org/view.php?id=CVE-2012-3202
17 Oct 2012 — Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. Múltiples vulnerabilidades no especificadas en el componente Oracle JRockit en Oracle Fusion Middleware v28.2.4 y anteriores, y v27.7.3 y versiones anteriores, c... • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •
CVSS: 10.0EPSS: 45%CPEs: 82EXPL: 3CVE-2012-1533 – Java - Web Start Double Quote Injection Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-1533
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 7 y versiones anteriores y 6 Update 35 y versiones anteriores, permite a atacantes remotos af... • https://packetstorm.news/files/id/121951 •
CVSS: 10.0EPSS: 1%CPEs: 234EXPL: 0CVE-2012-1531 – JDK: unspecified vulnerability (2D)
https://notcve.org/view.php?id=CVE-2012-1531
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, v5.0 Update ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •