CVE-2013-1476 – OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
https://notcve.org/view.php?id=CVE-2013-1476
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11, v6 hasta Update 38, v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con CORBA, una vulnerabilidad diferente a CVE-2013-0441 and CVE-2013-1475. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&a •
CVE-2013-1480 – Oracle Java AWT Image Transform Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1480
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 hasta la actualización 11, 6 hasta la actualización 38, 5,0 hasta la actualización, y v1.4.2_40 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados a AWT. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/50e268c1fb1f http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn. •
CVE-2013-1473 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2013-1473
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad sin especificar en Java Runtime Environment (JRE) de Oracle Java SE v7 hasta la Update v11 y desde la v6 hasta la Update v38 que permite ataques remotos que afectan a la integridad pro vectores sin especificar relacionados con el "Deployment". • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •
CVE-2013-0434 – OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
https://notcve.org/view.php?id=CVE-2013-0434
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialidad mediante vectores relacionados con JAXP. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp/rev/91fcc41a0b4b http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&am •
CVE-2013-0426 – OpenJDK: logging insufficient access control checks (Libraries, 6664528)
https://notcve.org/view.php?id=CVE-2013-0426
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, y v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialiad, integridad y disponibilidad mediante vectores desconocidos relacionados con Libraries, una vulnerabilidad diferente a CVE-2013-0425 y CVE-2013-0428. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •