CVSS: 9.8EPSS: 1%CPEs: 164EXPL: 0CVE-2013-0409 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
https://notcve.org/view.php?id=CVE-2013-0409
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, y v5 hasta Update 38 permite a atacantes remotos afectar la confidencialidad mediante vectores relacionados con JMX. This update correct... • http://marc.info/?l=bugtraq&m=136439120408139&w=2 •
CVSS: 6.1EPSS: 1%CPEs: 241EXPL: 0CVE-2013-0424 – OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)
https://notcve.org/view.php?id=CVE-2013-0424
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not proper... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0425 – OpenJDK: logging insufficient access control checks (Libraries, 6664509)
https://notcve.org/view.php?id=CVE-2013-0425
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0426 – OpenJDK: logging insufficient access control checks (Libraries, 6664528)
https://notcve.org/view.php?id=CVE-2013-0426
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346 •
CVSS: 8.1EPSS: 2%CPEs: 164EXPL: 0CVE-2013-0427 – OpenJDK: invalid threads subject to interrupts (Libraries, 6776941)
https://notcve.org/view.php?id=CVE-2013-0427
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. Vulnerabilidad sin especif... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907455 •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0428 – OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)
https://notcve.org/view.php?id=CVE-2013-0428
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that t... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 8.1EPSS: 5%CPEs: 164EXPL: 0CVE-2013-0429 – OpenJDK: PresentationManager incorrectly shared (CORBA, 7141694)
https://notcve.org/view.php?id=CVE-2013-0429
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thr... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907460 •
CVSS: 8.1EPSS: 2%CPEs: 241EXPL: 0CVE-2013-0432 – OpenJDK: insufficient clipboard access premission checks (AWT, 7186952)
https://notcve.org/view.php?id=CVE-2013-0432
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." Vulnerabilidad no ... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907219 •
CVSS: 8.1EPSS: 2%CPEs: 164EXPL: 0CVE-2013-0433 – OpenJDK: InetSocketAddress serialization issue (Networking, 7201071)
https://notcve.org/view.php?id=CVE-2013-0433
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddre... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
28 Nov 2012 — Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar... • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html • CWE-310: Cryptographic Issues •