CVSS: 5.0EPSS: 5%CPEs: 180EXPL: 1CVE-2013-2419 – Java Web Start Launcher ActiveX Control - Memory Corruption
https://notcve.org/view.php?id=CVE-2013-2419
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 17 y versiones anteriores, 6 Update 43 y versiones anteriores y 5.0 Update 41 y versiones anteriores; y OpenJDK 6 y 7; permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con 2D. NOTA: la información previa es de la CPU Abril de 2013. • https://www.exploit-db.com/exploits/24966 http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://bugs.icu-project.org/trac/ticket/10107 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security- •
CVSS: 4.3EPSS: 0%CPEs: 106EXPL: 0CVE-2013-1540 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
https://notcve.org/view.php?id=CVE-2013-1540
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 17 y anteriores, y en 6 Update 43 y anteriores, permite a atacantes remotos comprometer la integridad a través de vectores no especificados que involucran al Deployment. Vulnerabilidad distinta de CVE-2013-2433. • http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http:/ •
CVSS: 10.0EPSS: 1%CPEs: 106EXPL: 0CVE-2013-2435 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
https://notcve.org/view.php?id=CVE-2013-2435
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores y v6 Update v43 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación, una vulnerabilidad diferente a CVE-2013-2440. • http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http:/ •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 1CVE-2013-2416 – Java Web Start Launcher ActiveX Control - Memory Corruption
https://notcve.org/view.php?id=CVE-2013-2416
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con la implementación. The Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/24966 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16464 https://access.redhat.com/security/cve/CVE-2013-2416 https://bugzilla.redhat.com/show_bug.cgi?id=953266 •
CVSS: 10.0EPSS: 4%CPEs: 37EXPL: 0CVE-2013-2434 – Oracle Java t2k.dll glyph_AddPoint() Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2434
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores y JavaFX v2.2.7 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t2k.dll glyph_AddPoint() when rendering Type1 or Type2 fonts. Memory corruption could occur when manipulating a point count in the font file. • http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19462 https://access.redhat.com/security/cve/CVE-2013-2434 https://bugzilla.redhat.com/s •