CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-0416 – OpenJDK: insecure subject principals set handling (JAAS, 8024306)
https://notcve.org/view.php?id=CVE-2014-0416
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAAS. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to how principals are set for the Subject class, which allows attackers to escape the sandbox using deserialization of a crafted Subject instance. Vulnerabilidad no especificada en Oracle Java SE 5.0u... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/abe1cb2d27cb •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-0423 – OpenJDK: XXE issue in decoder (Beans, 8023245)
https://notcve.org/view.php?id=CVE-2014-0423
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and availability via unknown vectors related to Beans. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability in DocumentHandler.java, related to Beans decoding. Vulnerabilidad no especificada en Oracle ... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/995b32f013f5 •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 0CVE-2013-5878 – OpenJDK: null xmlns handling issue (Security, 8025026)
https://notcve.org/view.php?id=CVE-2013-5878
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the Security component does not properly handle null XML namespace (xmlns) attributes during XML document canonicalization, which allows attackers to escape the sandbox. Una vulnerabi... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2013-5910 – OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
https://notcve.org/view.php?id=CVE-2013-5910
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that CanonicalizerBase.java in the XML canonicalizer allows untrusted code to access mutable byte arrays. Vulnerabilidad no especificada en Oracle Java SE 6u65 y 7u45 y Java SE Embedded 7u45, permite a atacantes remotos afe... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/07004bb53c3c •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2014-0376 – OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)
https://notcve.org/view.php?id=CVE-2014-0376
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to an improper check for "code permissions when creating document builder factories." Vulnerabilidad sin especificar en Oracle Java SE 5.0u55, 6u65, y 7u45, y Java SE Embedded 7u45, permite a atacante... • http://hg.openjdk.java.net/jdk7u/jdk7u/jaxp/rev/42be8e6266ab •
CVSS: 10.0EPSS: 44%CPEs: 8EXPL: 0CVE-2013-5907 – Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5907
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (cr... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2014-0411 – OpenJDK: TLS/SSL handshake timing issues (JSSE, 8023069)
https://notcve.org/view.php?id=CVE-2014-0411
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to obtain sensitive information about encryption keys via a timing discrepancy during the TLS/SSL handshake. Vulnerabilidad no especifica... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/d533e96c7acc •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2014-0368 – OpenJDK: insufficient Socket checkListen checks (Networking, 8011786)
https://notcve.org/view.php?id=CVE-2014-0368
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, and Java SE Embedded 7u45, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to incorrect permission checks when listening on a socket, which allows attackers to escape the sandbox. Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u65 y 7u45, y Java SE Embed... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e6160aedadd5 •
CVSS: 9.8EPSS: 11%CPEs: 6EXPL: 0CVE-2013-5896 – OpenJDK: com.sun.corba.se. should be restricted package (CORBA, 8025022)
https://notcve.org/view.php?id=CVE-2013-5896
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that com.sun.corba.se and its sub-packages are not included on the restricted package list. Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u64 y 7u45; y Java SE Embedded 7u45; permite a atacantes remotos afectar... • http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/694ad155b344 •
CVSS: 10.0EPSS: 14%CPEs: 5EXPL: 0CVE-2014-0428 – OpenJDK: insufficient security checks in IIOP streams (CORBA, 8025767)
https://notcve.org/view.php?id=CVE-2014-0428
15 Jan 2014 — Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox. Vulnerabilidad no especificada en Oracle Java SE 5.0u55, 6u65 y 7u4... • http://hg.openjdk.java.net/jdk7u/jdk7u/corba/rev/0a879f00b698 •