Page 26 of 369 results (0.009 seconds)

CVSS: 10.0EPSS: 3%CPEs: 28EXPL: 0

CVE-2013-2425 – JDK: unspecified vulnerability fixed in 7u21 (Install)

https://notcve.org/view.php?id=CVE-2013-2425

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la instalación. • http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16471 https://access.redhat.com/security/cve/CVE-2013-2425 https://bugzilla.redhat.com/show_bug.cgi?id=953268 •

CVSS: 5.0EPSS: 7%CPEs: 180EXPL: 0

CVE-2013-2417 – OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)

https://notcve.org/view.php?id=CVE-2013-2417

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, versión 6 Update 43 y anteriores, y versión 5.0 Update 41 y anteriores; y OpenJDK versiones 6 y 7 de Oracle; permite a los atacantes remotos afectar la disponibilidad por medio de vectores desconocidos relacionados con Networking. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/7ca8a40795d8 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html& •

CVSS: 4.6EPSS: 0%CPEs: 106EXPL: 0

CVE-2013-2418 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)

https://notcve.org/view.php?id=CVE-2013-2418

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores y 6 Update 43 y anteriores permite a usuarios locales afectan a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http:/ •

CVSS: 10.0EPSS: 96%CPEs: 174EXPL: 2

CVE-2013-1493 – Oracle Java cmmColorConvert Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-1493

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. La funcionalidad de la gestión de color (CMM) en el componente 2D en Oracle Java SE 7 Update v15 y anteriores, 6 Update 41 y anteriores, y v5.0 Update 40 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída) a través de una imagen con parámetros raster especialmente elaborados, lo que provoca (1) una lectura fuera de los límites o (2) la corrupción de memoria en la JVM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the sun.java2d.cmm.kcms.CMM.cmmColorConvert's native function. The issue lies in the handling of the destCMMImageLayout argument, which is not properly validated before being used. • https://www.exploit-db.com/exploits/24904 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 94%CPEs: 174EXPL: 0

CVE-2013-0809 – Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2013-0809

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Vulnerabilidad sin especificar en el componente 2D en el componente JRE en Oracle Java SE 7 Update 15 y anteriores, 6 Update 41 y anteriores y 5.0 Update 40 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-1493. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AWT mediaLib. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://rhn • CWE-190: Integer Overflow or Wraparound •