CVSS: 10.0EPSS: 13%CPEs: 257EXPL: 0CVE-2010-3562 – OpenJDK IndexColorModel double-free (6925710)
https://notcve.org/view.php?id=CVE-2010-3562
19 Oct 2010 — Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possi... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 10.0EPSS: 8%CPEs: 93EXPL: 0CVE-2010-3567 – OpenJDK ICU Opentype layout engine crash (6963285)
https://notcve.org/view.php?id=CVE-2010-3567
19 Oct 2010 — Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an ou... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 10.0EPSS: 9%CPEs: 149EXPL: 0CVE-2010-3568 – OpenJDK Deserialization Race condition (6559775)
https://notcve.org/view.php?id=CVE-2010-3568
19 Oct 2010 — Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. Vulnerabilidad no especificada en el componente Java Runtime Envi... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 10.0EPSS: 13%CPEs: 149EXPL: 0CVE-2010-3569 – OpenJDK Serialization inconsistencies (6966692)
https://notcve.org/view.php?id=CVE-2010-3569
19 Oct 2010 — Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization AP... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 9.8EPSS: 6%CPEs: 41EXPL: 0CVE-2010-3570 – JDK unspecified vulnerability in Deployment Toolkit
https://notcve.org/view.php?id=CVE-2010-3570
19 Oct 2010 — Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Deployment Toolkit de Oracle Java SE y Java for Business v6 Update 21 permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad mediante vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 10.0EPSS: 12%CPEs: 257EXPL: 0CVE-2010-3572 – JDK unspecified vulnerability in Sound component
https://notcve.org/view.php?id=CVE-2010-3572
19 Oct 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Sound de Oracle Jave SE y Java para Business v6 Update 21, v5.0 Update 25, v1.4.2_27, y v.1.3.1_28 permite a atacantes remotos comprometer la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 9.8EPSS: 7%CPEs: 93EXPL: 1CVE-2010-3573 – Oracle JRE - java.net.URLConnection class Same-of-Origin 'SOP' Policy Bypass
https://notcve.org/view.php?id=CVE-2010-3573
19 Oct 2010 — Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attac... • https://www.exploit-db.com/exploits/15288 •
CVSS: 10.0EPSS: 8%CPEs: 257EXPL: 0CVE-2010-3574 – OpenJDK HttpURLConnection incomplete TRACE permission check (6981426)
https://notcve.org/view.php?id=CVE-2010-3574
19 Oct 2010 — Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP T... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 9.8EPSS: 1%CPEs: 257EXPL: 0CVE-2010-3541 – OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)
https://notcve.org/view.php?id=CVE-2010-3541
19 Oct 2010 — Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, whic... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •
CVSS: 5.3EPSS: 3%CPEs: 149EXPL: 0CVE-2010-3548 – OpenJDK DNS server IP address information leak (6957564)
https://notcve.org/view.php?id=CVE-2010-3548
19 Oct 2010 — Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names." Vulnerabilidad n... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 •