CVE-2013-2418 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (Deployment)
https://notcve.org/view.php?id=CVE-2013-2418
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores y 6 Update 43 y anteriores permite a usuarios locales afectan a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http:/ •
CVE-2013-1558 – OpenJDK: java.beans.ThreadGroupContext missing restrictions (Beans, 7200507)
https://notcve.org/view.php?id=CVE-2013-1558
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 17 y anteriores, y en 6 Update 43 y anteriores, permite a atacantes remotos comprometer la confidencialidad, la integridad y disponibilidad a través de vectores no especificados que involucran a Beans. • http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0752.html http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat.com/errata/RHSA-2013-0758.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:161 http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.securityfocus.com/bid/59219 http://www.ubuntu.com/usn& •
CVE-2013-2436 – Oracle Java MethodHandle Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2436
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "type checks" and "method handle binding" involving Wrapper.convert. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, y OpenJDK versión 7 de Oracle, permite a los atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad por medio de vectores desconocidos relacionados a Libraries, una vulnerabilidad diferente de CVE-2013-1488 y CVE-2013-2426. NOTA: la información anterior es de la CPU de abril de 2013. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/20f287fec09f http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://rhn.redhat.com/errata/RHSA-2013-0752.html http://rhn.redhat.com/errata/RHSA-2013-0757.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://www-01.ibm.com/support/docview.wss?uid=swg21644197 http://www.mandriva.com/security/advisories •
CVE-2013-1493 – Oracle Java cmmColorConvert Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1493
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. La funcionalidad de la gestión de color (CMM) en el componente 2D en Oracle Java SE 7 Update v15 y anteriores, 6 Update 41 y anteriores, y v5.0 Update 40 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída) a través de una imagen con parámetros raster especialmente elaborados, lo que provoca (1) una lectura fuera de los límites o (2) la corrupción de memoria en la JVM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the sun.java2d.cmm.kcms.CMM.cmmColorConvert's native function. The issue lies in the handling of the destCMMImageLayout argument, which is not properly validated before being used. • https://www.exploit-db.com/exploits/24904 http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0809 – Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0809
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Vulnerabilidad sin especificar en el componente 2D en el componente JRE en Oracle Java SE 7 Update 15 y anteriores, 6 Update 41 y anteriores y 5.0 Update 40 y anteriores, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. Vulnerabilidad distinta de CVE-2013-1493. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AWT mediaLib. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://rhn • CWE-190: Integer Overflow or Wraparound •