CVSS: 10.0EPSS: 2%CPEs: 22EXPL: 0CVE-2014-0429 – OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)
https://notcve.org/view.php?id=CVE-2014-0429
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en Oracle Java SE 5.0u61, 6u71, 7u51, y 8; JRockit R27.8.1 y R28.3.1; y Java SE Embedded 7u51 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=140852974709252&w=2 http://rhn.redhat.com/errata/RHSA-2014-0675.html http://rhn.redhat.com/errata/RHSA-2014-0685.html http://secunia.com/advisories/58415 http://secunia.com/advisories/58974 http://secunia.com/advisories/59058 http://security.gentoo.org/glsa/glsa-201406-32.xml http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?u •
CVSS: 7.6EPSS: 0%CPEs: 7EXPL: 0CVE-2014-0448 – JDK: unspecified vulnerability fixed in 7u55 and 8u5 (Deployment)
https://notcve.org/view.php?id=CVE-2014-0448
Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 7u51 y 8 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la implementación. • http://marc.info/?l=bugtraq&m=140852886808946&w=2 http://security.gentoo.org/glsa/glsa-201502-12.xml http://www-01.ibm.com/support/docview.wss?uid=swg21672080 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66904 https://access.redhat.com/errata/RHSA-2014:0413 https://access.redhat.com/security/cve/CVE-2014-0448 https://bugzilla.redhat.com/show_bug.cgi?id=1088024 •
CVSS: 7.5EPSS: 96%CPEs: 5EXPL: 2CVE-2013-5447 – IBM Forms Viewer 'fontname' Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5447
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. El desbordamiento de búfer en la región stack de la memoria en Forms Viewer de IBM versiones 4.x anterior a 4.0.0.3 y la versiones 8.x anterior a 8.0.1.1, permite a los atacantes remotos ejecutar código arbitrario por medio de un formulario XFDL con un formulario largo valor fontname. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Forms Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within a document handler of an XFDL document. The parsing of the 'fontname' tag with a large value can lead to a stack buffer overflow. • https://www.exploit-db.com/exploits/30789 http://packetstormsecurity.com/files/124658 http://www-01.ibm.com/support/docview.wss?uid=swg1LO78184 http://www-01.ibm.com/support/docview.wss?uid=swg21657500 http://www.exploit-db.com/exploits/30789 http://www.zerodayinitiative.com/advisories/ZDI-13-274 https://exchange.xforce.ibmcloud.com/vulnerabilities/87911 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •