CVSS: 9.3EPSS: 82%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar códigoa través de vectores relacionados con "uso inseguro de uso [de] métodos múltiples en la clase java.lang.class class." • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •
CVSS: 2.1EPSS: 0%CPEs: 174EXPL: 0CVE-2012-1717 – OpenJDK: insecure temporary file permissions (JRE, 7143606)
https://notcve.org/view.php?id=CVE-2012-1717
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 4 y anteriores, 6 Update 32 y anteriores, 5 actualización 35 y anteriores, y v1.4.2_37 y anteriores permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos relacionados con el la impresión en Solaris o Linux. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html http://rhn.redhat.com/errata/RHSA-2012-0734.html http://rhn.redhat.com/errata/RHSA-2012-1243.html http://rhn.redhat& • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 96%CPEs: 74EXPL: 3CVE-2012-0507 – Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0507
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE), de Oracle Java SE v7 Update 2 y versiones anteriores, v6 Update 30 y anteriores, y v5.0 Update 33 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la "Concurrencia". • https://www.exploit-db.com/exploits/18679 http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 h •
CVSS: 9.3EPSS: 1%CPEs: 339EXPL: 0CVE-2009-3868 – java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)
https://notcve.org/view.php?id=CVE-2009-3868
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 no analiza adecuadamente el perfil color, lo que permite a los atacantes remotos obtener privilegios a través de un archivo de imagen manipulado también conocido como Bud Id 6862970. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 339EXPL: 0CVE-2009-3873 – OpenJDK JPEG Image Writer quantization problem (6862968)
https://notcve.org/view.php?id=CVE-2009-3873
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. El JPEG Image Writer en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos obtener privilegios a través de un archivo de imagen manipulado, relativo a "problemas de cuantificación", también conocido como Bug 6862968. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •