Page 33 of 320 results (0.015 seconds)

CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0

CVE-2013-0441 – OpenJDK: missing serialization restriction (CORBA, 7201066)

https://notcve.org/view.php?id=CVE-2013-0441

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11, v6 hasta Update 38, v5.0 hasta Update 38, y v1.4.2_40 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores relacionados con CORBA, una vulnerabilidad diferente a CVE-2013-1476 and CVE-2013-1475. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/307ddc7799c7 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http:/& •

CVSS: 10.0EPSS: 9%CPEs: 241EXPL: 0

CVE-2013-1478 – OpenJDK: image parser insufficient raster parameter checks (2D, 8001972)

https://notcve.org/view.php?id=CVE-2013-1478

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. Vulnerabildiad sin especificar en Java Runtime Environmet (JRE) en Oracle Java SE v7 hasta la versión Update v11, desde la v6 hasta la Update v38, desde la v5.0 hasta la Update v38, y la v1.4.2_40 junto con anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionado a 2D. • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/d89bd26ac435 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn. •

CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0

CVE-2013-0425 – OpenJDK: logging insufficient access control checks (Libraries, 6664509)

https://notcve.org/view.php?id=CVE-2013-0425

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Vulnerabilidad sin especificar en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 a la Update 11, 6 a la Update 38, y v5.0 a la Update 38, y v1.4.2_40 y anteriores, permite que atacantes remotos comprometan la integridad, confidencialidad y disponibilidad a través de vectores no especificados relacionados con "Libraries". Vulnerabilidad distinta de CVE-2013-0428 y CVE-2013-0426. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •

CVSS: 5.0EPSS: 0%CPEs: 224EXPL: 0

CVE-2012-5079 – OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

https://notcve.org/view.php?id=CVE-2012-5079

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 7 y versiones anteriores, 6 Update 35 y versiones anteriores, 5.0 Update 36 y versiones anteriores y 1.4.2_38 y versiones anteriores permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Libraries, una vulnerabilidad diferente a CVE-2012-5073. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html http://marc.info/?l=bugtraq&m=135542848327757&w=2 http://marc.info/?l=bugtraq&m=135758563611658&w=2 http://rhn.redhat •

CVSS: 0EPSS: 0%CPEs: 224EXPL: 0

CVE-2012-5085 – OpenJDK: disable Gopher support by default (Gopher, 7189567)

https://notcve.org/view.php?id=CVE-2012-5085

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking. NOTE: the Oracle CPU states that this issue has a 0.0 CVSS score. If so, then this is not a vulnerability and this issue should not be included in CVE. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y anteriores, v6 Update 35 y anteriores, v5.0 Update 36 y anteriores y v1.4.2_38 y anteriores permite a usuarios remotos autenticados tener un impacto no especificado a través de vectores desconocidos relacionados con la red. NOTA: el CPU de Oracle indica este problema tiene una puntuación CVSS v0.0. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html http://marc.info/?l=bugtraq&m=135542848327757&w=2 http://marc.info/?l=bugtraq&m=135758563611658&w=2 http://rhn.redhat.com/errata/RHSA-2012-1385.html http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://rhn.redhat.com/errata/RHSA-2012-1392.html http://secunia.com/advi •