CVSS: 10.0EPSS: 3%CPEs: 28EXPL: 0CVE-2013-2425 – JDK: unspecified vulnerability fixed in 7u21 (Install)
https://notcve.org/view.php?id=CVE-2013-2425
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la instalación. • http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16471 https://access.redhat.com/security/cve/CVE-2013-2425 https://bugzilla.redhat.com/show_bug.cgi?id=953268 •
CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 1CVE-2013-2416 – Java Web Start Launcher ActiveX Control - Memory Corruption
https://notcve.org/view.php?id=CVE-2013-2416
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con la implementación. The Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/24966 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16464 https://access.redhat.com/security/cve/CVE-2013-2416 https://bugzilla.redhat.com/show_bug.cgi?id=953266 •
CVSS: 5.0EPSS: 7%CPEs: 180EXPL: 0CVE-2013-2417 – OpenJDK: Network InetAddress serialization information disclosure (Networking, 8000724)
https://notcve.org/view.php?id=CVE-2013-2417
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, versión 6 Update 43 y anteriores, y versión 5.0 Update 41 y anteriores; y OpenJDK versiones 6 y 7 de Oracle; permite a los atacantes remotos afectar la disponibilidad por medio de vectores desconocidos relacionados con Networking. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/7ca8a40795d8 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html& •
CVSS: 10.0EPSS: 4%CPEs: 37EXPL: 0CVE-2013-2434 – Oracle Java t2k.dll glyph_AddPoint() Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2434
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores y JavaFX v2.2.7 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t2k.dll glyph_AddPoint() when rendering Type1 or Type2 fonts. Memory corruption could occur when manipulating a point count in the font file. • http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19462 https://access.redhat.com/security/cve/CVE-2013-2434 https://bugzilla.redhat.com/s •
CVSS: 10.0EPSS: 9%CPEs: 180EXPL: 0CVE-2013-2420 – Oracle Java setICMpixels Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2420
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, versión 6 Update 43 y anteriores, y versión 5.0 Update 41 y anteriores; y OpenJDK la versiones 6 y 7 de Oracle; permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad por medio de vectores desconocidos relacionados con 2D. NOTA: la información anterior procede de la CPU de abril de 2013. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/cf93d3828aa8 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html& •