CVSS: 10.0EPSS: 1%CPEs: 185EXPL: 0CVE-2011-3548 – OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773)
https://notcve.org/view.php?id=CVE-2011-3548
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7, v6 Update 27 y anteriores, v5.0 Update 31 y anteriores, y 1v.4.2_33 y anteriores permite a aplicaciones remotas Java Web Start y applets Java no confiables afectar a la confidencialidad, integridad y disponibilidad, en relación con AWT. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •
CVSS: 10.0EPSS: 0%CPEs: 117EXPL: 0CVE-2011-3521 – Oracle Java IIOP Deserialization Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3521
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE, v7, v6 Update 27 y anteriores, y v5.0 Update 31 y anteriores permite a aplicaciones Java Web Start remotas no confiables y applets Java no confiables para que afecten a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la deserialización. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles IIOP deserialization. Due to insufficient type checking it is possible to trick java into allowing access to otherwise protected and private fields in built-in objects. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48308 http://secunia.com/advisories/48692 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.ibm •
CVSS: 10.0EPSS: 96%CPEs: 98EXPL: 1CVE-2011-3544 – Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3544
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7 y v6 Update 27 y anteriores permite a aplicaciones remotas Java Web Start y applets Java no confiables afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con secuencias de comandos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. • https://www.exploit-db.com/exploits/18171 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48308 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.ibm.com/developerworks/java/jdk/alerts http://ww •
CVSS: 9.3EPSS: 1%CPEs: 61EXPL: 0CVE-2011-3551 – OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640)
https://notcve.org/view.php?id=CVE-2011-3551
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7, v6 Update 27 y anteriores, y JRockit vR28.1.4 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el 2D. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48308 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.ibm.com/developerworks/java/jdk/alerts http://www.oracle.com/technetwork/topics/security/javacpuoct201 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 0%CPEs: 185EXPL: 0CVE-2011-3560 – OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936)
https://notcve.org/view.php?id=CVE-2011-3560
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE JDK y JRE v7, v6 Update 27 y anteriores, v5.0 Update 31 y anteriores, y v1.4.2_33 y anteriores, permite a aplicaciones Java Web Start remotas y no confiables afectar a la confidencialidad y integridad, en relación con JSSE. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •