CVSS: 10.0EPSS: 1%CPEs: 48EXPL: 0CVE-2011-0863 – Oracle Java Web Start Command Argument Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0863
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 6 Update 25 y anteriores, v5.0 Update 29 y anteriores, permite aplicaciones Java Web Start y Java applets que no son de confianza afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java webstart parses certain properties from the jnlp file. Due to insufficient quote escaping it is possible to supply additional command line parameters to the java process. • http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html http://marc.info/?l=bugtraq&m=132439520301822&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/44818 http://secunia.com •
CVSS: 7.6EPSS: 1%CPEs: 45EXPL: 0CVE-2010-4422 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4422
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v23 y anteriores permite a atacantes remotos vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Deployment. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.redhat.com/support/errata/RHSA-2011-0880.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12769 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mi •
CVSS: 7.6EPSS: 1%CPEs: 45EXPL: 0CVE-2010-4451 – JDK unspecified vulnerability in Install component
https://notcve.org/view.php?id=CVE-2010-4451
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Oracle Java SE y Java for Business v6 Update v23 y anteriores para Windows, cuando se usa Java Update, permite a atacantes remotos vulnerar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Install. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/errata/RHSA-2011-0282.html http://www.securityfocus.com/bid/46405 https://exchange.xforce.ibmcloud.com/vulnerabilities/65402 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13942 https://access.redhat.com/security/cve/CVE-2010-4451 https:// •
CVSS: 2.1EPSS: 0%CPEs: 45EXPL: 0CVE-2010-4474
https://notcve.org/view.php?id=CVE-2010-4474
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. Vulnerabilidad no especificada en el componente de Java DB en Oracle Java SE y Java for Business v6 Update 23 y anteriores permite a usuarios locales afectar la confidencialidad a través de vectores desconocidos relacionados con la seguridad, una vulnerabilidad similar a CVE-2009-4269. • http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.securityfocus.com/bid/46407 https://exchange.xforce.ibmcloud.com/vulnerabilities/65412 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14534 •
CVSS: 4.3EPSS: 0%CPEs: 161EXPL: 0CVE-2010-4447 – JDK unspecified vulnerability in Deployment component
https://notcve.org/view.php?id=CVE-2010-4447
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en Oracle Java SE y Java for Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores permite a aplicaciones Java Web Start remotas no confiables y applets de Java no confiables afectar la confidencialidad a través de vectores desconocidos relacionados con Deployment, una vulnerabilidad diferente a CVE-2010-4475. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/44954 http://secunia.com/advisories/49198 http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html http://www.redhat.com/support/erra •