CVSS: 5.0EPSS: 0%CPEs: 164EXPL: 0CVE-2013-0409 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)
https://notcve.org/view.php?id=CVE-2013-0409
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38, y v5 hasta Update 38 permite a atacantes remotos afectar la confidencialidad mediante vectores relacionados con JMX. • http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0236.html http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htm •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0425 – OpenJDK: logging insufficient access control checks (Libraries, 6664509)
https://notcve.org/view.php?id=CVE-2013-0425
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. Vulnerabilidad sin especificar en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 a la Update 11, 6 a la Update 38, y v5.0 a la Update 38, y v1.4.2_40 y anteriores, permite que atacantes remotos comprometan la integridad, confidencialidad y disponibilidad a través de vectores no especificados relacionados con "Libraries". Vulnerabilidad distinta de CVE-2013-0428 y CVE-2013-0426. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907344 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139& •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2013-0407
https://notcve.org/view.php?id=CVE-2013-0407
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. Una vulnerabilidad no especificada en Oracle Solaris v10 y v11 permite a usuarios locales afectar a la disponibilidad a través de vectores desconocidos relacionados con el Framework Kernel/DTrace. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19400 •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0400
https://notcve.org/view.php?id=CVE-2013-0400
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. Una vulnerabilidad no especificada en Oracle Solaris v9 y v10 permite a los usuarios locales afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el sistema de archivos/cachefs. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19308 •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0415
https://notcve.org/view.php?id=CVE-2013-0415
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. Una vulnerabilidad no especificada en Oracle Solaris v10 permite afectar la confidencialidad, integridad y disponibilidad a los usuarios locales a través de vectores desconocidos relacionados con el script Bind/Postinstall para el paquete Bind. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19370 •