CVSS: 9.3EPSS: 3%CPEs: 189EXPL: 0CVE-2013-2394 – Oracle Java t2k Type1 Subroutine Indexing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2394
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. Vulnerabilidad no especificada en Java Runtime Environment (JRE) componente de Oracle Java SE v7 Update v17 y anteriores, v6 Update v43 y anteriores, y v5.0 Update v41 y anteriores, y JavaFX v2.2.7 y anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D, una vulnerabilidad diferente de CVE-2013-2432 y CVE-2013-1491. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Type1 fonts in t2k.dll. A file parsing vulnerability can occur by controlling a value placed after the "/Subrs" keyword in the eexec portion of the file which defines a size of an array. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat& •
CVSS: 10.0EPSS: 13%CPEs: 37EXPL: 0CVE-2013-2428 – Oracle Java JavaFX WebPage Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2428
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE 7 Update 17 y anteriores y JavaFX 2.2.7 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con JavaFX, una vulnerabilidad diferente a CVE-2013-0402, CVE-2013-2414 y CVE-2013-2427. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JavaFX WebPage class. A descendant class can overwrite the getPage method with a custom pointer into the native function. • http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16416 https://access.redhat.com/security/cve/CVE-2013-2428 https://bugzilla.redhat.com/show_bug.cgi?id=953135 •
CVSS: 10.0EPSS: 28%CPEs: 3EXPL: 0CVE-2013-0402 – Oracle Java FLV Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0402
Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Un desbordamiento de búfer basado en memoria dinámica ('heap') en Oracle Java 7 Update v17 y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, como fue demostrado por VUPEN durante el concurso Pwn2Own en CanSecWest 2013. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FLV files. The issue lies in the parsing of a FLV file with two video tags using the On2 VP6 codec. • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15728 https://twitter.com/thezdi/status/309484730506698752 https://access.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 12%CPEs: 7EXPL: 0CVE-2012-4301
https://notcve.org/view.php?id=CVE-2012-4301
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an "invalid type case" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU. Vulnerabilidad sin especificar en el componente JavaFX en Oracle Java SE JavaFX v2.2.4 y anteriores, permite a atacantes remotos comprometer la integridad, disponibilidad y confidencialidad a través de vectores no especificados.. • http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1027 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16180 •
CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0CVE-2013-1472
https://notcve.org/view.php?id=CVE-2013-1472
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. Vulnerabilidad sin especificar en JavaFX de Oracle Java SE JavaFX v2.2.4 y anteriores que afectan a la confidencialidad, integridad, y disponibilidad por vectores desconocidos. Esta vulnerabilidad es diferente a la otras con otros CVEs listados en febrero de 2013. • http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.us-cert.gov/cas/techalerts/TA13-032A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16620 •