CVSS: 9.8EPSS: 8%CPEs: 7EXPL: 1CVE-2014-2483 – OpenJDK: Restrict use of privileged annotations (Libraries, 8034985)
https://notcve.org/view.php?id=CVE-2014-2483
16 Jul 2014 — Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." Vulnerabilidad no especificada en el componente Ja... • http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1876 – OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)
https://notcve.org/view.php?id=CVE-2014-1876
10 Feb 2014 — The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log. La función unpacker::redirect_stdio en unpack.cpp en unpack200 en OpenJDK 6, 7 y 8; Oracle Java SE 5.0u61, 6u71, 7u51 y 8; JRockit R27.8.1 y R28.3.1; y Java... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737562 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 8.1EPSS: 64%CPEs: 56EXPL: 0CVE-2013-2461 – OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)
https://notcve.org/view.php?id=CVE-2013-2461
18 Jun 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that thi... • http://advisories.mageia.org/MGASA-2013-0185.html •
CVSS: 5.9EPSS: 1%CPEs: 72EXPL: 1CVE-2013-0169 – SSL/TLS: CBC padding timing attack (lucky-13)
https://notcve.org/view.php?id=CVE-2013-0169
05 Feb 2013 — The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. El protocolo TLS v1.1 y v1.2 y el protocolo DTLS v1.0 y v1.2, tal como se... • https://github.com/wearohat/lucky13 • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 91%CPEs: 12EXPL: 2CVE-2013-0431 – Oracle JRE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0431
31 Jan 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 hasta Update 11 y OpenJDK versión 7 de Oracle, permite a los atacantes remotos asistidos por el usuario ... • https://packetstorm.news/files/id/120527 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5373
https://notcve.org/view.php?id=CVE-2012-5373
28 Nov 2012 — Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. Oracle Java SE 7 y anteriores, y OpenJDK 7 y anteriores, calcula l... • http://2012.appsec-forum.ch/conferences/#c17 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 1CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
28 Nov 2012 — Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar... • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 2%CPEs: 4EXPL: 2CVE-2009-0581 – LittleCms memory leak
https://notcve.org/view.php?id=CVE-2009-0581
23 Mar 2009 — Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Fuga de memoria en versiones de LittleCMS (alias LCMS o liblcms) anteriores a la 1.18beta2, tal como se utiliza en Firefox 3.1beta, OpenJDK, y el GIMP, permite causar, a atacantes dependientes de contexto, una denegación de servicio (mediante consumo de memoria y cai... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-0723 – LittleCms integer overflow
https://notcve.org/view.php?id=CVE-2009-0723
23 Mar 2009 — Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de enteros en LittleCMS (también conocido como lcms o liblcms) anteriores a v1.18beta2, como el utilizado en Firefox v3.1beta, OpenJDK, y GIMP, permiten a atac... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 2CVE-2009-0733 – LittleCms lack of upper-bounds check on sizes
https://notcve.org/view.php?id=CVE-2009-0733
23 Mar 2009 — Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions. Múltiples desbordamientos de búfer basados en pila en la función ReadSetOfCurves en LittleCMS (alias LCMS o liblcms) antes d... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-787: Out-of-bounds Write •