Page 57 of 439 results (0.012 seconds)

CVSS: 10.0EPSS: 96%CPEs: 41EXPL: 1

CVE-2010-3563 – Sun Java Web Start BasicServiceImpl Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3563

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. Vulnerabilidad no especificada en el componente Deployment en Oracle Java SE y Java for Business 6 Update 21 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Octubre 2010. • https://www.exploit-db.com/exploits/16495 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/44954 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100123193 http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html http://w •

CVSS: 10.0EPSS: 2%CPEs: 93EXPL: 0

CVE-2010-3566 – Oracle Sun JRE ICC Profile Device Information Tag Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3566

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. Vulnerabilidad no especificada en el componente 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update y 25 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Octubre 2010. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/41967 http://secunia.com/advisories/41972 http://secunia.com/advisories/42377 http://secunia.com/advisories/42974 http://secunia.com/advisories/44954 http://security.gentoo.org/glsa/glsa-201406-32.xml http://support.avaya.com/css/ •

CVSS: 9.3EPSS: 93%CPEs: 4EXPL: 2

CVE-2010-1423 – Sun Java Web Start Plugin - Command Line Argument Injection

https://notcve.org/view.php?id=CVE-2010-1423

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección de argumento en el manejador URI en (a) Java NPAPI plugin y (b) Java Deployment Toolkit en Java v6 Update v10, 1v9, y otras versiones, cuando corre en Windows y probablemente en Linux, permite a atacantes remotos ejecutar código de su elección a través del argumento (1) -J o (2) -XXaltjvm en javaws.exe, que es procesado por el método launch. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/41700 http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html http://osvdb.org/63648 http://secunia.com/advisories/39260 http://www.kb.cert.org/vuls/id/886582 http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1 http://www.securitytracker.com/id?1023840 http://www.vupen.com/english/advisories/2010/0853 https://exchange.xforce.ibmcloud.com/vulnerabilities/57615 https://oval.cisecurity.org/re • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.1EPSS: 2%CPEs: 238EXPL: 0

CVE-2010-0085 – OpenJDK File TOCTOU deserialization vulnerability (6736390)

https://notcve.org/view.php?id=CVE-2010-0085

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-0088. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.5EPSS: 3%CPEs: 238EXPL: 0

CVE-2010-0848 – OpenJDK AWT Library Invalid Index Vulnerability (6914823)

https://notcve.org/view.php?id=CVE-2010-0848

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java 2D en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 •