Page 57 of 430 results (0.012 seconds)

CVSS: 10.0EPSS: 2%CPEs: 93EXPL: 0

CVE-2010-3566 – Oracle Sun JRE ICC Profile Device Information Tag Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3566

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile. Vulnerabilidad no especificada en el componente 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update y 25 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. NOTA: la información previa fue obtenida de la CPU Octubre 2010. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/41967 http://secunia.com/advisories/41972 http://secunia.com/advisories/42377 http://secunia.com/advisories/42974 http://secunia.com/advisories/44954 http://security.gentoo.org/glsa/glsa-201406-32.xml http://support.avaya.com/css/ •

CVSS: 10.0EPSS: 13%CPEs: 257EXPL: 0

CVE-2010-3571 – Oracle Sun Java ICC Profile Unicode Description Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-3571

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. Vulnerabilidad no especificada en el componente 2D en Oracle Java SE y Java for Business v6 Update 21, v5.0 Update 25, v1.4.2_27 y v1.3.1_28 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/42377 http://secunia.com/advisories/42974 http://secunia.com/advisories/43005 http://secunia.com/advisories/44954 http://support.avaya.com/css/P8/documents/100114315&# •

CVSS: 9.3EPSS: 93%CPEs: 4EXPL: 2

CVE-2010-1423 – Sun Java Web Start Plugin - Command Line Argument Injection

https://notcve.org/view.php?id=CVE-2010-1423

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección de argumento en el manejador URI en (a) Java NPAPI plugin y (b) Java Deployment Toolkit en Java v6 Update v10, 1v9, y otras versiones, cuando corre en Windows y probablemente en Linux, permite a atacantes remotos ejecutar código de su elección a través del argumento (1) -J o (2) -XXaltjvm en javaws.exe, que es procesado por el método launch. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros. • https://www.exploit-db.com/exploits/41700 http://lists.grok.org.uk/pipermail/full-disclosure/2010-April/074036.html http://osvdb.org/63648 http://secunia.com/advisories/39260 http://www.kb.cert.org/vuls/id/886582 http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1 http://www.securitytracker.com/id?1023840 http://www.vupen.com/english/advisories/2010/0853 https://exchange.xforce.ibmcloud.com/vulnerabilities/57615 https://oval.cisecurity.org/re • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.1EPSS: 2%CPEs: 238EXPL: 0

CVE-2010-0085 – OpenJDK File TOCTOU deserialization vulnerability (6736390)

https://notcve.org/view.php?id=CVE-2010-0085

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-0088. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.5EPSS: 3%CPEs: 238EXPL: 0

CVE-2010-0087 – JDK unspecified vulnerability in JWS/Plugin component

https://notcve.org/view.php?id=CVE-2010-0087

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java Web Start, Java Plug-in en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia& •