CVSS: 9.3EPSS: 31%CPEs: 128EXPL: 0CVE-2012-4820 – JDK: java.lang.reflect.Method invoke() code execution
https://notcve.org/view.php?id=CVE-2012-4820
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." Vulnerabilidad no especificada en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, ejecutandose en un gestor de seguridad, permite a atacantes remotos obtener privilegios modificando o eliminando el gestor de seguridad a través de vectores relacionados con "uso inseguro del método java.lang.reflect.Method invoke()" • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •
CVSS: 9.3EPSS: 82%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar códigoa través de vectores relacionados con "uso inseguro de uso [de] métodos múltiples en la clase java.lang.class class." • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3387 – java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9
https://notcve.org/view.php?id=CVE-2011-3387
The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311. El analizador de archivos de clase en IBM Java v1.4.2 SR13 FP9 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria o un bucle infinito) a través de un campo de atributo de longitud modificada en un archivo de clase, relacionado con la validación de un campo de longitud en el momento equivocado, una vulnerabilidad diferente a CVE-2011-0311. • http://www.redhat.com/support/errata/RHSA-2011-1265.html https://exchange.xforce.ibmcloud.com/vulnerabilities/69641 https://www-304.ibm.com/support/docview.wss?uid=isg1PM42551 https://access.redhat.com/security/cve/CVE-2011-3387 https://bugzilla.redhat.com/show_bug.cgi?id=737128 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 1%CPEs: 30EXPL: 0CVE-2011-0311 – IBM JDK Class file parsing denial-of-service
https://notcve.org/view.php?id=CVE-2011-0311
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. El analizador de archivos de clases en IBM Java antes de v1.4.2 SR13 FP9, tal como se utiliza en IBM Runtimes para Java Technology v5.0.0 antes de SR13 y v6.0.0 antes de SR10, permite a usuarios autenticados remotamente provocar una denegación de servicio (fallo de segmentación de JVM, y posiblemente, el consumo de memoria o un bucle infinito) a través de un campo de atributo de longitud modificada en un archivo de clase, lo que provoca una sobrelectura de buffer. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89602 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ89620 http://www.redhat.com/support/errata/RHSA-2011-1159.html http://www.redhat.com/support/errata/RHSA-2011-1265.html https://exchange.xforce.ibmcloud.com/vulnerabilities/65189 https://www-304.ibm.com/support/docview.wss?uid=i • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2010-0887 – Java: Java Web Start arbitrary command line injection
https://notcve.org/view.php?id=CVE-2010-0887
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad sin especificar en el componente New Java Plug-in en Oracle Java SE y Java para Business JDK y JRE 6 Update 18 y 19, permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/39819 http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0886.html http://www.vupen.com/english/advisories/2010/1191 https://access.redhat.com/security/cv •