CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0CVE-2013-5775 – JDK: multiple unspecified vulnerabilities fixed in 7u45 (JavaFX)
https://notcve.org/view.php?id=CVE-2013-5775
Unspecified vulnerability in the Java SE and JavaFX components in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-5777. Vulnerabilidad no especificada en los componentes Java SE y JavaFX en Oracle Java SE 7u40 y versiones anteriores y JavaFX 2.2.40 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2013-5777. • http://marc.info/?l=bugtraq&m=138674073720143&w=2 http://rhn.redhat.com/errata/RHSA-2013-1440.html http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html http://www.securityfocus.com/bid/63144 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19216 https://access.redhat.com/security/cve/CVE-2013-5775 https://bugzilla.redhat.com/show_bug.cgi?id=1019722 •
CVSS: 4.3EPSS: 90%CPEs: 198EXPL: 1CVE-2013-1571 – OpenJDK: Frame injection in generated HTML (Javadoc, 8012375)
https://notcve.org/view.php?id=CVE-2013-1571
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 21 y anteriores, 6 Update 45 y anteriores, v5.0 Update 45 y anteriores, y JavaFX v2.2.21 y anteriores, permite a atacantes remotos afectar a la integridad mediante vectores relacionados con Javadoc. NOTA: la información anterior es de la CPU de junio de 2013. • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/langtools/rev/17ee569d0c01 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http:&#x •
CVSS: 5.0EPSS: 9%CPEs: 198EXPL: 0CVE-2013-2444 – OpenJDK: Resource denial of service (AWT, 8001038)
https://notcve.org/view.php?id=CVE-2013-2444
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 Update 21 y anteriores, versión 6 Update 45 y anteriores, y versión 5.0 Update 45 y anteriores; JavaFX versión 2.2.21 y anteriores; y OpenJDK versión 7 de Oracle, permite a los atacantes remotos afectar a la disponibilidad por medio de vectores relacionados con AWT. NOTA: la información previa es de la CPU de junio de 2013. • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/09c14ca57ff0 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http:/&#x •
CVSS: 10.0EPSS: 1%CPEs: 189EXPL: 0CVE-2013-2432 – JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)
https://notcve.org/view.php?id=CVE-2013-2432
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores, v6 Update v43 y anteriores, v5.0 Update v41 y anteriores, y JavaFX v2.2.7 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y la disponibilidad a través de vectores desconocidos relacionados con 2D, una vulnerabilidad diferente a CVE-2013-2394 y CVE-2013-1491. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://rhn.redhat& •
CVSS: 10.0EPSS: 4%CPEs: 37EXPL: 0CVE-2013-2434 – Oracle Java t2k.dll glyph_AddPoint() Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2434
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el entorno de ejecución de Java (JRE) en el componente Oracle Java SE v7 Update v17 y anteriores y JavaFX v2.2.7 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con 2D. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t2k.dll glyph_AddPoint() when rendering Type1 or Type2 fonts. Memory corruption could occur when manipulating a point count in the font file. • http://marc.info/?l=bugtraq&m=137283787217316&w=2 http://rhn.redhat.com/errata/RHSA-2013-0757.html http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html http://www.us-cert.gov/ncas/alerts/TA13-107A https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16201 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19462 https://access.redhat.com/security/cve/CVE-2013-2434 https://bugzilla.redhat.com/s •