Page 6 of 126 results (0.006 seconds)

CVSS: 10.0EPSS: 17%CPEs: 257EXPL: 0

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. Vulnerabilidad no especificada en el componente 2D en Oracle Java SE y Java for Business 6 Update 21, v5.0 Update 25, v1.4.2_27 y v1.3.1_28 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://marc.info/? •

CVSS: 5.1EPSS: 2%CPEs: 257EXPL: 0

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy. Vulnerabilidad no especificada en el componente de Networking en Oracle Java SE y Java for Business v6 Update 21, v5.0 Update 25, v1.4.2_27, y v1..3.1_28 permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://marc.info/? •

CVSS: 10.0EPSS: 29%CPEs: 257EXPL: 0

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. Vulnerabilidad sin especificar en el componente Sound en Oracle Java SE y Java for Business 6 Update 21, v5.0 Update 25, v1.4.2_27 y v 1.3.1_28 permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/41967 http://secunia.com/advisories/42974 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100123193 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.oracle. •

CVSS: 10.0EPSS: 2%CPEs: 149EXPL: 0

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. Vulnerabilidad no especificada en el componente 2D en Oracle Java SE y Java for Business v6 Update 21, v5.0 Update 25 y v1.4.2_27 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://marc.info/? •

CVSS: 10.0EPSS: 13%CPEs: 257EXPL: 0

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile. Vulnerabilidad no especificada en el componente 2D en Oracle Java SE y Java for Business v6 Update 21, v5.0 Update 25, v1.4.2_27 y v1.3.1_28 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime Environment. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/42377 http://secunia.com/advisories/42974 http://secunia.com/advisories/43005 http://secunia.com/advisories/44954 http://support.avaya.com/css/P8/documents/100114315&# •