CVSS: 10.0EPSS: 46%CPEs: 3EXPL: 0CVE-2013-0402 – Oracle Java FLV Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0402
08 Mar 2013 — Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Un desbordamiento de búfer basado en memoria dinámica ('heap') en Oracle Java 7 Update v17 y posiblemente otras versiones, permite a atacantes remotos ejecutar código de su elección a través de vecto... • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 97%CPEs: 2EXPL: 3CVE-2013-1488 – Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1488
08 Mar 2013 — The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013. El componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los atacantes remotos... • https://packetstorm.news/files/id/121956 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 86%CPEs: 2EXPL: 1CVE-2013-1491 – Oracle Java Font Handling Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1491
08 Mar 2013 — The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013. El componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, versión 6 Update 43 y anteriores, versión 5.0 Update 41 y anteriores, y JavaFX versión 2.2.7 y ... • https://github.com/guhe120/CVE20131491-JIT • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 93%CPEs: 174EXPL: 0CVE-2013-0809 – Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0809
04 Mar 2013 — Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. Vulnerabilidad sin especificar en el componente 2D en el componente JRE en Oracle Java SE 7 Update 15 y anteriores, 6 Update 41 y anteriores y 5.0 Update 40 y anteriores, permite a atacantes remotos ejec... • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 96%CPEs: 174EXPL: 2CVE-2013-1493 – Oracle Java cmmColorConvert Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1493
04 Mar 2013 — The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013. La funcionalidad de la gestión de color (CMM) en el componente 2D en Oracle Java SE 7 Update v15 y a... • https://www.exploit-db.com/exploits/24904 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 22EXPL: 0CVE-2013-1484 – Oracle Java setUncaughtExceptionHandler Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1484
20 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con las biblioteca... • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released •
CVSS: 9.8EPSS: 4%CPEs: 22EXPL: 0CVE-2013-1485 – Oracle Java doPrivilegedWithCombiner Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1485
20 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores permite a atacantes remotos para afectar la integridad a través de vectores desconocidos relacionados con las bibliotecas. This vulnerability allows remote attackers to execute arbitrar... • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released •
CVSS: 10.0EPSS: 1%CPEs: 170EXPL: 0CVE-2013-1486 – OpenJDK: MBeanServer insufficient privilege restrictions (JMX, 8006446)
https://notcve.org/view.php?id=CVE-2013-1486
20 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en el Java Runtime Environment (JRE) en el componente Oracle Java SE 7 Update 13 y anteriores, 6 Update 39 y anteriores, y v5.0 Update 39 y anteriores permite a atacantes remotos para afectar la confide... • http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released •
CVSS: 10.0EPSS: 1%CPEs: 98EXPL: 0CVE-2013-1487 – JDK: unspecified vulnerability fixed in 6u41 and 7u15 (Deployment)
https://notcve.org/view.php?id=CVE-2013-1487
20 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE 7 Update 13 y anteriores y 6 Update 39 y anteriores permite a atacantes remotos para afectar la confidencialidad, integridad y disponibilidad a través de vectore... • http://marc.info/?l=bugtraq&m=136439120408139&w=2 •
CVSS: 8.1EPSS: 2%CPEs: 241EXPL: 0CVE-2013-0434 – OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
https://notcve.org/view.php?id=CVE-2013-0434
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProper... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 •