CVSS: 8.1EPSS: 2%CPEs: 241EXPL: 0CVE-2013-0434 – OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)
https://notcve.org/view.php?id=CVE-2013-0434
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProper... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907453 •
CVSS: 10.0EPSS: 7%CPEs: 241EXPL: 0CVE-2013-0442 – OpenJDK: insufficient privilege checking issue (AWT, 7192977)
https://notcve.org/view.php?id=CVE-2013-0442
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that byp... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=906899 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0449 – JDK: unspecified vulnerability fixed in 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2013-0449
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Vulnerabilidad sin especificar en el Java Runtime Environment (JRE) de Oracle Java SE v7 hasta la Update v11 permite ataques remotos que afectan a la confidencialidad por vectores desconocidos relacionados con Deployment Potential security vulnerabilities have been identified with HP Service Manager and Se... • http://marc.info/?l=bugtraq&m=136439120408139&w=2 •
CVSS: 10.0EPSS: 2%CPEs: 94EXPL: 0CVE-2013-0446 – JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)
https://notcve.org/view.php?id=CVE-2013-0446
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. Vulnerabilidad no especificada en el componente Java Runtime Enviroment (JRE) en Oracle Java SE v7 hasta Update 11 y v6 hasta Update 38 permite a atacantes remotos afectar la inte... • http://marc.info/?l=bugtraq&m=136439120408139&w=2 •
CVSS: 8.1EPSS: 2%CPEs: 22EXPL: 0CVE-2013-0444 – OpenJDK: MethodFinder insufficient checks for cached results (Beans, 7200493)
https://notcve.org/view.php?id=CVE-2013-0444
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods t... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907218 •
CVSS: 10.0EPSS: 7%CPEs: 241EXPL: 0CVE-2013-0441 – OpenJDK: missing serialization restriction (CORBA, 7201066)
https://notcve.org/view.php?id=CVE-2013-0441
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue al... • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 •
CVSS: 10.0EPSS: 4%CPEs: 164EXPL: 0CVE-2013-0450 – OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)
https://notcve.org/view.php?id=CVE-2013-0450
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean cl... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 8.1EPSS: 7%CPEs: 241EXPL: 0CVE-2013-0440 – OpenJDK: CPU consumption DoS via repeated SSL ClientHello packets (JSSE, 7192393)
https://notcve.org/view.php?id=CVE-2013-0440
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets tha... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 10.0EPSS: 7%CPEs: 164EXPL: 0CVE-2013-0445 – OpenJDK: insufficient privilege checking issue (AWT, 8001057)
https://notcve.org/view.php?id=CVE-2013-0445
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. Vul... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •
CVSS: 8.1EPSS: 3%CPEs: 241EXPL: 0CVE-2013-0443 – OpenJDK: insufficient Diffie-Hellman public key checks (JSSE, 7192392)
https://notcve.org/view.php?id=CVE-2013-0443
02 Feb 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote att... • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS •