CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1490
https://notcve.org/view.php?id=CVE-2013-1490
31 Jan 2013 — Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE 1.7.0_11-b21) allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors, aka "Issue 51," a different vulnerability than CVE-2013-0431. NOTE: as of 20130130, this vulnerability does not contain any independently-verifiable details, and there is no vendor acknowledgement. A CVE identifier is being assigned because this vulnerability has received significant public attention, and the original researcher has an ... • http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version •
CVSS: 10.0EPSS: 3%CPEs: 8EXPL: 0CVE-2013-1489 – 7: bypass of the security level setting in browser plugin (Deployment, SE-2012-01 Issue 53)
https://notcve.org/view.php?id=CVE-2013-1489
31 Jan 2013 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (... • http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 •
CVSS: 10.0EPSS: 8%CPEs: 20EXPL: 0CVE-2012-3174 – Oracle Java Runtime Environment MethodHandle Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-3174
14 Jan 2013 — Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. Vulnerabilidad no especificada en Oracle Java 7 ... • http://blog.fuseyism.com/index.php/2013/01/15/security-icedtea-2-1-4-2-2-4-2-3-4-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 93%CPEs: 22EXPL: 1CVE-2013-0422 – Oracle JRE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0422
10 Jan 2013 — Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun... • https://www.exploit-db.com/exploits/24045 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
28 Nov 2012 — Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar... • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5373
https://notcve.org/view.php?id=CVE-2012-5373
28 Nov 2012 — Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. Oracle Java SE 7 y anteriores, y OpenJDK 7 y anteriores, calcula l... • http://2012.appsec-forum.ch/conferences/#c17 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2012-3202
https://notcve.org/view.php?id=CVE-2012-3202
17 Oct 2012 — Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. Múltiples vulnerabilidades no especificadas en el componente Oracle JRockit en Oracle Fusion Middleware v28.2.4 y anteriores, y v27.7.3 y versiones anteriores, c... • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •
CVSS: 10.0EPSS: 45%CPEs: 82EXPL: 3CVE-2012-1533 – Java - Web Start Double Quote Injection Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-1533
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 7 y versiones anteriores y 6 Update 35 y versiones anteriores, permite a atacantes remotos af... • https://packetstorm.news/files/id/121951 •
CVSS: 10.0EPSS: 1%CPEs: 234EXPL: 0CVE-2012-1531 – JDK: unspecified vulnerability (2D)
https://notcve.org/view.php?id=CVE-2012-1531
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, v5.0 Update ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •
CVSS: 10.0EPSS: 1%CPEs: 82EXPL: 0CVE-2012-1532 – JDK: unspecified vulnerability (Deployment)
https://notcve.org/view.php?id=CVE-2012-1532
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, permite a atacantes remotos afectar la confidencialidad , la integridad y la dispon... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •