CVSS: 10.0EPSS: 93%CPEs: 22EXPL: 1CVE-2013-0422 – Oracle JRE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0422
10 Jan 2013 — Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun... • https://www.exploit-db.com/exploits/24045 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 1CVE-2012-2739
https://notcve.org/view.php?id=CVE-2012-2739
28 Nov 2012 — Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Oracle Java SE anteriores a 7 Update 6, y OpenJDK 7 anteriores a 7u6 build 12 y 8 anteriores a build 39, calculan los valores de hash sin restringir la posibilidad de provocar... • http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5373
https://notcve.org/view.php?id=CVE-2012-5373
28 Nov 2012 — Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739. Oracle Java SE 7 y anteriores, y OpenJDK 7 y anteriores, calcula l... • http://2012.appsec-forum.ch/conferences/#c17 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2012-3202
https://notcve.org/view.php?id=CVE-2012-3202
17 Oct 2012 — Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and CVE-2012-5085. Múltiples vulnerabilidades no especificadas en el componente Oracle JRockit en Oracle Fusion Middleware v28.2.4 y anteriores, y v27.7.3 y versiones anteriores, c... • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 •
CVSS: 10.0EPSS: 45%CPEs: 82EXPL: 3CVE-2012-1533 – Java - Web Start Double Quote Injection Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-1533
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 7 y versiones anteriores y 6 Update 35 y versiones anteriores, permite a atacantes remotos af... • https://packetstorm.news/files/id/121951 •
CVSS: 10.0EPSS: 1%CPEs: 234EXPL: 0CVE-2012-1531 – JDK: unspecified vulnerability (2D)
https://notcve.org/view.php?id=CVE-2012-1531
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, v5.0 Update ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •
CVSS: 10.0EPSS: 1%CPEs: 82EXPL: 0CVE-2012-1532 – JDK: unspecified vulnerability (Deployment)
https://notcve.org/view.php?id=CVE-2012-1532
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, permite a atacantes remotos afectar la confidencialidad , la integridad y la dispon... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 1CVE-2012-5067 – Java Applet - JAX-WS Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-5067
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con el "Deployment". Multiple vulnerabilities have been found in... • https://www.exploit-db.com/exploits/22657 •
CVSS: 9.8EPSS: 1%CPEs: 82EXPL: 0CVE-2012-5068 – OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
https://notcve.org/view.php?id=CVE-2012-5068
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, permite a atacantes remotos afectar la confidencialidad , la integridad y la dispo... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •
CVSS: 9.1EPSS: 0%CPEs: 150EXPL: 0CVE-2012-5069 – OpenJDK: Executors state handling issues (Concurrency, 7189103)
https://notcve.org/view.php?id=CVE-2012-5069
16 Oct 2012 — Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 7 y versiones anteriores, v6 Update 35 y anteriores, v5.0 Update 36 y anteriores permite a atacantes remotos afectar la co... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html •