CVE-2010-3559 – Oracle Java Runtime HeadspaceSoundbank.nGetName BANK Record Size Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3559
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow. Vulnerabilidad sin especificar en el componente Sound en Oracle Java SE y Java for Business 6 Update 21, v5.0 Update 25, v1.4.2_27 y v 1.3.1_28 permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Oracle Java Runtime. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/41967 http://secunia.com/advisories/42974 http://support.avaya.com/css/P8/documents/100114315 http://support.avaya.com/css/P8/documents/100123193 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.oracle. •
CVE-2010-3565 – Oracle Sun JRE JPEGImageWriter.writeImage Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3565
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API. Vulnerabilidad no especificada en el componente 2D en Oracle Java SE y Java for Business v6 Update 21, v5.0 Update 25 y v1.4.2_27 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02616748 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html http://marc.info/? •
CVE-2010-0839 – JDK multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0839
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Sound en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/39317 http://secunia.com/advisories/39659 http://secunia.com/advisories/40545 http://secunia.com/advisories/43308 http://www.orac •
CVE-2010-0087 – JDK unspecified vulnerability in JWS/Plugin component
https://notcve.org/view.php?id=CVE-2010-0087
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java Web Start, Java Plug-in en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia& •
CVE-2010-0088 – OpenJDK Inflater/Deflater clone issues (6745393)
https://notcve.org/view.php?id=CVE-2010-0088
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2010-0085. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 http://lists.apple.com/archives/security-announce/2010//May/msg00001.html http://lists.apple.com/archives/security-announce/2010//May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://marc.info/?l=bugtraq&m=127557596201693&w=2 •