CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 0CVE-2013-0401 – Oracle Java DragAndDrop Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0401
Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado a la invocación del cargador de clases del sistema por la clase sun.awt.datatransfer.ClassLoaderObjectInputStream, que permite a los atacantes remotos omitirlas restricciones del sandbox de Java. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/31c782610044 http://lists.opensuse.org/opensuse-security-announce/2013-05 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 77%CPEs: 87EXPL: 0CVE-2013-0641 – Adobe Reader Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2013-0641
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. Vulnerabilidad no especificada en Adobe Reader y Acrobat v9.x hasta v9.5.3, 10.x hasta v10.1.5, v11.0.1 y 11.x que permite a atacantes remotos ejecutar código arbitrario a través de un documento PDF manipulado, explotado libremente en febrero de 2013, una vulnerabilidad diferente a CVE-2013-0640. A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. • http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html http:/ •
CVSS: 10.0EPSS: 4%CPEs: 241EXPL: 0CVE-2013-1475 – OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)
https://notcve.org/view.php?id=CVE-2013-1475
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. Vulnerabilidad sin especificar en el Java Runtime Environment (JRE) de oracle Java SE v7 hasta la Update v11, desde la v6 hasta la Update v38, desde la v5.0 hasta la Update v38, y la v1.4.2_40 junto con anteriores que permite ataques remotos que afectan la confidencialidad, la integridad y la disponibilidad por vectores relacionados con CORBA • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/127e4c348a71 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn&# •
CVSS: 5.0EPSS: 97%CPEs: 12EXPL: 1CVE-2013-0431 – Oracle JRE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2013-0431
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. Una Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Java SE versión 7 hasta Update 11 y OpenJDK versión 7 de Oracle, permite a los atacantes remotos asistidos por el usuario omitir el sandbox de seguridad Java por medio de vectores no especificados relacionados con JMX, también se conoce como "Issue 52", una vulnerabilidad diferente de CVE-2013-1490. Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. • https://www.exploit-db.com/exploits/24539 http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://rhn.re •
CVSS: 10.0EPSS: 96%CPEs: 9EXPL: 2CVE-2012-5076 – Oracle Java SE Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2012-5076
An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. • https://www.exploit-db.com/exploits/24309 https://www.exploit-db.com/exploits/22657 http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://rhn.redhat.com/errata/RHSA-2012-1386.html http://rhn.redhat.com/errata/RHSA-2012-1391.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://secunia.com/advisories/51029 http://secunia.com/advisories/51326 http://secunia.com/advisories/51390 http://security.gentoo.org/glsa/glsa-201406-32.xml http:& •