CVSS: 7.8EPSS: 2%CPEs: 188EXPL: 0CVE-2013-2445 – OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805)
https://notcve.org/view.php?id=CVE-2013-2445
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con el "handling of memory allocation errors". • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/ed3ac73a70ab http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://marc.info/?l=bugtraq&m=137545592101387&w=2 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://secunia.com/advisories/54154 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories& •
CVSS: 5.8EPSS: 0%CPEs: 188EXPL: 0CVE-2013-2454 – OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
https://notcve.org/view.php?id=CVE-2013-2454
Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema no restringe apropiadamente el acceso a determinados paquetes de clase en la clase SerialJavaObject, lo que permite a los atacantes remotos omitir el sandbox de Java. • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ec931d812faa http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http:/&#x •
CVSS: 10.0EPSS: 7%CPEs: 93EXPL: 3CVE-2013-2730 – AdobeCollabSync - Local Buffer Overflow / Adobe Reader X Sandbox Bypass
https://notcve.org/view.php?id=CVE-2013-2730
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733. Desbordamiento de búfer en Adobe Reader y Acrobat v9.x anterior a v9.5.5, v10.x anterior a v10.1.7, y v11.x anterior a v11.0.03 permite a atacantes remotos ejecutar código arbitrario mediante vectores desconocidos, una vulnerabilidad diferente a CVE-2013-2733. • https://www.exploit-db.com/exploits/25725 https://github.com/feliam/CVE-2013-2730 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0826.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://www.adobe.com/support/security/bulletins/apsb13-15.html http://www.securityfocus.com/bid/59923 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16631 https://access.redhat.com/securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 28EXPL: 0CVE-2013-2421 – OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
https://notcve.org/view.php?id=CVE-2013-2421
Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado con búsquedas incorrectas de MethodHandle, lo que permite a los atacantes remotos omitir las restricciones del sandbox de Java. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/663b5c744e82 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://mail& •
CVSS: 10.0EPSS: 8%CPEs: 106EXPL: 0CVE-2013-2422 – OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
https://notcve.org/view.php?id=CVE-2013-2422
Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado con restricciones inapropiadas de invocación de método para la clase de trampolín MethodUtil, lo que permite a los atacantes remotos omitir el sandbox de Java. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2899c3dbf5e8 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html ht •