CVSS: 9.3EPSS: 97%CPEs: 30EXPL: 1CVE-2013-2460 – Java Applet - ProviderSkeleton Insecure Invoke Method
https://notcve.org/view.php?id=CVE-2013-2460
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "insufficient access checks" in the tracing component. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con "insufficient access checks" en el componente de seguimiento. • https://www.exploit-db.com/exploits/26529 http://advisories.mageia.org/MGASA-2013-0185.html http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/160cde99bb1a http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://rhn.redhat.com/errata/RHSA-2013-1060.html http://secunia.com/advisorie •
CVSS: 10.0EPSS: 10%CPEs: 188EXPL: 0CVE-2013-2459 – OpenJDK: Various AWT integer overflow checks (AWT, 8009071)
https://notcve.org/view.php?id=CVE-2013-2459
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks." ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con "integer overflow checks". • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http:/&#x • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.6EPSS: 16%CPEs: 188EXPL: 0CVE-2013-2448 – Oracle Java Sequencer Security Manager Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2448
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes." ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con "access restrictions" insuficientes y "robustness of sound classes". • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/91ce9432f88d http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http:/&#x •
CVSS: 5.8EPSS: 0%CPEs: 188EXPL: 0CVE-2013-2454 – OpenJDK: SerialJavaObject package restriction (JDBC, 8009554)
https://notcve.org/view.php?id=CVE-2013-2454
Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema no restringe apropiadamente el acceso a determinados paquetes de clase en la clase SerialJavaObject, lo que permite a los atacantes remotos omitir el sandbox de Java. • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/ec931d812faa http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http:/&#x •
CVSS: 10.0EPSS: 94%CPEs: 188EXPL: 0CVE-2013-2463 – Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2463
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con la "Incorrect image attribute verification" en 2D. ... The issue lies in the ability to bypass validation checks leading to out-of-bounds array accesses. • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/b79d56eee18e http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http:/&#x •