CVE-2013-2445 – OpenJDK: Better handling of memory allocation errors (Hotspot, 7158805)
https://notcve.org/view.php?id=CVE-2013-2445
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors." ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con el "handling of memory allocation errors". • http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/ed3ac73a70ab http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://marc.info/?l=bugtraq&m=137545592101387&w=2 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://secunia.com/advisories/54154 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories& •
CVE-2013-2465 – Oracle Java SE Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2013-2465
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema permite a los atacantes remotos omitir el sandbox de Java por medio de vectores relacionados con la "Incorrect image attribute verification" en 2D. • https://www.exploit-db.com/exploits/27705 http://advisories.mageia.org/MGASA-2013-0185.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-se •
CVE-2013-2730 – AdobeCollabSync - Local Buffer Overflow / Adobe Reader X Sandbox Bypass
https://notcve.org/view.php?id=CVE-2013-2730
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733. Desbordamiento de búfer en Adobe Reader y Acrobat v9.x anterior a v9.5.5, v10.x anterior a v10.1.7, y v11.x anterior a v11.0.03 permite a atacantes remotos ejecutar código arbitrario mediante vectores desconocidos, una vulnerabilidad diferente a CVE-2013-2733. • https://www.exploit-db.com/exploits/25725 https://github.com/feliam/CVE-2013-2730 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0826.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://www.adobe.com/support/security/bulletins/apsb13-15.html http://www.securityfocus.com/bid/59923 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16631 https://access.redhat.com/securi • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-2422 – OpenJDK: MethodUtil trampoline class incorrect restrictions (Libraries, 8009857)
https://notcve.org/view.php?id=CVE-2013-2422
Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado con restricciones inapropiadas de invocación de método para la clase de trampolín MethodUtil, lo que permite a los atacantes remotos omitir el sandbox de Java. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2899c3dbf5e8 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html ht •
CVE-2013-2426 – Oracle Java java.util.concurrent.ConcurrentHashMap Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2426
Oracle has not commented on claims from another vendor that this issue is related to incorrect invocation of the defaultReadObject method in the ConcurrentHashMap class, which allows remote attackers to bypass the Java sandbox. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado a la invocación incorrecta del método defaultReadObject en la clase ConcurrentHashMap, que permite a los atacantes remotos omitir el sandbox de Java. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/98ad2f1e25d1 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://mail. •