CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 0CVE-2013-0401 – Oracle Java DragAndDrop Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0401
Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado a la invocación del cargador de clases del sistema por la clase sun.awt.datatransfer.ClassLoaderObjectInputStream, que permite a los atacantes remotos omitirlas restricciones del sandbox de Java. ... The issue lies in the ability to bypass checks in the Proxy class. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/31c782610044 http://lists.opensuse.org/opensuse-security-announce/2013-05 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 77%CPEs: 87EXPL: 0CVE-2013-0641 – Adobe Reader Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2013-0641
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013. Vulnerabilidad no especificada en Adobe Reader y Acrobat v9.x hasta v9.5.3, 10.x hasta v10.1.5, v11.0.1 y 11.x que permite a atacantes remotos ejecutar código arbitrario a través de un documento PDF manipulado, explotado libremente en febrero de 2013, una vulnerabilidad diferente a CVE-2013-0640. A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. • http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html http: •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-0441 – OpenJDK: missing serialization restriction (CORBA, 7201066)
https://notcve.org/view.php?id=CVE-2013-0441
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907458 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/307ddc7799c7 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http:/& •
CVSS: 10.0EPSS: 4%CPEs: 241EXPL: 0CVE-2013-1475 – OpenJDK: IIOP type reuse sandbox bypass (CORBA, 8000540, SE-2012-01 Issue 50)
https://notcve.org/view.php?id=CVE-2013-1475
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. Vulnerabilidad sin especificar en el Java Runtime Environment (JRE) de oracle Java SE v7 hasta la Update v11, desde la v6 hasta la Update v38, desde la v5.0 hasta la Update v38, y la v1.4.2_40 junto con anteriores que permite ataques remotos que afectan la confidencialidad, la integridad y la disponibilidad por vectores relacionados con CORBA • http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/127e4c348a71 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136570436423916&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn&# •
CVSS: 10.0EPSS: 5%CPEs: 241EXPL: 0CVE-2013-1476 – OpenJDK: missing ValueHandlerImpl class constructor access restriction (CORBA, 8000631)
https://notcve.org/view.php?id=CVE-2013-1476
Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907457 http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/corba/rev/5116fe321210 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html http://marc.info/?l=bugtraq&m=136439120408139&a •