CVE-2012-0507 – Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0507
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE), de Oracle Java SE v7 Update 2 y versiones anteriores, v6 Update 30 y anteriores, y v5.0 Update 33 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la "Concurrencia". • https://www.exploit-db.com/exploits/18679 http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 h •
CVE-2012-0501 – OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
https://notcve.org/view.php?id=CVE-2012-0501
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, y 5.0 Update 33 y anteriores permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? • CWE-193: Off-by-one Error •
CVE-2012-0500 – Sun Java Web Start Plugin - Command Line Argument Injection (2012)
https://notcve.org/view.php?id=CVE-2012-0500
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, y JavaFX 2.0.2 y anteriores permite a distancia aplicaciones Java Web Start y applets de Java que no son de confianza afectar a la confidencialidad, la integridad , y la disponibilidad a través de vectores desconocidos relacionados con la implementación. • https://www.exploit-db.com/exploits/18520 http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2012-0514.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48073 http:// •
CVE-2012-0505 – OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
https://notcve.org/view.php?id=CVE-2012-0505
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 2 y anteriores v6 Update 30 y anteriores v5.0 Update 33 y anteriores y v1.3.2_35 y anteriores, permite a aplicaciones remotas Java Web Start no confiables y applets Java no confiables, afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Serialization. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •
CVE-2012-0499 – JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)
https://notcve.org/view.php?id=CVE-2012-0499
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, 5.0 Update 33 y anteriores, y 1.4.2_35 y anteriores, y JavaFX 2.0.2 y versiones anteriores, permite a distancia los atacantes afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el 2D. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •