CVE-2012-0507 – Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0507
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. Una vulnerabilidad no especificada en el componente Java Runtime Environment (JRE), de Oracle Java SE v7 Update 2 y versiones anteriores, v6 Update 30 y anteriores, y v5.0 Update 33 y anteriores permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la "Concurrencia". • https://www.exploit-db.com/exploits/18679 http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 h •
CVE-2012-0505 – OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)
https://notcve.org/view.php?id=CVE-2012-0505
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 2 y anteriores v6 Update 30 y anteriores v5.0 Update 33 y anteriores y v1.3.2_35 y anteriores, permite a aplicaciones remotas Java Web Start no confiables y applets Java no confiables, afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Serialization. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •
CVE-2012-0502 – OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)
https://notcve.org/view.php?id=CVE-2012-0502
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE v7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, v5.0 Update 33 y anteriores, v1.4.2_35 y anteriores permite a distancia las aplicaciones Java Web Start y applets de Java que no son de confianza afectar a la confidencialidad y disponibilidad, relacionado con AWT. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •
CVE-2012-0506 – OpenJDK: mutable repository identifiers (CORBA, 7110704)
https://notcve.org/view.php?id=CVE-2012-0506
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 2 y anteriores v6 Update 30 y anteriores v5.0 Update 33 y anteriores y v1.3.2_35 y anteriores, permite a aplicaciones remotas Java Web Start no confiables y applets Java no confiables, afectar a la integridad a través de vectores relacionados con CORBA. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00015.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info •
CVE-2012-0497 – OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
https://notcve.org/view.php?id=CVE-2012-0497
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 Update 2 y anteriores, y 6 Update 30 y anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con el 2D. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2012-0514.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48074 http://secunia.com/advisories/48589 http://secunia.c •