CVSS: 5.0EPSS: 4%CPEs: 161EXPL: 2CVE-2010-4476 – Oracle Java - Floating-Point Value Denial of Service
https://notcve.org/view.php?id=CVE-2010-4476
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. El método Double.parseDouble en Java Runtime Environment (JRE) en Oracle Java SE y Java para Business 6 Update 23 y versiones anteriores, 5.0 Update 27 y versiones anteriores y 1.4.2_29 y versiones anteriores, tal como se utiliza en OpenJDK, Apache, JBossweb y otros productos , permite a atacantes remotos provocar una denegación de servicio a través de una cadena manipulada que desencadena un bucle infinito de estimaciones durante la conversión a un número de coma flotante binario de doble precisión, como se demuestra usando 2.2250738585072012e-308. • https://www.exploit-db.com/exploits/35304 https://github.com/grzegorzblaszczyk/CVE-2010-4476-check http://blog.fortify.com/blog/2011/02/08/Double-Trouble http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053926.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053934.html http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html http://lists.opensuse. •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 3CVE-2011-0902 – Sun Microsystems SunScreen Firewall - Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-0902
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable. Múltiples vulnerabilidades de búsqueda en ruta no confiable en el Java service en Sun Microsystems SunScreen Firewall sobre SunOS v5.9 permite a usuarios locales ejecutar código de su elección a través de una (1) PATH modificada o (2) la variable de entorno LD_LIBRARY_PATH • https://www.exploit-db.com/exploits/16041 http://www.exploit-db.com/exploits/16041 http://www.securityfocus.com/bid/45963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64887 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4443
https://notcve.org/view.php?id=CVE-2010-4443
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS. Vulnerabilidad no especificada en Oracle Solaris v10 y v11 Express permite a usuarios locales afectar a la disponibilidad, relacionado con Kernel/NFS. • http://osvdb.org/70578 http://secunia.com/advisories/42984 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45886 http://www.securitytracker.com/id?1024975 http://www.vupen.com/english/advisories/2011/0151 https://exchange.xforce.ibmcloud.com/vulnerabilities/64800 •
CVSS: 1.0EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4431
https://notcve.org/view.php?id=CVE-2010-4431
Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy. Vulnerabilidad sin especificar en Oracle Sun Java System Portal Server 7.1 y 7.2 permite a usuarios locales afectar a la confidencialidad a través de vectores desconocidos relacionados con el Proxy. • http://osvdb.org/70565 http://secunia.com/advisories/42991 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45898 http://www.vupen.com/english/advisories/2011/0158 https://exchange.xforce.ibmcloud.com/vulnerabilities/64816 •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4440
https://notcve.org/view.php?id=CVE-2010-4440
Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel. Vulnerabilidad no especificada en Oracle v10 y v11 Express permite a usuarios locales afectar a la disponibilidad a través de vectores desconocidos relacionados con el núcleo. • http://osvdb.org/70575 http://secunia.com/advisories/42984 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45888 http://www.securitytracker.com/id?1024975 http://www.vupen.com/english/advisories/2011/0151 https://exchange.xforce.ibmcloud.com/vulnerabilities/64802 •