CVE-2012-0501 – OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)
https://notcve.org/view.php?id=CVE-2012-0501
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el Java Runtime Environment (JRE), componente de Oracle Java SE 7 y versiones anteriores de actualizaciones 2, 6 Update 30 y anteriores, y 5.0 Update 33 y anteriores permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? • CWE-193: Off-by-one Error •
CVE-2012-0504
https://notcve.org/view.php?id=CVE-2012-0504
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism. Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE v7 Update 2 y anteriores v6 Update 30 y anteriores, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con Install y el mecanismo Java Update. • http://marc.info/?l=bugtraq&m=133364885411663&w=2 http://marc.info/?l=bugtraq&m=133847939902305&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://secunia.com/advisories/48589 http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html http://www.securityfocus.com/bid/52020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14890 •
CVE-2011-3549 – JDK: unspecified vulnerability fixed in 6u29 (Swing)
https://notcve.org/view.php?id=CVE-2011-3549
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v6 Update 27 y anteriores, v5.0 Update 31 y anteriores, y v1.4.2_33 y anteriores permite a aplicaciones remotas Java Web Start no confiables las aplicaciones y a applets Java no confiables para que afecten a la confidencialidad, integridad, y la disponibilidad a través de vectores desconocidos relacionados con swing. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •
CVE-2011-3550 – JDK: unspecified vulnerability fixed in 6u29 (AWT)
https://notcve.org/view.php?id=CVE-2011-3550
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT. Vulnerabilidad no especificada en el componente de Java Runtime Environment en Oracle Java SE JDK y JRE v7, v6 Update v27 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad de las aplicaciones Java Web Start y applets Java en relación con AWT. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/?l=bugtraq&m=134254957702612&w=2 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://secunia.com/advisories/48308 http://www.ibm.com/developerworks/java/jdk/alerts http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://www.redhat.com/support/errata/ •
CVE-2011-3545 – Oracle Java MixerSequencer.nAddControllerEventCallback Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3545
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE JDK y JRE 6 Update 27 y anteriores, v5.0 Update 31 y anteriores, y v1.4.2_33 y anteriores, y JRockit vR28.1.4 y anteriores, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionado con el Sound. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because Java does not sufficiently verify parameters certain functions. The function MixerSequencer.nAddControllerEventCallback fails to check for negative index numbers before writing user supplied data into a static array. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html http://marc.info/?l=bugtraq&m=132750579901589&w=2 http://marc.info/?l=bugtraq&m=133365109612558&w=2 http://marc.info/?l=bugtraq&m=133728004526190&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://marc.info/? •