CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 0CVE-2014-3086 – JDK: Privilege escalation issue
https://notcve.org/view.php?id=CVE-2014-3086
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. Vulnerabilidad no especificada en IBM Java Virtual Machine, utilizado en IBM WebSphere Real Time 3 anterior a Service Refresh 7 FP1 y otros productos, permite a atacantes remotos ganar privilegios mediante el aprovechamiento de la habilidad de ejecutar código en el contexto de un gestor de seguridad. • http://secunia.com/advisories/59680 http://secunia.com/advisories/60081 http://secunia.com/advisories/60317 http://secunia.com/advisories/60622 http://secunia.com/advisories/61577 http://secunia.com/advisories/61640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634 http://www-01.ibm.com/support/docview.wss?uid=swg21680333 http://www-01.ibm.com/support/docview.wss?uid=swg21680334 http://www-01.ibm.com/support/docview.wss?uid=swg21686383 http://www-01.ibm.com/ • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.3EPSS: 12%CPEs: 128EXPL: 0CVE-2012-4821 – JDK: getDeclaredMethods() and setAccessible() code execution
https://notcve.org/view.php?id=CVE-2012-4821
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar código través de vectores relacionados con "uso inseguro" de métodos (1) java.lang.Class getDeclaredMethods o (2) java.lang.reflect.AccessibleObject setAccessible(). • http://rhn.redhat.com/errata/RHSA-2012-1467.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss? •
CVSS: 9.3EPSS: 76%CPEs: 128EXPL: 0CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." Una vulnerabilidad no especificada en el componente JRE de IBM Java 7 SR2 y anteriores, SR3 Java v6.0.1 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores, tal y como se utiliza en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes y Domino, Tivoli Storage Productivity Center y Service Deliver Manager y otros productos de otros fabricantes tales como Red Hat, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el "uso inseguro del método defineClass java.lang.ClassLoder()." • http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http&# •
CVSS: 9.3EPSS: 31%CPEs: 128EXPL: 0CVE-2012-4820 – JDK: java.lang.reflect.Method invoke() code execution
https://notcve.org/view.php?id=CVE-2012-4820
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." Vulnerabilidad no especificada en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, ejecutandose en un gestor de seguridad, permite a atacantes remotos obtener privilegios modificando o eliminando el gestor de seguridad a través de vectores relacionados con "uso inseguro del método java.lang.reflect.Method invoke()" • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •
CVSS: 9.3EPSS: 82%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar códigoa través de vectores relacionados con "uso inseguro de uso [de] métodos múltiples en la clase java.lang.class class." • http://rhn.redhat.com/errata/RHSA-2012-1465.html http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51328 http://secunia.com/advisories/51393 http://secunia.com/advisories/516 •