19 results (0.007 seconds)

CVSS: 7.5EPSS: 68%CPEs: 56EXPL: 0

CVE-2013-2461 – OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)

https://notcve.org/view.php?id=CVE-2013-2461

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm." Vulnerabilidad no especificada en el componente Java Runtime Environment (JRE) en Oracle Java SE 7 Update 21 y versiones anteriores y 6 Update 45 y versiones anteriores; el componente Oracle JRockit en Oracle Fusion Middleware R27.7.5 y versiones anteriores y R28.2.7 y versiones anteriores; y OpenJDK 7 permite a atacantes remotos afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Libraries. NOTA: la información anterior es de la CPU de Junio y Julio de 2013. • http://advisories.mageia.org/MGASA-2013-0185.html http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/abe9ea5a50d2 http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://marc.info/?l=bugtraq&m=137545592101387&w=2 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/54154 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 http: •

CVSS: 9.0EPSS: 1%CPEs: 16EXPL: 0

CVE-2010-4351 – Red Hat OpenJDK IcedTea6 ClassLoader Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-4351

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. El JNLP SecurityManager en IcedTea (IcedTea.so) v1.7 anteriores a v1.7.7, v1.8 anteriores a v1.8.4 y v1.9 anteriores a v1.9.4 de Java OpenJDK devuelve desde el método checkPermission una excepción en determinadas circunstancias, lo que podría permitir a atacantes dependientes del contexto eludir la política de protección establecida mediante la creación de instancias de ClassLoader. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Java OpenJDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the IcedTea.so component. When handling the an applet the process fails to properly restrict permission of code. • http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html http://osvdb.org/70605 http://secunia.com/advisories/43002 http://secunia.com/advisories/43078 http://secunia.com/advisories/43085 http://secunia.com/advisories/43135 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian&# • CWE-264: Permissions, Privileges, and Access Controls CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0

CVE-2009-3879 – OpenJDK GraphicsConfiguration information leak(6822057)

https://notcve.org/view.php?id=CVE-2009-3879

Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. Múltiples vulnerabilidades no específicas en los subsistemas (1) X11 y (2) Win32GraphicsDevice en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, tienen impacto y vectores de ataque desconocidos, relacionado como el fallo de copiado de tablas que son devueltos por la función getConfiguración, también conocido como Bug Id 6822057. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568 htt •

CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0

CVE-2009-3880 – OpenJDK UI logging information leakage(6664512)

https://notcve.org/view.php?id=CVE-2009-3880

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. El Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, no restringen de forma adecuada los objetos que se pueden enviar a los usuarios que se loguean, lo que permite a atacantes remotos obtener información sensible a través de vectores relativos a la implementación del componente KeyboardFocusManager, y DefaultKeyboardFocusManager, también conocido como Bug Id 6664512. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530296 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316 ht • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0

CVE-2009-3881 – OpenJDK resurrected classloaders can still have children (6636650)

https://notcve.org/view.php?id=CVE-2009-3881

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. Sun Java SE v5.0 anterior a Update 22 y 6 anterior a Update 17, y OpenJDK, no previene la existencia de procesos hijo en un ClassLoader resucitada, lo que permite a atacantes remotos obtener privilegios a través de vectores no especificados, relacionado con una vulnerabilidad de debilidad de información., también conocido como Bug Id 6636650. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •