Executive Summary
Summary | |
---|---|
Title | Java contains multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#858729 | First vendor Publication | 2013-02-01 |
Vendor | VU-CERT | Last vendor Modification | 2013-03-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#858729Java contains multiple vulnerabilitiesOverviewJava 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThese vulnerabilities were reported by Oracle. This document was written by Will Dormann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/858729 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15723 | |||
Oval ID: | oval:org.mitre.oval:def:15723 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0436 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15733 | |||
Oval ID: | oval:org.mitre.oval:def:15733 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1478 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15832 | |||
Oval ID: | oval:org.mitre.oval:def:15832 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0443 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15888 | |||
Oval ID: | oval:org.mitre.oval:def:15888 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0426 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15906 | |||
Oval ID: | oval:org.mitre.oval:def:15906 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1489 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16013 | |||
Oval ID: | oval:org.mitre.oval:def:16013 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0427 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16035 | |||
Oval ID: | oval:org.mitre.oval:def:16035 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0442 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16045 | |||
Oval ID: | oval:org.mitre.oval:def:16045 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1480 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16058 | |||
Oval ID: | oval:org.mitre.oval:def:16058 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0425 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16074 | |||
Oval ID: | oval:org.mitre.oval:def:16074 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1473 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16180 | |||
Oval ID: | oval:org.mitre.oval:def:16180 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that this issue allows remote attackers to execute arbitrary code via an "invalid type case" in the init method of the D3DShader class in the com.sun.prism.d3d package. CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4301 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16222 | |||
Oval ID: | oval:org.mitre.oval:def:16222 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1482 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16240 | |||
Oval ID: | oval:org.mitre.oval:def:16240 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0447 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16247 | |||
Oval ID: | oval:org.mitre.oval:def:16247 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0419 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16264 | |||
Oval ID: | oval:org.mitre.oval:def:16264 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect integrity via unknown vectors related to Libraries. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0448 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16276 | |||
Oval ID: | oval:org.mitre.oval:def:16276 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1483 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16287 | |||
Oval ID: | oval:org.mitre.oval:def:16287 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3342 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16353 | |||
Oval ID: | oval:org.mitre.oval:def:16353 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0446 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16378 | |||
Oval ID: | oval:org.mitre.oval:def:16378 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1474 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16384 | |||
Oval ID: | oval:org.mitre.oval:def:16384 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1541 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16392 | |||
Oval ID: | oval:org.mitre.oval:def:16392 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue allows remote attackers to execute arbitrary code via vectors related to an "invalid type cast" and exposed native methods in the T2KGlyph class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4305 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16430 | |||
Oval ID: | oval:org.mitre.oval:def:16430 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Sound) 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1481 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16476 | |||
Oval ID: | oval:org.mitre.oval:def:16476 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0423 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16489 | |||
Oval ID: | oval:org.mitre.oval:def:16489 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAX-WS) 7 through Update 11 and 6 through Update 38, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0435 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16492 | |||
Oval ID: | oval:org.mitre.oval:def:16492 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: 2D) 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0437 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16496 | |||
Oval ID: | oval:org.mitre.oval:def:16496 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Libraries) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0428 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16512 | |||
Oval ID: | oval:org.mitre.oval:def:16512 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Scripting) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3213 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16519 | |||
Oval ID: | oval:org.mitre.oval:def:16519 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: RMI) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0424 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16528 | |||
Oval ID: | oval:org.mitre.oval:def:16528 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JAXP) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0434 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16530 | |||
Oval ID: | oval:org.mitre.oval:def:16530 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0409 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16531 | |||
Oval ID: | oval:org.mitre.oval:def:16531 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JavaFX) 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1479 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment JavaFX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16537 | |||
Oval ID: | oval:org.mitre.oval:def:16537 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Networking) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0433 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16550 | |||
Oval ID: | oval:org.mitre.oval:def:16550 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0450 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16558 | |||
Oval ID: | oval:org.mitre.oval:def:16558 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JSSE) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0440 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16566 | |||
Oval ID: | oval:org.mitre.oval:def:16566 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0441 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16567 | |||
Oval ID: | oval:org.mitre.oval:def:16567 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0432 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16579 | |||
Oval ID: | oval:org.mitre.oval:def:16579 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: JMX) 7 through Update 11, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0431 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16582 | |||
Oval ID: | oval:org.mitre.oval:def:16582 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0438 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16600 | |||
Oval ID: | oval:org.mitre.oval:def:16600 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Install) 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0430 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16610 | |||
Oval ID: | oval:org.mitre.oval:def:16610 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0449 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16613 | |||
Oval ID: | oval:org.mitre.oval:def:16613 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1475 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16614 | |||
Oval ID: | oval:org.mitre.oval:def:16614 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Beans) 7 through Update 11, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0444 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16620 | |||
Oval ID: | oval:org.mitre.oval:def:16620 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1472 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16649 | |||
Oval ID: | oval:org.mitre.oval:def:16649 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0429 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16652 | |||
Oval ID: | oval:org.mitre.oval:def:16652 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: CORBA) 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1476 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16657 | |||
Oval ID: | oval:org.mitre.oval:def:16657 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1477 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16673 | |||
Oval ID: | oval:org.mitre.oval:def:16673 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an invalid type cast in the JSObject class. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1543 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16680 | |||
Oval ID: | oval:org.mitre.oval:def:16680 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: AWT) 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0445 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16703 | |||
Oval ID: | oval:org.mitre.oval:def:16703 | ||
Title: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE (subcomponent: Deployment) 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0351 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Java Runtime Environment |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16705 | |||
Oval ID: | oval:org.mitre.oval:def:16705 | ||
Title: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Description: | Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0439 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | JavaFX |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18869 | |||
Oval ID: | oval:org.mitre.oval:def:18869 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0423 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19010 | |||
Oval ID: | oval:org.mitre.oval:def:19010 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0443 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19048 | |||
Oval ID: | oval:org.mitre.oval:def:19048 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0446 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19078 | |||
Oval ID: | oval:org.mitre.oval:def:19078 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0435 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19097 | |||
Oval ID: | oval:org.mitre.oval:def:19097 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0419 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19114 | |||
Oval ID: | oval:org.mitre.oval:def:19114 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0409 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19119 | |||
Oval ID: | oval:org.mitre.oval:def:19119 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-3213 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19123 | |||
Oval ID: | oval:org.mitre.oval:def:19123 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0449 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19131 | |||
Oval ID: | oval:org.mitre.oval:def:19131 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0424 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19171 | |||
Oval ID: | oval:org.mitre.oval:def:19171 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1489 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19198 | |||
Oval ID: | oval:org.mitre.oval:def:19198 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-3342 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19261 | |||
Oval ID: | oval:org.mitre.oval:def:19261 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0426 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19271 | |||
Oval ID: | oval:org.mitre.oval:def:19271 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1473 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19285 | |||
Oval ID: | oval:org.mitre.oval:def:19285 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0440 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19288 | |||
Oval ID: | oval:org.mitre.oval:def:19288 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0438 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19289 | |||
Oval ID: | oval:org.mitre.oval:def:19289 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0441 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19304 | |||
Oval ID: | oval:org.mitre.oval:def:19304 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0445 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19325 | |||
Oval ID: | oval:org.mitre.oval:def:19325 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1475 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19349 | |||
Oval ID: | oval:org.mitre.oval:def:19349 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient checks for cached results" by the Java Beans MethodFinder, which might allow attackers to access methods that should only be accessible to privileged code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0444 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19363 | |||
Oval ID: | oval:org.mitre.oval:def:19363 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0450 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19382 | |||
Oval ID: | oval:org.mitre.oval:def:19382 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0443 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19403 | |||
Oval ID: | oval:org.mitre.oval:def:19403 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0437 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19418 | |||
Oval ID: | oval:org.mitre.oval:def:19418 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0431 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19434 | |||
Oval ID: | oval:org.mitre.oval:def:19434 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0442 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19439 | |||
Oval ID: | oval:org.mitre.oval:def:19439 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0351 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19457 | |||
Oval ID: | oval:org.mitre.oval:def:19457 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0429 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19459 | |||
Oval ID: | oval:org.mitre.oval:def:19459 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0433 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19466 | |||
Oval ID: | oval:org.mitre.oval:def:19466 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1476 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19480 | |||
Oval ID: | oval:org.mitre.oval:def:19480 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0428 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19483 | |||
Oval ID: | oval:org.mitre.oval:def:19483 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0425 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19488 | |||
Oval ID: | oval:org.mitre.oval:def:19488 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0427 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19489 | |||
Oval ID: | oval:org.mitre.oval:def:19489 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0432 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19499 | |||
Oval ID: | oval:org.mitre.oval:def:19499 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2012-1541 | Version: | 12 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19504 | |||
Oval ID: | oval:org.mitre.oval:def:19504 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1480 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19505 | |||
Oval ID: | oval:org.mitre.oval:def:19505 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-0434 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19529 | |||
Oval ID: | oval:org.mitre.oval:def:19529 | ||
Title: | HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1478 | Version: | 11 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20157 | |||
Oval ID: | oval:org.mitre.oval:def:20157 | ||
Title: | RHSA-2013:0246: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0246-00 CESA-2013:0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 283 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20835 | |||
Oval ID: | oval:org.mitre.oval:def:20835 | ||
Title: | RHSA-2013:0245: java-1.6.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0245-02 CESA-2013:0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 283 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20981 | |||
Oval ID: | oval:org.mitre.oval:def:20981 | ||
Title: | RHSA-2013:0247: java-1.7.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0247-01 CESA-2013:0247 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 311 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 CentOS Linux 5 CentOS Linux 6 | Product(s): | java-1.7.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22881 | |||
Oval ID: | oval:org.mitre.oval:def:22881 | ||
Title: | ELSA-2013:0246: java-1.6.0-openjdk security update (Important) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0246-00 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 85 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23342 | |||
Oval ID: | oval:org.mitre.oval:def:23342 | ||
Title: | ELSA-2012:1466: java-1.6.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1466-01 CVE-2012-0547 CVE-2012-1531 CVE-2012-1532 CVE-2012-1533 CVE-2012-1682 CVE-2012-3143 CVE-2012-3159 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-4823 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-1475 | Version: | 97 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23437 | |||
Oval ID: | oval:org.mitre.oval:def:23437 | ||
Title: | ELSA-2012:1465: java-1.5.0-ibm security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1465-01 CVE-2012-1531 CVE-2012-3143 CVE-2012-3216 CVE-2012-4820 CVE-2012-4822 CVE-2012-5069 CVE-2012-5071 CVE-2012-5073 CVE-2012-5075 CVE-2012-5079 CVE-2012-5081 CVE-2012-5083 CVE-2012-5084 CVE-2012-5089 CVE-2013-1475 | Version: | 65 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.5.0-ibm |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23933 | |||
Oval ID: | oval:org.mitre.oval:def:23933 | ||
Title: | ELSA-2013:0245: java-1.6.0-openjdk security update (Critical) | ||
Description: | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0245-02 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 85 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25940 | |||
Oval ID: | oval:org.mitre.oval:def:25940 | ||
Title: | SUSE-SU-2013:0440-2 -- Security update for Java | ||
Description: | IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0440-2 CVE-2013-1478 CVE-2013-1480 CVE-2013-1476 CVE-2013-0442 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2013-1481 CVE-2013-0432 CVE-2013-0434 CVE-2013-0424 CVE-2013-0440 CVE-2013-0443 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26128 | |||
Oval ID: | oval:org.mitre.oval:def:26128 | ||
Title: | SUSE-SU-2013:0315-1 -- Security update for Java 1.6.0 | ||
Description: | java-1_6_0-openjdk based on Icedtea6-1.12.2 was released, fixing various security issues. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0315-1 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0429 CVE-2013-0432 CVE-2013-0443 CVE-2013-0440 CVE-2013-0442 CVE-2013-0428 CVE-2013-0441 CVE-2013-0435 CVE-2013-0433 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-0434 CVE-2013-1478 CVE-2013-1480 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | Java 1.6.0 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:26262 | |||
Oval ID: | oval:org.mitre.oval:def:26262 | ||
Title: | SUSE-SU-2013:0440-3 -- Security update for Java | ||
Description: | IBM Java 1.4.2 has been updated to SR13-FP15 which fixes various critical security issues and bugs. | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0440-3 CVE-2013-1478 CVE-2013-1480 CVE-2013-1476 CVE-2013-0442 CVE-2013-0425 CVE-2013-0426 CVE-2013-0428 CVE-2013-1481 CVE-2013-0432 CVE-2013-0434 CVE-2013-0424 CVE-2013-0440 CVE-2013-0443 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 | Product(s): | Java |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27509 | |||
Oval ID: | oval:org.mitre.oval:def:27509 | ||
Title: | DEPRECATED: ELSA-2013-0246 -- java-1.6.0-openjdk security update (important) | ||
Description: | [ 1:1.6.0.0-1.33.1.11.6.0.1.el5_9] - Add oracle-enterprise.patch [1:1.6.0.0-1.33.1.11.6] - removed patch9 revertTwoWrongSecurityPatches2013-02-06.patch - added patch9: 7201064.patch to be reverted - added patch10: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906705 [1:1.6.0.0-1.32.1.11.6] - added patch9 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906705 [1:1.6.0.0-1.31.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906705 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27631 | |||
Oval ID: | oval:org.mitre.oval:def:27631 | ||
Title: | DEPRECATED: ELSA-2013-0245 -- java-1.6.0-openjdk security update (critical) | ||
Description: | [1:1.6.0.0-1.54.1.11.6] - removed patch8 revertTwoWrongSecurityPatches2013-02-06.patch - added patch8: 7201064.patch to be reverted - added patch9: 8005615.patch to fix the 6664509.patch - Resolves: rhbz#906707 [1:1.6.0.0-1.53.1.11.6] - added patch8 revertTwoWrongSecurityPatches2013-02-06.patch to remove 6664509 and 7201064 from 1.11.6 tarball - Resolves: rhbz#906707 [1:1.6.0.0-1.51.1.11.6] - Updated to icedtea6 1.11.6 - Rewritten java-1.6.0-openjdk-java-access-bridge-security.patch - Resolves: rhbz#906707 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Java MBeanInstantiator findClass and Introspector Sandbox Escape | More info here |
ExploitDB Exploits
id | Description |
---|---|
2013-02-25 | Java Applet JMX Remote Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Java v1.6.32 and older RuleID : 30009 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 8... RuleID : 30008 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 7... RuleID : 30007 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Microsoft Internet Explorer 6... RuleID : 30006 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Google Chrome with Java befor... RuleID : 30005 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit - exploit targeting Java before v1.7.17 RuleID : 30004 - Revision : 3 - Type : EXPLOIT-KIT |
2018-06-15 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003-community - Revision : 6 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit payload download attempt RuleID : 30003 - Revision : 6 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit Java download attempt RuleID : 30002 - Revision : 3 - Type : EXPLOIT-KIT |
2014-04-03 | Hello/LightsOut exploit kit landing page detected RuleID : 30001 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit PDF exploit retrieval attempt RuleID : 29131 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit malicious payload download attempt RuleID : 29130 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit jar exploit download - specific structure RuleID : 29129 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-30 | Stamp exploit kit plugin detection page RuleID : 29128 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-11 | Neutrino exploit kit initial outbound request - generic detection RuleID : 28911 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request by Java - generic detection RuleID : 28476 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request - generic detection RuleID : 28475 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound plugin detection response - generic detection RuleID : 28474 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28460 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28459 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit landing page RuleID : 28458 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28457 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28456 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28455 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear/Magnitude exploit kit Oracle Java exploit download attempt RuleID : 28414 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Magnitude exploit kit embedded redirection attempt RuleID : 28413 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Magnitude exploit kit embedded redirection attempt RuleID : 28412 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28304 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28298 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28275 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28274 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28273 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Magnitude/Nuclear exploit kit landing page RuleID : 28236 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28214 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear/Magnitude exploit kit post Java compromise download attempt RuleID : 28111 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear/Magnitude exploit kit Oracle Java exploit download attempt RuleID : 28109 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Nuclear/Magnitude exploit kit Adobe Flash exploit download attempt RuleID : 28108 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 28032 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 28031 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Magnitude/Popads/Nuclear exploit kit jnlp request RuleID : 28029 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit outbound request format RuleID : 27785 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit Oracle Java exploit download attempt RuleID : 27784 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java Security Slider feature bypass attempt RuleID : 27766 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26600 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Impact/Stamp exploit kit landing page RuleID : 26599 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java runtime JMX findclass sandbox breach attempt RuleID : 26588 - Revision : 9 - Type : FILE-JAVA |
2014-01-10 | Oracle Java runtime JMX findclass sandbox breach attempt RuleID : 26587 - Revision : 9 - Type : FILE-JAVA |
2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Stamp exploit kit landing page RuleID : 26536 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit landing page - specific structure RuleID : 26535 - Revision : 6 - Type : EXPLOIT-KIT |
2018-06-15 | Stamp exploit kit portable executable download RuleID : 26534-community - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Stamp exploit kit portable executable download RuleID : 26534 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit redirection page RuleID : 26100 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit redirection page RuleID : 26099 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26098 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit Java archive transfer RuleID : 26097 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit landing page RuleID : 26096 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Neutrino exploit kit landing page RuleID : 26095 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit iframe redirection attempt RuleID : 26033 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page RuleID : 26031 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25832 - Revision : 7 - Type : FILE-JAVA |
2014-01-10 | Stamp exploit kit encoded portable executable request RuleID : 25802 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Stamp exploit kit jar file request RuleID : 25801 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Stamp exploit kit Javascript request RuleID : 25800 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Stamp exploit kit pdf request RuleID : 25799 - Revision : 11 - Type : EXPLOIT-KIT |
2014-01-10 | Blackhole exploit kit landing page - specific structure RuleID : 25591 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 25590 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Oracle Java JMX class arbitrary code execution attempt RuleID : 25472 - Revision : 12 - Type : FILE-JAVA |
2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24865 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24864 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24863 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24862 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page in an email RuleID : 24861 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific-structure RuleID : 24860 - Revision : 6 - Type : EXPLOIT-KIT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1456.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1455.nasl - Type : ACT_GATHER_INFO |
2014-08-22 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10642.nasl - Type : ACT_GATHER_INFO |
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-165.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-131.nasl - Type : ACT_GATHER_INFO |
2014-01-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-30.nasl - Type : ACT_GATHER_INFO |
2014-01-08 | Name : The remote server is affected by multiple vulnerabilities. File : domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
2014-01-08 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_9_0_1.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote server is affected by multiple vulnerabilities. File : domino_8_5_3fp5.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_notes_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
2013-11-04 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : lotus_domino_8_5_3_fp5.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-156.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2013-155.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_5_0_2.nasl - Type : ACT_GATHER_INFO |
2013-05-10 | Name : The remote application server may be affected by multiple vulnerabilities. File : websphere_8_0_0_6.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-095.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-8483.nasl - Type : ACT_GATHER_INFO |
2013-03-17 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-ibm-130312.nasl - Type : ACT_GATHER_INFO |
2013-03-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_6_0-ibm-8495.nasl - Type : ACT_GATHER_INFO |
2013-03-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-8481.nasl - Type : ACT_GATHER_INFO |
2013-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_4_2-ibm-130306.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_7_0-ibm-130306.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0624.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0626.nasl - Type : ACT_GATHER_INFO |
2013-03-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0625.nasl - Type : ACT_GATHER_INFO |
2013-02-22 | Name : The remote Unix host contains a programming platform that is potentially affe... File : oracle_java_cpu_feb_2013_unix.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_java-1_6_0-openjdk-130212.nasl - Type : ACT_GATHER_INFO |
2013-02-20 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_2013-001.nasl - Type : ACT_GATHER_INFO |
2013-02-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1724-1.nasl - Type : ACT_GATHER_INFO |
2013-02-13 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130205_jdk_1_6_0_on_SL_5_0.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-010.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2209.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2188.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2205.nasl - Type : ACT_GATHER_INFO |
2013-02-11 | Name : The remote Fedora host is missing a security update. File : fedora_2013-2197.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_6_0_openjdk_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130208_java_1_7_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0247.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0246.nasl - Type : ACT_GATHER_INFO |
2013-02-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0245.nasl - Type : ACT_GATHER_INFO |
2013-02-06 | Name : The remote Fedora host is missing a security update. File : fedora_2013-1898.nasl - Type : ACT_GATHER_INFO |
2013-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0236.nasl - Type : ACT_GATHER_INFO |
2013-02-05 | Name : The remote host has a version of Java that is affected by multiple vulnerabil... File : macosx_java_10_6_update12.nasl - Type : ACT_GATHER_INFO |
2013-02-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0237.nasl - Type : ACT_GATHER_INFO |
2013-02-04 | Name : The remote Windows host contains a programming platform that is potentially a... File : oracle_java_cpu_feb_2013.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1485.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_d5e0317e5e4511e2a113c48508086173.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1467.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1466.nasl - Type : ACT_GATHER_INFO |
2012-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1465.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-08-23 13:27:51 |
|
2014-02-17 12:08:13 |
|
2013-03-19 05:19:04 |
|
2013-03-19 05:17:14 |
|
2013-02-06 00:21:28 |
|
2013-02-05 21:19:28 |
|
2013-02-02 00:18:23 |
|