- Home
- CVEs with nessus.description==Multiple+flaws+were+discovered+in+the+ImagingLib+and+the+image+attribute%2C+channel%2C+layout+and+raster+processing+in+the+2D+component.%0AAn+untrusted+Java+application+or+applet+could+possibly+use+these+flaws+to+trigger+Java+Virtual+Machine+memory+corruption.+%28CVE-2013-2470%2C+CVE-2013-2471%2C+CVE-2013-2472%2C+CVE-2013-2473%2C+CVE-2013-2463%2C+CVE-2013-2465%2C+CVE-2013-2469%29%0A%0AInteger+overflow+flaws+were+found+in+the+way+AWT+processed+certain+input.+An+attacker+could+use+these+flaws+to+execute+arbitrary+code+with+the+privileges+of+the+user+running+an+untrusted+Java+applet+or+application.+%28CVE-2013-2459%29%0A%0AMultiple+improper+permission+check+issues+were+discovered+in+the+Sound%2C+JDBC%2C+Libraries%2C+JMX%2C+and+Serviceability+components+in+OpenJDK.%0AAn+untrusted+Java+application+or+applet+could+use+these+flaws+to+bypass+Java+sandbox+restrictions.+%28CVE-2013-2448%2C+CVE-2013-2454%2C+CVE-2013-2458%2C+CVE-2013-2457%2C+CVE-2013-2453%2C+CVE-2013-2460%29%0A%0AMultiple+flaws+in+the+Serialization%2C+Networking%2C+Libraries+and+CORBA+components+can+be+exploited+by+an+untrusted+Java+application+or+applet+to+gain+access+to+potentially+sensitive+information.+%28CVE-2013-2456%2C+CVE-2013-2447%2C+CVE-2013-2455%2C+CVE-2013-2452%2C+CVE-2013-2443%2C+CVE-2013-2446%29%0A%0AIt+was+discovered+that+the+Hotspot+component+did+not+properly+handle+out-+of-memory+errors.+An+untrusted+Java+application+or+applet+could+possibly+use+these+flaws+to+terminate+the+Java+Virtual+Machine.%0A%28CVE-2013-2445%29%0A%0AIt+was+discovered+that+the+AWT+component+did+not+properly+manage+certain+resources+and+that+the+ObjectStreamClass+of+the+Serialization+component+did+not+properly+handle+circular+references.+An+untrusted+Java+application+or+applet+could+possibly+use+these+flaws+to+cause+a+denial+of+service.+%28CVE-2013-2444%2C+CVE-2013-2450%29%0A%0AIt+was+discovered+that+the+Libraries+component+contained+certain+errors+related+to+XML+security+and+the+class+loader.+A+remote+attacker+could+possibly+exploit+these+flaws+to+bypass+intended+security+mechanisms+or+disclose+potentially+sensitive+information+and+cause+a+denial+of+service.+%28CVE-2013-2407%2C+CVE-2013-2461%29%0A%0AIt+was+discovered+that+JConsole+did+not+properly+inform+the+user+when+establishing+an+SSL+connection+failed.+An+attacker+could+exploit+this+flaw+to+gain+access+to+potentially+sensitive+information.%0A%28CVE-2013-2412%29%0A%0AIt+was+discovered+that+GnomeFileTypeDetector+did+not+check+for+read+permissions+when+accessing+files.+An+untrusted+Java+application+or+applet+could+possibly+use+this+flaw+to+disclose+potentially+sensitive+information.+%28CVE-2013-2449%29%0A%0AIt+was+found+that+documentation+generated+by+Javadoc+was+vulnerable+to+a+frame+injection+attack.+If+such+documentation+was+accessible+over+a+network%2C+and+a+remote+attacker+could+trick+a+user+into+visiting+a+specially+crafted+URL%2C+it+would+lead+to+arbitrary+web+content+being+displayed+next+to+the+documentation.+This+could+be+used+to+perform+a+phishing+attack+by+providing+frame+content+that+spoofed+a+login+form+on+the+site+hosting+the+vulnerable+documentation.+%28CVE-2013-1571%29%0A%0AIt+was+discovered+that+the+2D+component+created+shared+memory+segments+with+insecure+permissions.+A+local+attacker+could+use+this+flaw+to+read+or+write+to+the+shared+memory+segment.+%28CVE-2013-1500%29%0A%0AThis+erratum+also+upgrades+the+OpenJDK+package+to+IcedTea7+2.3.10.%0A%0AAll+running+instances+of+OpenJDK+Java+must+be+restarted+for+the+update+to+take+effect
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top