Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:oracle:jre:1.7.0:update5:*:*:*:*:*:*
There are 204 matching records.
Displaying matches 201 through 204.
Vuln ID Summary CVSS Severity
CVE-2012-3136

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682.

Published: August 30, 2012; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-1682

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."

Published: August 30, 2012; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2012-0547

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references."

Published: August 30, 2012; 7:55:01 PM -0400
V3.x:(not available)
V2.0: 0.0 LOW
CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.

Published: August 27, 2012; 8:55:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH