CVSS: 9.8EPSS: 64%CPEs: 79EXPL: 4CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 8.8EPSS: 3%CPEs: 13EXPL: 0CVE-2010-0538
https://notcve.org/view.php?id=CVE-2010-0538
21 May 2010 — Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. Apple Java para Mac OS X 10.5 en versiones anteriores al Update 7 y Java para Mac OS X 10.6 en versiones anteriores al Update 2 no utilizan apropiadamente los objetos mediaL... • http://lists.apple.com/archives/security-announce/2010//May/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 13EXPL: 0CVE-2010-0539
https://notcve.org/view.php?id=CVE-2010-0539
21 May 2010 — Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. Error de presencia de signo en entero en la implementación de la visualización de la ventana en Apple Java para Mac OS X 10.5 en versiones anteriores al Update 7 y Java para Mac OS X 10.6 en versiones anteriores al Update 2. Permite a ata... • http://lists.apple.com/archives/security-announce/2010//May/msg00001.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2009-2205
https://notcve.org/view.php?id=CVE-2009-2205
09 Sep 2009 — Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Desbordamiento de búfer basado en pila en el Java Web Start Command Launcher en Java para Mac OS X v10.5 anterior a la actualización 5, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de vectores no especif... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 1CVE-2001-1480
https://notcve.org/view.php?id=CVE-2001-1480
31 Dec 2001 — Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. • http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00120.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0068
https://notcve.org/view.php?id=CVE-2001-0068
02 Feb 2001 — Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter. • http://archives.neohapsis.com/archives/bugtraq/2000-12/0241.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0563
https://notcve.org/view.php?id=CVE-2000-0563
12 Jul 2000 — The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model. • http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html •