CVSS: 9.8EPSS: 20%CPEs: 3EXPL: 1CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
17 Aug 2007 — Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos ... • https://www.exploit-db.com/exploits/30502 •
CVSS: 9.1EPSS: 3%CPEs: 5EXPL: 0CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
21 Jul 2007 — Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores ,... • http://dev2dev.bea.com/pub/advisory/248 •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
30 Jun 2007 — Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión... • http://docs.info.apple.com/article.html?artnum=307177 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 53%CPEs: 96EXPL: 1CVE-2007-2788 – Sun Java JDK 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2788
22 May 2007 — Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. Un desbordamiento de enteros en el analizador de ima... • https://www.exploit-db.com/exploits/30043 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 4%CPEs: 94EXPL: 0CVE-2007-2789 – BMP image parser vulnerability
https://notcve.org/view.php?id=CVE-2007-2789
22 May 2007 — The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. El analizador de imágenes BMP en... • http://dev2dev.bea.com/pub/advisory/248 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2007-2435 – javaws vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2435
02 May 2007 — Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a través de una apli... • http://dev2dev.bea.com/pub/advisory/241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 5%CPEs: 80EXPL: 0CVE-2006-6731
https://notcve.org/view.php?id=CVE-2006-6731
26 Dec 2006 — Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_Ima... • http://dev2dev.bea.com/pub/advisory/243 •
CVSS: 9.1EPSS: 1%CPEs: 78EXPL: 0CVE-2006-6736
https://notcve.org/view.php?id=CVE-2006-6736
26 Dec 2006 — Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue." Vulnerabilidad no especificada en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 6 y anteriores, Java System Development Kit (SDK) y JRE 1.4.2_12 ... • http://docs.info.apple.com/article.html?artnum=307177 •
CVSS: 9.1EPSS: 1%CPEs: 72EXPL: 0CVE-2006-6737
https://notcve.org/view.php?id=CVE-2006-6737
26 Dec 2006 — Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." Vulnerabilidad no especificada en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 5 y anteriores, Java System Development Kit (SDK) y JRE 1.4.2_10 y... • http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html •
CVSS: 5.9EPSS: 3%CPEs: 95EXPL: 0CVE-2006-5201
https://notcve.org/view.php?id=CVE-2006-5201
09 Oct 2006 — Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and o... • http://secunia.com/advisories/22204 •