CVSS: 7.1EPSS: 13%CPEs: 64EXPL: 0CVE-2007-5239 – Untrusted Application or Applet May Move or Copy Arbitrary Files
https://notcve.org/view.php?id=CVE-2007-5239
06 Oct 2007 — Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. Java Web Start en Sun JDK y JR... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 16%CPEs: 64EXPL: 0CVE-2007-5238 – Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache
https://notcve.org/view.php?id=CVE-2007-5238
06 Oct 2007 — Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." Java Web Start en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 yearlier, y SDK y JRE 1.4.2_15 y anteriores no hace ... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2007-5236
https://notcve.org/view.php?id=CVE-2007-5236
06 Oct 2007 — Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. Java Web Start en Sun JDK y JRE 5.0 Update 12 y anteriores, y SDK y JRE 1.4.2_15 y anteriores, sobre Windows no hace cumplir de forma adecuada las restricciones de acceso para aplicaciones no válidas, lo cual permite a atacantes remot... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 20%CPEs: 64EXPL: 0CVE-2007-5232 – Security Vulnerability in Java Runtime Environment With Applet Caching
https://notcve.org/view.php?id=CVE-2007-5232
05 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y earlier, y SDK y JRE 1.3.1_20 y anteriores, ... • http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 •
CVSS: 10.0EPSS: 77%CPEs: 4EXPL: 2CVE-2007-5019 – Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow
https://notcve.org/view.php?id=CVE-2007-5019
20 Sep 2007 — Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method. Desbordamiento de búfer en el control ActiveX Sun Java Web Start del Java Runtime Environment (JRE) 1.6.0_X permite a atacantes remotos tener un impacto desconocido a través del uso de un argumento largo en el método dnsResolve (isInstalled.dnsResolve) • https://www.exploit-db.com/exploits/4432 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 14%CPEs: 3EXPL: 1CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
17 Aug 2007 — Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos ... • https://www.exploit-db.com/exploits/30502 •
CVSS: 9.1EPSS: 2%CPEs: 5EXPL: 0CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
21 Jul 2007 — Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores ,... • http://dev2dev.bea.com/pub/advisory/248 •
CVSS: 7.8EPSS: 24%CPEs: 20EXPL: 0CVE-2007-3698 – Java Secure Socket Extension Does Not Correctly Process SSL/TLS Handshake Requests Resulting in a Denial of Service (DoS) Condition
https://notcve.org/view.php?id=CVE-2007-3698
11 Jul 2007 — The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. El Java Secure Socket Extension (JSSE) en Sun JDK y JRE versión 6 Update 1 y anteriores, JDK y JRE versión 5.0 Updates 7 hasta 11, y SDK y JRE versión 1.4.2_11 hasta 1.4.2_14, cuando se usa JSSE para ... • http://dev2dev.bea.com/pub/advisory/249 •
CVSS: 9.8EPSS: 39%CPEs: 5EXPL: 0CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
30 Jun 2007 — Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión... • http://docs.info.apple.com/article.html?artnum=307177 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 52%CPEs: 96EXPL: 1CVE-2007-2788 – Sun Java JDK 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2788
22 May 2007 — Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. Un desbordamiento de enteros en el analizador de ima... • https://www.exploit-db.com/exploits/30043 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •