CVSS: 5.5EPSS: 3%CPEs: 94EXPL: 0CVE-2007-2789 – BMP image parser vulnerability
https://notcve.org/view.php?id=CVE-2007-2789
22 May 2007 — The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. El analizador de imágenes BMP en... • http://dev2dev.bea.com/pub/advisory/248 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2007-2435 – javaws vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2435
02 May 2007 — Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a través de una apli... • http://dev2dev.bea.com/pub/advisory/241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 50%CPEs: 37EXPL: 1CVE-2007-0243 – Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-0243
16 Jan 2007 — Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. Desbordamiento de búfer en el Sun JDK y el Java Runtime Environment (JRE) 5.0 Actualizada a la 9 y anteriores, SDK y JRE 1.4.2_12 y anteriores y SDK y JRE 1.3.1_18 y anteriores permite a los applets obtener privilegios mediante una im... • https://www.exploit-db.com/exploits/3168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 5%CPEs: 72EXPL: 0CVE-2006-6737
https://notcve.org/view.php?id=CVE-2006-6737
26 Dec 2006 — Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." Vulnerabilidad no especificada en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 5 y anteriores, Java System Development Kit (SDK) y JRE 1.4.2_10 y... • http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html •
CVSS: 9.1EPSS: 1%CPEs: 78EXPL: 0CVE-2006-6736
https://notcve.org/view.php?id=CVE-2006-6736
26 Dec 2006 — Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue." Vulnerabilidad no especificada en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 6 y anteriores, Java System Development Kit (SDK) y JRE 1.4.2_12 ... • http://docs.info.apple.com/article.html?artnum=307177 •
CVSS: 9.3EPSS: 17%CPEs: 80EXPL: 0CVE-2006-6731
https://notcve.org/view.php?id=CVE-2006-6731
26 Dec 2006 — Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_Ima... • http://dev2dev.bea.com/pub/advisory/243 •
CVSS: 5.9EPSS: 0%CPEs: 95EXPL: 0CVE-2006-5201
https://notcve.org/view.php?id=CVE-2006-5201
09 Oct 2006 — Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and o... • http://secunia.com/advisories/22204 •
CVSS: 7.5EPSS: 36%CPEs: 3EXPL: 2CVE-2006-2426 – Sun Java Applet - Font.createFont Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-2426
17 May 2006 — Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. • https://www.exploit-db.com/exploits/27882 •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2006-0615
https://notcve.org/view.php?id=CVE-2006-0615
09 Feb 2006 — Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." • http://docs.info.apple.com/article.html?artnum=303658 •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2006-0614
https://notcve.org/view.php?id=CVE-2006-0614
09 Feb 2006 — Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." • http://docs.info.apple.com/article.html?artnum=303658 •