CVSS: 9.8EPSS: 7%CPEs: 30EXPL: 0CVE-2006-0615
https://notcve.org/view.php?id=CVE-2006-0615
09 Feb 2006 — Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." • http://docs.info.apple.com/article.html?artnum=303658 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2005-3583
https://notcve.org/view.php?id=CVE-2005-3583
16 Nov 2005 — (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. • http://marc.info/?l=bugtraq&m=113113125121878&w=2 •
CVSS: 6.2EPSS: 4%CPEs: 2EXPL: 1CVE-2005-1080 – jar: directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2005-1080
12 Apr 2005 — Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. An off-by-one flaw, leading to a buffer overflow, was fo... • http://advisories.mageia.org/MGASA-2015-0158.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2005-0223
https://notcve.org/view.php?id=CVE-2005-0223
06 Feb 2005 — The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. • http://marc.info/?l=bugtraq&m=110719624029320&w=2 •
CVSS: 9.8EPSS: 35%CPEs: 157EXPL: 1CVE-2004-1029 – Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
https://notcve.org/view.php?id=CVE-2004-1029
24 Nov 2004 — The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2004-0651
https://notcve.org/view.php?id=CVE-2004-0651
13 Jul 2004 — Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang). Vulnerabilidad desconocida en Sun Java Runtime Environment (JRE) 1.4.2 a 1.4.2_03 permite a atacantes remotos causar una denegación de servicio (cuelgue de la máquina virtual). • http://marc.info/?l=bugtraq&m=108559041910233&w=2 •