CVSS: 9.3EPSS: 42%CPEs: 91EXPL: 0CVE-2008-5354 – OpenJDK Privilege escalation in command line applications (6733959)
https://notcve.org/view.php?id=CVE-2008-5354
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. Desbordamiento de búfer basado en pila en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a aplicaciones Java no confiables ejecutadas en local y posiblemente en remoto ejecutar código de su elección mediante un fichero JAR con una entrada larga en el manifiesto de Main-Class. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 43%CPEs: 91EXPL: 0CVE-2008-5356 – OpenJDK Font processing vulnerability (6733336)
https://notcve.org/view.php?id=CVE-2008-5356
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. Desbordamiento de búfer basado en pila en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero de fuentes TrueType manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=757 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/5051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 128EXPL: 0CVE-2008-5357 – OpenJDK Truetype Font processing vulnerability (6751322)
https://notcve.org/view.php?id=CVE-2008-5357
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. Desbordamiento de entero en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero de fuentes TrueType manipulado, provocando un desbordamiento de búfer basado en pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/5051 • CWE-189: Numeric Errors •
CVSS: 6.4EPSS: 0%CPEs: 127EXPL: 0CVE-2008-5360 – OpenJDK temporary files have guessable file names (6721753)
https://notcve.org/view.php?id=CVE-2008-5360
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. Java Runtime Environment (JRE) para Sun JDK y JRE 6 Update 10 y versiones anteriores; JDK y JRE 5.0 Update 16 y versiones anteriores; SDK y JRE 1.4.2_18 y versiones anteriores y SDK y JRE 1.3.1_23 y versiones anteriores crea archivos temporales con nombres de archivo predecibles, lo que podría permitir a atacantes escribir archivos JAR maliciosos a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 •
CVSS: 9.3EPSS: 48%CPEs: 91EXPL: 0CVE-2008-2086 – Java Web Start File Inclusion via System Properties Override
https://notcve.org/view.php?id=CVE-2008-2086
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. Sun Java Web Start y Java Plug-in para JDK y JRE v6 Update 10 y anteriores;JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores permite a atacantes remotos ejecutar código a su elección a través de un fichero manipulado jnlp que modifica las propiedades del sistema (1) java.home, (2) java.ext.dirs, o (3) user.home, anteriormente conocido como "Java Web Start File Inclusion." • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50510 http://rhn.redhat.com/errata/RHSA-2008-1025.html http://se • CWE-94: Improper Control of Generation of Code ('Code Injection') •