Page 168 of 939 results (0.009 seconds)

CVSS: 10.0EPSS: 3%CPEs: 61EXPL: 0

CVE-2009-2675 – Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. Un desbordamiento de enteros en la utilidad unpack200 en Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 anterior a Update 15, y JDK y JRE versión 5.0 anterior a Update 20, permite a los atacantes dependiendo del contexto alcanzar privilegios por medio de campos de longitud no especificados en el encabezado de un archivo JAR comprimido de Pack200-, que conlleva a un desbordamiento del búfer en la región heap de la memoria durante la descompresión. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime. User interaction is required in that a target must visit a malicious web page or open a malicious JNLP file. The specific flaw exists within the code responsible for handling Pack200 compressed JAR files. During decompression, several fields within a Pack200 header are trusted and used to calculate sizes for heap buffer allocations. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814 http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http: • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2009-2030

https://notcve.org/view.php?id=CVE-2009-2030

Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." Una vulnerabilidad no especificada en la funcionalidad de comprobación de XML Digital Signature en JVA-RUN en JDK versión 6.0 en IBM OS/400 i5/OS versiones V5R4M0 y V6R1M0, presenta un impacto y vectores de ataque desconocidos relacionados con "XML SECURITY PATCH". • http://secunia.com/advisories/35356 http://www-01.ibm.com/support/docview.wss?uid=nas2741c96b7c573b81a862575cc003c726e http://www-01.ibm.com/support/docview.wss?uid=nas2e858199605d67111862575cc003c7276 http://www.attrition.org/pipermail/vim/2009-June/002190.html http://www.securityfocus.com/bid/35265 http://www.vupen.com/english/advisories/2009/1536 https://exchange.xforce.ibmcloud.com/vulnerabilities/51005 •

CVSS: 5.0EPSS: 3%CPEs: 173EXPL: 2

CVE-2009-1190

https://notcve.org/view.php?id=CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540. Una vulnerabilidad de complejidad algorítmica en el método java.util.regex.Pattern.compile en Sun Java Development Kit (JDK) antes de la versión 1.6, cuando se utiliza con spring.jar en la plataforma SpringSource Spring Framework v1.1.0 a la v2.5.6 y v3.0.0.M1 a y v3.0.0.M2 y dm Server v1.0.0 a v1.0.2, permite a atacantes remotos provocar una denegación de servicio (mediante un excesivo consumo de CPU) a través de datos serializables con una cadena regex demasiado larga que almacene multiples grupos opcionales. Vulnerabilidad relacionada con la CVE-2004-2540. • http://secunia.com/advisories/34892 http://www.packetstormsecurity.org/hitb06/DAY_1_-_Marc_Schoenefeld_-_Pentesting_Java_J2EE.pdf http://www.securityfocus.com/archive/1/502926/100/0/threaded http://www.springsource.com/securityadvisory https://bugzilla.redhat.com/show_bug.cgi?id=497161 https://exchange.xforce.ibmcloud.com/vulnerabilities/50083 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0

CVE-2009-1006

https://notcve.org/view.php?id=CVE-2009-1006

Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente JRockit de BEA Product Suite R27.6.2 y anteriores, con SDK/JRE v1.4.2, JRE/JDK v5 y JRE/JDK v6; permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022059 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •

CVSS: 6.4EPSS: 15%CPEs: 23EXPL: 0

CVE-2009-1101 – OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)

https://notcve.org/view.php?id=CVE-2009-1101

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." Vulnerabilidad no especificada en la implementación del servidor HTTP Lightweight en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update 12 y anteriores permite a atacantes remotos provocar una denegación de servicio (probablemente consumo de recursos) para un punto final en el servicio JAX-WS a través de una conexión sin datos, lo que provoca una fuga del descriptor de fichero. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34489 http://secunia.com/advisories/34496 http://secunia.com/advisories/34632 http://secunia •