Page 17 of 126 results (0.008 seconds)

CVSS: 6.4EPSS: 0%CPEs: 127EXPL: 0

CVE-2008-5360 – OpenJDK temporary files have guessable file names (6721753)

https://notcve.org/view.php?id=CVE-2008-5360

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. Java Runtime Environment (JRE) para Sun JDK y JRE 6 Update 10 y versiones anteriores; JDK y JRE 5.0 Update 16 y versiones anteriores; SDK y JRE 1.4.2_18 y versiones anteriores y SDK y JRE 1.3.1_23 y versiones anteriores crea archivos temporales con nombres de archivo predecibles, lo que podría permitir a atacantes escribir archivos JAR maliciosos a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 •

CVSS: 9.3EPSS: 48%CPEs: 91EXPL: 0

CVE-2008-2086 – Java Web Start File Inclusion via System Properties Override

https://notcve.org/view.php?id=CVE-2008-2086

Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. Sun Java Web Start y Java Plug-in para JDK y JRE v6 Update 10 y anteriores;JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores permite a atacantes remotos ejecutar código a su elección a través de un fichero manipulado jnlp que modifica las propiedades del sistema (1) java.home, (2) java.ext.dirs, o (3) user.home, anteriormente conocido como "Java Web Start File Inclusion." • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50510 http://rhn.redhat.com/errata/RHSA-2008-1025.html http://se • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 2%CPEs: 91EXPL: 0

CVE-2008-5339 – Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-5339

Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite que aplicaciones JWS no confiables realicen conexiones de red con sistemas no autorizados mediante vectores desconocidos. These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The first vulnerability results in a cache location and a user name information disclosure. By accessing the SI_FILEDIR property of a SingleInstanceImpl class, the location of the temporary single instance files can be parsed to discover the user name and cache location. The second vulnerability allows applets to read any file on a victim's filesystem, outside of the restricted path of the applet. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://secunia.com •

CVSS: 9.3EPSS: 26%CPEs: 128EXPL: 0

CVE-2008-5359 – Sun Java AWT Library Sandbox Violation Vulnerability

https://notcve.org/view.php?id=CVE-2008-5359

Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. Desbordamiento de búfer en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos relacionados con el "código de procesamiento de imágenes". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 3%CPEs: 102EXPL: 0

CVE-2008-3104 – Java RE allows Same Origin Policy to be Bypassed (6687932)

https://notcve.org/view.php?id=CVE-2008-3104

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. Múltiples vulnerabilidades sin especificar en Sun Java Runtime Environment (JRE) en JDK y JRE 6 antes de Update 7, JDK y JRE 5.0 antes de Update 16, SDK y JRE 1.4.x antes de 1.4.2_18, y SDK y JRE 1.3.x antes de 1.3.1_23 permiten a atacantes remotos violar el modelo de seguridad para conexiones de salida de un applet conectándose a servicios del localhost que se están ejecutando en la máquina que cargó el applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-264: Permissions, Privileges, and Access Controls •