CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2527
https://notcve.org/view.php?id=CVE-2005-2527
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. • http://docs.info.apple.com/article.html?artnum=302266 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.securityfocus.com/bid/14825 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 19%CPEs: 157EXPL: 1CVE-2004-1029 – Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
https://notcve.org/view.php?id=CVE-2004-1029
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 3CVE-2003-1134 – Sun Microsystems Java Virtual Machine 1.x - Security Manager Denial of Service
https://notcve.org/view.php?id=CVE-2003-1134
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception. • https://www.exploit-db.com/exploits/23292 http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html http://www.securityfocus.com/bid/8892 •