Page 24 of 122 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." Vulnerabilidad no especificada en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 5 y anteriores, Java System Development Kit (SDK) y JRE 1.4.2_10 y versiones 1.4.x anteriores, y SDK y JRE 1.3.1_18 y anteriores permite a atacantes remotos utilizar applets que no son de confianza para "acceder a información de otros applets", también conocido como "El primer asunto". • http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html http://secunia.com/advisories/23398 http://secunia.com/advisories/23650 http://secunia.com/advisories/23835 http://secunia.com/advisories/24099 http://secunia.com/advisories/24189 http://secunia.com/advisories/25404 http://secunia.com/advisories/26049 http://secunia.com/advisories/26119 http://security.gentoo.org/glsa/glsa-200701-15.xml http://security.gentoo.org/glsa/glsa-200702-08.xml http://sec •

CVSS: 4.0EPSS: 1%CPEs: 95EXPL: 0

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. Múltiples paquetes sobre Sun Solaris, incluyendo (1) NSS; (2) Java JDK and JRE 5.0 Update 8 y anteriores, SDK y JRE 1.4.x hasta 1.4.2_12, y SDK y JRE 1.3.x hasta 1.3.1_19; (3) JSSE 1.0.3_03 y anteriores; (4) IPSec/IKE; (5) Secure Global Desktop; y (6) StarOffice, cuando se usa una llave RSA con un exponente 3, elimina el relleno PKCS-1 antes de generar un hash, lo cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que esta firmada por una llave RSA y evita que estos productos verifiquen correctamente X.509 y otros certificados que utilicen PKCS #1. • http://secunia.com/advisories/22204 http://secunia.com/advisories/22226 http://secunia.com/advisories/22325 http://secunia.com/advisories/22992 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.kb.cert.org/vuls/id/845620 http://www.vupen.com/english/advisories/2006/3898 http://www.vupen.com/english/advisories/2006&# •

CVSS: 6.4EPSS: 0%CPEs: 12EXPL: 0

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." • http://docs.info.apple.com/article.html?artnum=303658 http://secunia.com/advisories/18760 http://secunia.com/advisories/18884 http://securitytracker.com/id?1015596 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml http://www.kb.cert.org/vuls/id/759996 http://www.vupen.com/english/advisories/2006/0467 http://www.vupen.com/english/advisories/2006/0828 http://www.vupen.com/english/advisories/ •

CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." • http://docs.info.apple.com/article.html?artnum=303658 http://secunia.com/advisories/18760 http://secunia.com/advisories/18884 http://securitytracker.com/id?1015596 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml http://www.kb.cert.org/vuls/id/759996 http://www.vupen.com/english/advisories/2006/0467 http://www.vupen.com/english/advisories/2006/0828 http://www.vupen.com/english/advisories/ •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. • http://advisories.mageia.org/MGASA-2015-0158.html http://marc.info/?l=bugtraq&m=111331593310508&w=2 http://marc.info/?l=oss-security&m=127602564508766&w=2 http://marc.info/?l=oss-security&m=127603032617644&w=2 http://rhn.redhat.com/errata/RHSA-2015-0806.html http://rhn.redhat.com/errata/RHSA-2015-0807.html http://rhn.redhat.com/errata/RHSA-2015-0808.html http://rhn.redhat.com/errata/RHSA-2015-0809.html http://rhn.redhat.com/errata/RHSA-2015-0854.html h • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •