Page 26 of 133 results (0.020 seconds)

CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." • http://docs.info.apple.com/article.html?artnum=303658 http://secunia.com/advisories/18760 http://secunia.com/advisories/18884 http://securitytracker.com/id?1015596 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml http://www.kb.cert.org/vuls/id/759996 http://www.vupen.com/english/advisories/2006/0467 http://www.vupen.com/english/advisories/2006/0828 http://www.vupen.com/english/advisories/ •

CVSS: 7.8EPSS: 27%CPEs: 4EXPL: 0

(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. • http://marc.info/?l=bugtraq&m=113113125121878&w=2 http://secunia.com/advisories/17478 http://securityreason.com/securityalert/143 http://www.securityfocus.com/bid/15312 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. • http://advisories.mageia.org/MGASA-2015-0158.html http://marc.info/?l=bugtraq&m=111331593310508&w=2 http://marc.info/?l=oss-security&m=127602564508766&w=2 http://marc.info/?l=oss-security&m=127603032617644&w=2 http://rhn.redhat.com/errata/RHSA-2015-0806.html http://rhn.redhat.com/errata/RHSA-2015-0807.html http://rhn.redhat.com/errata/RHSA-2015-0808.html http://rhn.redhat.com/errata/RHSA-2015-0809.html http://rhn.redhat.com/errata/RHSA-2015-0854.html h • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. • http://marc.info/?l=bugtraq&m=110719624029320&w=2 •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0

Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang). Vulnerabilidad desconocida en Sun Java Runtime Environment (JRE) 1.4.2 a 1.4.2_03 permite a atacantes remotos causar una denegación de servicio (cuelgue de la máquina virtual). • http://marc.info/?l=bugtraq&m=108559041910233&w=2 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57555 http://www.kb.cert.org/vuls/id/118558 http://www.securityfocus.com/advisories/6773 http://www.securityfocus.com/bid/10301 https://exchange.xforce.ibmcloud.com/vulnerabilities/16085 •