CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3440
https://notcve.org/view.php?id=CVE-2008-3440
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Sun Java versión 1.6.0_03 y anteriores, y posiblemente versiones posteriores, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de Troya, como es demostrado por evilgrade y Envenenamiento de caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020584 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2005-2527
https://notcve.org/view.php?id=CVE-2005-2527
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. • http://docs.info.apple.com/article.html?artnum=302266 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.securityfocus.com/bid/14825 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •