CVSS: 9.8EPSS: 4%CPEs: 23EXPL: 0CVE-2009-1097 – OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
https://notcve.org/view.php?id=CVE-2009-1097
25 Mar 2009 — Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. Múltiples desbordamientos de búfer en Java S... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 31%CPEs: 153EXPL: 0CVE-2009-1098 – OpenJDK GIF processing buffer overflow vulnerability (6804998)
https://notcve.org/view.php?id=CVE-2009-1098
25 Mar 2009 — Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. Desbordamiento del búfer en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores; v6 Update 12 y anteriores; v1.4.2_19 y anteriores; y 1.3.1_24 y anteriores, permite a atacantes remoto... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 12%CPEs: 61EXPL: 0CVE-2009-1100 – OpenJDK: DoS (disk consumption) via handling of temporary font files
https://notcve.org/view.php?id=CVE-2009-1100
25 Mar 2009 — Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. Múltiples vulnerabilidades no especificadas en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteri... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 10.0EPSS: 28%CPEs: 61EXPL: 0CVE-2009-1095 – OpenJDK Pack200 Buffer overflow vulnerability (6792554)
https://notcve.org/view.php?id=CVE-2009-1095
25 Mar 2009 — Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Desbordamiento de entero en unpack200 en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores, y v6 Update 12 y anteriores, permite a atacantes remotos acceder a ficheros y ejecutar código de su elección a tra... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 14%CPEs: 23EXPL: 0CVE-2009-1101 – OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
https://notcve.org/view.php?id=CVE-2009-1101
25 Mar 2009 — Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." Vulnerabilidad no especificada en la implementación del servidor HTTP Lightweight en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 9.3EPSS: 6%CPEs: 40EXPL: 0CVE-2008-5352 – OpenJDK Jar200 Decompression buffer overflow (6755943)
https://notcve.org/view.php?id=CVE-2008-5352
05 Dec 2008 — Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. Desbordamiento de entero en la utilidad de desempaquetado JAR (unpack200) en la biblioteca de desempaquetar (unpack.dll) en Java Runtime Environment (JRE) en ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=759 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 3%CPEs: 91EXPL: 0CVE-2008-5340 – Java WebStart privilege escalation
https://notcve.org/view.php?id=CVE-2008-5340
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5341 – Java Web Start exposes username and the pathname of the JWS cache
https://notcve.org/view.php?id=CVE-2008-5341
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite que aplicaciones JWS no confiables obtengan la rut... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5342 – Java Web Start BasicService displays local files in the browser
https://notcve.org/view.php?id=CVE-2008-5342
05 Dec 2008 — Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. Vulnerabilidad no especificada en BasicService para Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 2%CPEs: 91EXPL: 0CVE-2008-5343 – Java WebStart allows hidden code privilege escalation
https://notcve.org/view.php?id=CVE-2008-5343
05 Dec 2008 — Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK ... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html •