CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5344 – Java WebStart unprivileged local file and network access
https://notcve.org/view.php?id=CVE-2008-5344
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE 5.0 Update 16 y anteriores; y en SDK y J... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 9.8EPSS: 3%CPEs: 20EXPL: 0CVE-2008-5347 – OpenJDK applet privilege escalation via JAX package access (6592792)
https://notcve.org/view.php?id=CVE-2008-5347
05 Dec 2008 — Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. Multiples vulnerabilidades no especificadas en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores permite a applets y aplicaciones no confiables obtener privilegios mediante vectores relacionados con el acceso a clases interna... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 8%CPEs: 91EXPL: 0CVE-2008-5348 – OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://notcve.org/view.php?id=CVE-2008-5348
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores, cuando usa... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 7.5EPSS: 4%CPEs: 40EXPL: 0CVE-2008-5349 – OpenJDK RSA public key length denial-of-service (6497740)
https://notcve.org/view.php?id=CVE-2008-5349
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una clave pública RS... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5350 – OpenJDK allows to list files within the user home directory (6484091)
https://notcve.org/view.php?id=CVE-2008-5350
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a applets y aplicac... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 2%CPEs: 91EXPL: 0CVE-2008-5351 – OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)
https://notcve.org/view.php?id=CVE-2008-5351
05 Dec 2008 — Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores acepta códigos ... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 91EXPL: 4CVE-2008-5353 – Signed Applet Social Engineering - Code Execution
https://notcve.org/view.php?id=CVE-2008-5353
05 Dec 2008 — The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Upda... • https://www.exploit-db.com/exploits/16302 •
CVSS: 9.8EPSS: 18%CPEs: 91EXPL: 0CVE-2008-5354 – OpenJDK Privilege escalation in command line applications (6733959)
https://notcve.org/view.php?id=CVE-2008-5354
05 Dec 2008 — Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. Desbordamiento de búfer basado en pila en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 91EXPL: 0CVE-2008-5355
https://notcve.org/view.php?id=CVE-2008-5355
05 Dec 2008 — The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. La funcionalidad de actualización de Java en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v... • http://osvdb.org/50498 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 4%CPEs: 91EXPL: 0CVE-2008-5356 – OpenJDK Font processing vulnerability (6733336)
https://notcve.org/view.php?id=CVE-2008-5356
05 Dec 2008 — Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. Desbordamiento de búfer basado en pila en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a atacantes remotos ejecutar código ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=757 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •