CVSS: 10.0EPSS: 30%CPEs: 61EXPL: 0CVE-2009-1096 – OpenJDK Pack200 Buffer overflow vulnerability (6792554)
https://notcve.org/view.php?id=CVE-2009-1096
25 Mar 2009 — Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Desbordamiento de búfer en unpack200 en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores, y v6 Update 12 y anteriores, permite a atacantes remotos acceder a archivos o ejecutar código de su elección a travé... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 26%CPEs: 153EXPL: 0CVE-2009-1098 – OpenJDK GIF processing buffer overflow vulnerability (6804998)
https://notcve.org/view.php?id=CVE-2009-1098
25 Mar 2009 — Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. Desbordamiento del búfer en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores; v6 Update 12 y anteriores; v1.4.2_19 y anteriores; y 1.3.1_24 y anteriores, permite a atacantes remoto... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 61EXPL: 0CVE-2009-1100 – OpenJDK: DoS (disk consumption) via handling of temporary font files
https://notcve.org/view.php?id=CVE-2009-1100
25 Mar 2009 — Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. Múltiples vulnerabilidades no especificadas en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteri... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 7.5EPSS: 9%CPEs: 23EXPL: 0CVE-2009-1101 – OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
https://notcve.org/view.php?id=CVE-2009-1101
25 Mar 2009 — Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." Vulnerabilidad no especificada en la implementación del servidor HTTP Lightweight en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 9.8EPSS: 3%CPEs: 20EXPL: 0CVE-2008-5347 – OpenJDK applet privilege escalation via JAX package access (6592792)
https://notcve.org/view.php?id=CVE-2008-5347
05 Dec 2008 — Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. Multiples vulnerabilidades no especificadas en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores permite a applets y aplicaciones no confiables obtener privilegios mediante vectores relacionados con el acceso a clases interna... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 10%CPEs: 91EXPL: 0CVE-2008-5355
https://notcve.org/view.php?id=CVE-2008-5355
05 Dec 2008 — The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. La funcionalidad de actualización de Java en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v... • http://osvdb.org/50498 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 19%CPEs: 20EXPL: 0CVE-2008-5358 – OpenJDK Buffer Overflow in GIF image processing (6766136)
https://notcve.org/view.php?id=CVE-2008-5358
05 Dec 2008 — Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero GIF manipulado que provoca una corrupción de memoria durante la visualación de la imagen de bienv... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 91EXPL: 0CVE-2008-5340 – Java WebStart privilege escalation
https://notcve.org/view.php?id=CVE-2008-5340
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5341 – Java Web Start exposes username and the pathname of the JWS cache
https://notcve.org/view.php?id=CVE-2008-5341
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite que aplicaciones JWS no confiables obtengan la rut... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5342 – Java Web Start BasicService displays local files in the browser
https://notcve.org/view.php?id=CVE-2008-5342
05 Dec 2008 — Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. Vulnerabilidad no especificada en BasicService para Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •