CVSS: 10.0EPSS: 10%CPEs: 91EXPL: 0CVE-2008-5355
https://notcve.org/view.php?id=CVE-2008-5355
05 Dec 2008 — The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. La funcionalidad de actualización de Java en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v... • http://osvdb.org/50498 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 19%CPEs: 20EXPL: 0CVE-2008-5358 – OpenJDK Buffer Overflow in GIF image processing (6766136)
https://notcve.org/view.php?id=CVE-2008-5358
05 Dec 2008 — Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero GIF manipulado que provoca una corrupción de memoria durante la visualación de la imagen de bienv... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 91EXPL: 0CVE-2008-5340 – Java WebStart privilege escalation
https://notcve.org/view.php?id=CVE-2008-5340
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5341 – Java Web Start exposes username and the pathname of the JWS cache
https://notcve.org/view.php?id=CVE-2008-5341
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite que aplicaciones JWS no confiables obtengan la rut... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5342 – Java Web Start BasicService displays local files in the browser
https://notcve.org/view.php?id=CVE-2008-5342
05 Dec 2008 — Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. Vulnerabilidad no especificada en BasicService para Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 91EXPL: 0CVE-2008-5343 – Java WebStart allows hidden code privilege escalation
https://notcve.org/view.php?id=CVE-2008-5343
05 Dec 2008 — Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK ... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html •
CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5344 – Java WebStart unprivileged local file and network access
https://notcve.org/view.php?id=CVE-2008-5344
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE 5.0 Update 16 y anteriores; y en SDK y J... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 7.5EPSS: 10%CPEs: 91EXPL: 0CVE-2008-5348 – OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://notcve.org/view.php?id=CVE-2008-5348
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores, cuando usa... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 7.5EPSS: 4%CPEs: 40EXPL: 0CVE-2008-5349 – OpenJDK RSA public key length denial-of-service (6497740)
https://notcve.org/view.php?id=CVE-2008-5349
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una clave pública RS... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5350 – OpenJDK allows to list files within the user home directory (6484091)
https://notcve.org/view.php?id=CVE-2008-5350
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a applets y aplicac... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •