CVSS: 9.8EPSS: 23%CPEs: 91EXPL: 0CVE-2008-5354 – OpenJDK Privilege escalation in command line applications (6733959)
https://notcve.org/view.php?id=CVE-2008-5354
05 Dec 2008 — Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. Desbordamiento de búfer basado en pila en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 40EXPL: 0CVE-2008-5349 – OpenJDK RSA public key length denial-of-service (6497740)
https://notcve.org/view.php?id=CVE-2008-5349
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una clave pública RS... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 9.3EPSS: 36%CPEs: 20EXPL: 0CVE-2008-5358 – OpenJDK Buffer Overflow in GIF image processing (6766136)
https://notcve.org/view.php?id=CVE-2008-5358
05 Dec 2008 — Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero GIF manipulado que provoca una corrupción de memoria durante la visualación de la imagen de bienv... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 91EXPL: 0CVE-2008-5348 – OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://notcve.org/view.php?id=CVE-2008-5348
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores, cuando usa... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2008-5347 – OpenJDK applet privilege escalation via JAX package access (6592792)
https://notcve.org/view.php?id=CVE-2008-5347
05 Dec 2008 — Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. Multiples vulnerabilidades no especificadas en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores permite a applets y aplicaciones no confiables obtener privilegios mediante vectores relacionados con el acceso a clases interna... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 46%CPEs: 91EXPL: 0CVE-2008-2086 – Java Web Start File Inclusion via System Properties Override
https://notcve.org/view.php?id=CVE-2008-2086
05 Dec 2008 — Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. Sun Java Web Start y Java Plug-in para JDK y JRE v6 Update 10 y anteriores;JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anterior... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 2%CPEs: 91EXPL: 0CVE-2008-5339 – Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5339
04 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite ... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2008-3110
https://notcve.org/view.php?id=CVE-2008-3110
09 Jul 2008 — Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 y versiones anteriores permite a atacantes remotos obtener información sensible utilizando un applet para leer información de otra applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 66EXPL: 0CVE-2008-3113 – Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
https://notcve.org/view.php?id=CVE-2008-3113
09 Jul 2008 — Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 5.0 versiones anteriores a Update 16 y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes remotos crear o borrar ficheros de su elección a través de aplicaciones no confiables, también conocido como CR... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 23%CPEs: 32EXPL: 0CVE-2008-3115
https://notcve.org/view.php?id=CVE-2008-3115
09 Jul 2008 — Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. Secure Static Versioning de Sun Java JDK y JRE 6 Update 6 y versiones anteriores, y 5.0 Update 6 hasta 15, no previene adecuadamente la ejecución de applets en versiones anteriores de JRE, lo cual puede permitir a atacantes remotos explotar vulnerabilid... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-16: Configuration •