CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2007-3716
https://notcve.org/view.php?id=CVE-2007-3716
11 Jul 2007 — The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. La implementación de Java XML Digital Signature en Sun JDK y JRE versión 6 anterior a Update 2, no procesa apropiadamente hojas de estilo XSLT en las transformaciones de XSLT en firmas XSLT, lo que permite a atacantes dep... • http://dev2dev.bea.com/pub/advisory/248 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 39%CPEs: 5EXPL: 0CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
30 Jun 2007 — Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión... • http://docs.info.apple.com/article.html?artnum=307177 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 50%CPEs: 37EXPL: 1CVE-2007-0243 – Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-0243
16 Jan 2007 — Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. Desbordamiento de búfer en el Sun JDK y el Java Runtime Environment (JRE) 5.0 Actualizada a la 9 y anteriores, SDK y JRE 1.4.2_12 y anteriores y SDK y JRE 1.3.1_18 y anteriores permite a los applets obtener privilegios mediante una im... • https://www.exploit-db.com/exploits/3168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2006-6009
https://notcve.org/view.php?id=CVE-2006-6009
21 Nov 2006 — Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. Vulnerabilidad no especificada en la librería Java Runtime Environment (JRE) Swing de JDKy JRE 5.0 Update 7 y anteriores permite a atacantes remotos obtener determinada información mediante vectores de ataque no especificados, relacionados con un applet n... • http://secunia.com/advisories/22910 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-0616
https://notcve.org/view.php?id=CVE-2006-0616
09 Feb 2006 — Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." • http://docs.info.apple.com/article.html?artnum=303658 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-0617
https://notcve.org/view.php?id=CVE-2006-0617
09 Feb 2006 — Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." • http://docs.info.apple.com/article.html?artnum=303658 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2005-0471
https://notcve.org/view.php?id=CVE-2005-0471
19 Feb 2005 — Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. • http://secunia.com/advisories/11070 •
CVSS: 9.1EPSS: 4%CPEs: 60EXPL: 2CVE-2003-1123 – Sun JRE/SDK 1.x - Untrusted Applet Java Security Model Violation
https://notcve.org/view.php?id=CVE-2003-1123
31 Dec 2003 — Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model. • https://www.exploit-db.com/exploits/22732 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2000-1099
https://notcve.org/view.php?id=CVE-2000-1099
09 Jan 2001 — Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. • http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba •