CVSS: 9.8EPSS: 14%CPEs: 3EXPL: 1CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
17 Aug 2007 — Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos ... • https://www.exploit-db.com/exploits/30502 •
CVSS: 9.1EPSS: 2%CPEs: 5EXPL: 0CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
21 Jul 2007 — Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores ,... • http://dev2dev.bea.com/pub/advisory/248 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2007-3716
https://notcve.org/view.php?id=CVE-2007-3716
11 Jul 2007 — The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. La implementación de Java XML Digital Signature en Sun JDK y JRE versión 6 anterior a Update 2, no procesa apropiadamente hojas de estilo XSLT en las transformaciones de XSLT en firmas XSLT, lo que permite a atacantes dep... • http://dev2dev.bea.com/pub/advisory/248 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 39%CPEs: 5EXPL: 0CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
30 Jun 2007 — Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión... • http://docs.info.apple.com/article.html?artnum=307177 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 52%CPEs: 96EXPL: 1CVE-2007-2788 – Sun Java JDK 1.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2788
22 May 2007 — Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. Un desbordamiento de enteros en el analizador de ima... • https://www.exploit-db.com/exploits/30043 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 3%CPEs: 94EXPL: 0CVE-2007-2789 – BMP image parser vulnerability
https://notcve.org/view.php?id=CVE-2007-2789
22 May 2007 — The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. El analizador de imágenes BMP en... • http://dev2dev.bea.com/pub/advisory/248 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2007-2435 – javaws vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2435
02 May 2007 — Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a través de una apli... • http://dev2dev.bea.com/pub/advisory/241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 50%CPEs: 37EXPL: 1CVE-2007-0243 – Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2007-0243
16 Jan 2007 — Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. Desbordamiento de búfer en el Sun JDK y el Java Runtime Environment (JRE) 5.0 Actualizada a la 9 y anteriores, SDK y JRE 1.4.2_12 y anteriores y SDK y JRE 1.3.1_18 y anteriores permite a los applets obtener privilegios mediante una im... • https://www.exploit-db.com/exploits/3168 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 46EXPL: 0CVE-2006-6745
https://notcve.org/view.php?id=CVE-2006-6745
26 Dec 2006 — Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. Múltiples vulnerabilidades no especificadas en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 7 y anteriores, y Java System Development Kit (SDK) ... • http://dev2dev.bea.com/pub/advisory/240 •
CVSS: 9.1EPSS: 5%CPEs: 72EXPL: 0CVE-2006-6737
https://notcve.org/view.php?id=CVE-2006-6737
26 Dec 2006 — Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." Vulnerabilidad no especificada en Sun Java Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 5 y anteriores, Java System Development Kit (SDK) y JRE 1.4.2_10 y... • http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html •