CVSS: 10.0EPSS: 6%CPEs: 339EXPL: 0CVE-2009-3874 – Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3874
04 Nov 2009 — Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Desbordamiento de entero en la implementacion JPEGImageReader en el componente ImageI/O en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK ... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 89%CPEs: 339EXPL: 3CVE-2009-3867 – Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3867
04 Nov 2009 — Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. Desbordamiento de búfer basado en pila en la función HsbParser.getSoundBank en Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.... • https://www.exploit-db.com/exploits/33315 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.1EPSS: 13%CPEs: 138EXPL: 0CVE-2009-2676 – JRE applet launcher vulnerability
https://notcve.org/view.php?id=CVE-2009-2676
05 Aug 2009 — Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. Vulnerabilidad no especificada en JNLPAppletlauncher en Sun Java SE, y SE Business, en JDK y JRE 6v Update v14 y anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html •
CVSS: 10.0EPSS: 1%CPEs: 114EXPL: 0CVE-2004-2764
https://notcve.org/view.php?id=CVE-2004-2764
02 Jun 2009 — Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." Sun SDK y Java Runtime Environment (JRE) desde la v1.4.2 hasta la v1.4.2_04, desde la v1.4.1 hasta la v1.4.1_07, y la v1.4.0 hasta la v1.4.0_04 permite a applets sin confianza y servlets sin privilegios co... • http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2009-1006
https://notcve.org/view.php?id=CVE-2009-1006
15 Apr 2009 — Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente JRockit de BEA Product Suite R27.6.2 y anteriores, con SDK/JRE v1.4.2, JRE/JDK v5 y JRE/JDK v6; permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html •
CVSS: 7.5EPSS: 12%CPEs: 153EXPL: 0CVE-2009-1093 – OpenJDK remote LDAP Denial-Of-Service (6717680)
https://notcve.org/view.php?id=CVE-2009-1093
25 Mar 2009 — LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). LdapCtx en el servicio LDAP en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 actualización 17 y anteriores; 6 actualización 12 y anteriores; SDK y... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-16: Configuration •
CVSS: 10.0EPSS: 8%CPEs: 153EXPL: 0CVE-2009-1094 – OpenJDK LDAP client remote code execution (6737315)
https://notcve.org/view.php?id=CVE-2009-1094
25 Mar 2009 — Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. Vulnerabilidad no especificada en la implementación LDAP de Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores, v6 Update 12 y anteriores, ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 9.3EPSS: 31%CPEs: 153EXPL: 0CVE-2009-1098 – OpenJDK GIF processing buffer overflow vulnerability (6804998)
https://notcve.org/view.php?id=CVE-2009-1098
25 Mar 2009 — Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. Desbordamiento del búfer en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores; v6 Update 12 y anteriores; v1.4.2_19 y anteriores; y 1.3.1_24 y anteriores, permite a atacantes remoto... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 91EXPL: 0CVE-2008-5340 – Java WebStart privilege escalation
https://notcve.org/view.php?id=CVE-2008-5340
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5341 – Java Web Start exposes username and the pathname of the JWS cache
https://notcve.org/view.php?id=CVE-2008-5341
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite que aplicaciones JWS no confiables obtengan la rut... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •