Page 7 of 37 results (0.012 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. Sun Java versión 1.6.0_03 y anteriores, y posiblemente versiones posteriores, no comprueba apropiadamente la autenticidad de las actualizaciones, lo que permite a los atacantes de tipo man-in-the-middle ejecutar código arbitrario por medio de una actualización de tipo caballo de Troya, como es demostrado por evilgrade y Envenenamiento de caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020584 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. • http://docs.info.apple.com/article.html?artnum=302265 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.osvdb.org/19397 http://www.securityfocus.com/bid/14827 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22269 •

CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0

Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. • http://docs.info.apple.com/article.html?artnum=302266 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.securityfocus.com/bid/14825 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22262 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." • http://docs.info.apple.com/article.html?artnum=302266 http://lists.apple.com/archives/Security-announce/2005/Sep/msg00000.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22264 •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." • http://docs.info.apple.com/article.html?artnum=302265 http://lists.apple.com/archives/security-announce/2005/Sep/msg00001.html http://secunia.com/advisories/16808 http://www.ciac.org/ciac/bulletins/p-306.shtml http://www.securityfocus.com/bid/14826 http://www.vupen.com/english/advisories/2005/1734 https://exchange.xforce.ibmcloud.com/vulnerabilities/22265 •