Page 71 of 367 results (0.017 seconds)

CVSS: 2.6EPSS: 11%CPEs: 64EXPL: 0

CVE-2007-5238 – Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache

https://notcve.org/view.php?id=CVE-2007-5238

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." Java Web Start en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 yearlier, y SDK y JRE 1.4.2_15 y anteriores no hace cumplir las restricciones de acceso para aplicaciones no válidas, lo caul permite a atacantes con la intervención del usuario obtener información sensible (la localización de la cache Java Web Start) a través de aplicaciones no confiables, también conocido como "tres vulnerabilidades". • http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28777 http://secunia.com/advisories/28880 http://secunia.com/advisories/29042 http& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 5%CPEs: 64EXPL: 0

CVE-2007-5240 – Applets or Applications are allowed to display an oversized window

https://notcve.org/view.php?id=CVE-2007-5240

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. Vulnerabilidad de truncamiento visual en Java Runtime Environment en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 hasta la 12 y anteriores, SDK y JRE 1.4.2_15 y anteriores, y SDK y JRE 1.3.1_20 y anteriores permite a atacantes remotos evitar la muestra del mensaje de advertencia de código no permitido con la creación de una ventana más grande que la ventana del sitio de trabajo. • http://dev2dev.bea.com/pub/advisory/272 http://download.novell.com/Download?buildid=q5exhSqeBjA~ http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28777 http://secunia.com •

CVSS: 4.0EPSS: 24%CPEs: 64EXPL: 0

CVE-2007-5232 – Security Vulnerability in Java Runtime Environment With Applet Caching

https://notcve.org/view.php?id=CVE-2007-5232

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y earlier, y SDK y JRE 1.3.1_20 y anteriores, cuando applet caching está activo, permite a atacantes remotos violar el modelo de seguridad para conexiones de salida del applet a través de un ataque de recinvulación del DNS. • http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://dev2dev.bea.com/pub/advisory/272 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html htt •

CVSS: 9.3EPSS: 15%CPEs: 3EXPL: 1

CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation

https://notcve.org/view.php?id=CVE-2007-4381

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos privilegios por si mismo. • https://www.exploit-db.com/exploits/30502 http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/26402 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27716 http://secunia. •

CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0

CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions

https://notcve.org/view.php?id=CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores , 6 hasta 6 Update 1, y SDK y JRE 1.4.2_14 y versiones anteriores, permite a atacantes remotos romper el modelo de seguridad en las conexiones salientes de un applet al conectarse a determinados servicios localhost ejecutándose en la máquina que cargó el applet. • http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01269450 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://secunia.com/advisories/26314 http://secunia.com/advisories/26369 http://secunia.com/advisories/26631 http://secunia.com/advisories/26645 http://secunia.com/advisories/26933 http://secunia.com/advisories/27266 http://secunia.com •