Page 72 of 398 results (0.006 seconds)

CVSS: 6.8EPSS: 24%CPEs: 72EXPL: 0

CVE-2008-1189 – Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)

https://notcve.org/view.php?id=CVE-2008-1189

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. El desbordamiento de búfer en Java Web Start en JDK y JRE versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, de Sun, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos, un problema diferente del CVE-2008-1188, también se conoce como el problema "third". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2008-0657 – java-1.5.0 Privilege escalation via unstrusted applet and application

https://notcve.org/view.php?id=CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Múltiples vulnerabilidades no especificadas en el Java Runtime Environment en Sun JDK y JRE 6 Update 1 y versiones anteriores y 5.0 Update 13 y versiones anteriores, permite a atacantes según contexto conseguir privilegios a través de (1) aplicación o (2) applet no confiables, como se demostró por una aplicación o applet que garantiza de por sí privilegios de (a) lectura en archivos locales (b) escritura en archivos locales, o (c) ejecución de programas locales. • http://dev2dev.bea.com/pub/advisory/277 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/28795 http://secunia.com/advisories/28888 http://secunia.com/advisories/29214 http://secunia.com/advisories/29498 http://secunia.com/advisories/29841 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://secunia.com/advisories/31497 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0

CVE-2008-0628 – java-1.6.0 default external entity processing

https://notcve.org/view.php?id=CVE-2008-0628

The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. El código de análisis sintáctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualización 3 y anteriores. Procesa referencias a entidades externas incluso cuando la propiedad "external general entities (entidades generales externas)" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegación de servicio o acceso restringido a recursos. • http://dev2dev.bea.com/pub/advisory/277 http://scary.beasts.org/security/CESA-2007-002.html http://secunia.com/advisories/28746 http://secunia.com/advisories/29841 http://secunia.com/advisories/29858 http://secunia.com/advisories/30780 http://security.gentoo.org/glsa/glsa-200804-28.xml http://securityreason.com/securityalert/3621 http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://www. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 2%CPEs: 64EXPL: 0

CVE-2007-5689 – java-jre: Applet Privilege Escalation

https://notcve.org/view.php?id=CVE-2007-5689

The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. La Máquina Virtual de java (JVM) de Sun Java Runtime Environment (JRE) de SDK y JRE 1.3.x hasta 1.3.1_20 y 1.4.x hasta 1.4.2_15, y JDK y JRE 5.x hata 5.0 Update 12 y 6.x hata 6 Update 2, permite a atacantes remotos ejecutar programas de su elección, o leer o modificar ficheros de su elección, mediante applets que conceden privilegios a si mismos. • http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://osvdb.org/40834 http://secunia.com/advisories/27320 http://secunia.com/advisories/27693 http://secunia.com/advisories/29042 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://security.gentoo.org/glsa/glsa-200804-28.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-103112-1 •

CVSS: 2.6EPSS: 0%CPEs: 64EXPL: 0

CVE-2007-5273 – Anti-DNS Pinning and Java Applets with HTTP proxy

https://notcve.org/view.php?id=CVE-2007-5273

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. En Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 Update 2 y anteriores, JDK y JRE versión 5.0 Update 12 y anteriores, SDK y JRE versión 1.4.2_15 y anteriores, y SDK y JRE versión 1.3.1_20 y anteriores, cuando un servidor proxy HTTP se utiliza, permite a los atacantes remotos violar el modelo de seguridad para las conexiones salientes de un applets por medio de un ataque de reajuste de múlti-pin DNS en el que la descarga del applet depende de la resolución DNS en el servidor proxy, pero las operaciones de socket del applet dependen de la resolución DNS en máquina local, un problema diferente de CVE-2007-5274. NOTA: esto es similar a CVE-2007-5232. • http://crypto.stanford.edu/dns/dns-rebinding.pdf http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://osvdb.org/45527 http://seclists.org/fulldisclosure/2007/Jul/0159.html http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.c •