Page 76 of 406 results (0.007 seconds)

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2007-5237

https://notcve.org/view.php?id=CVE-2007-5237

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." Java Web Start in Sun JDK and JRE 6 Update 2 y anteriores no hace cumplir las restricciones de acceso para aplicaciones no confiables, lo cual permite a atacantes remotos con la intervención del usuario leer y modificar archivos locales a través de aplicaciones no confiables, también conocido como "dos vulnerabilidades". • http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/29042 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://security.gentoo.org/glsa/glsa-200804-28.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1 http://www.gentoo.org/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 11%CPEs: 64EXPL: 0

CVE-2007-5238 – Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache

https://notcve.org/view.php?id=CVE-2007-5238

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." Java Web Start en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 yearlier, y SDK y JRE 1.4.2_15 y anteriores no hace cumplir las restricciones de acceso para aplicaciones no válidas, lo caul permite a atacantes con la intervención del usuario obtener información sensible (la localización de la cache Java Web Start) a través de aplicaciones no confiables, también conocido como "tres vulnerabilidades". • http://dev2dev.bea.com/pub/advisory/272 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28777 http://secunia.com/advisories/28880 http://secunia.com/advisories/29042 http& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 5%CPEs: 64EXPL: 0

CVE-2007-5240 – Applets or Applications are allowed to display an oversized window

https://notcve.org/view.php?id=CVE-2007-5240

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. Vulnerabilidad de truncamiento visual en Java Runtime Environment en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 hasta la 12 y anteriores, SDK y JRE 1.4.2_15 y anteriores, y SDK y JRE 1.3.1_20 y anteriores permite a atacantes remotos evitar la muestra del mensaje de advertencia de código no permitido con la creación de una ventana más grande que la ventana del sitio de trabajo. • http://dev2dev.bea.com/pub/advisory/272 http://download.novell.com/Download?buildid=q5exhSqeBjA~ http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/27206 http://secunia.com/advisories/27261 http://secunia.com/advisories/27693 http://secunia.com/advisories/27716 http://secunia.com/advisories/27804 http://secunia.com/advisories/28777 http://secunia.com •

CVSS: 4.0EPSS: 24%CPEs: 64EXPL: 0

CVE-2007-5232 – Security Vulnerability in Java Runtime Environment With Applet Caching

https://notcve.org/view.php?id=CVE-2007-5232

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 y anteriores, SDK y JRE 1.4.2_15 y earlier, y SDK y JRE 1.3.1_20 y anteriores, cuando applet caching está activo, permite a atacantes remotos violar el modelo de seguridad para conexiones de salida del applet a través de un ataque de recinvulación del DNS. • http://conference.hitb.org/hitbsecconf2007kl/?page_id=148 http://conference.hitb.org/hitbsecconf2007kl/materials/D2T1%20-%20Billy%20Rios%20-%20Slipping%20Past%20the%20Firewall.pdf http://dev2dev.bea.com/pub/advisory/272 http://docs.info.apple.com/article.html?artnum=307177 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html htt •

CVSS: 9.3EPSS: 15%CPEs: 3EXPL: 1

CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation

https://notcve.org/view.php?id=CVE-2007-4381

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos privilegios por si mismo. • https://www.exploit-db.com/exploits/30502 http://dev2dev.bea.com/pub/advisory/248 http://docs.info.apple.com/article.html?artnum=307177 http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/26402 http://secunia.com/advisories/26631 http://secunia.com/advisories/26933 http://secunia.com/advisories/27203 http://secunia.com/advisories/27716 http://secunia. •