Page 78 of 430 results (0.007 seconds)

CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0

CVE-2008-1191 – Untrusted Java Web Start arbitrary file creation

https://notcve.org/view.php?id=CVE-2008-1191

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." Una vulnerabilidad no especificada en Java Web Start en Sun JDK y JRE versión 6 Update 4 y anteriores, permite a atacantes remotos crear archivos arbitrarios por medio de una aplicación no confiable, un problema diferente de CVE-2008-1190, también se conoce como "The fifth issue". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://secunia.com/advisories/32018 http://security.gentoo.org/glsa/glsa-200804-28.xml http://sunsolve.sun.com/sear •

CVSS: 6.8EPSS: 12%CPEs: 72EXPL: 0

CVE-2008-1196 – Buffer overflow security vulnerabilities in Java Web Start

https://notcve.org/view.php?id=CVE-2008-1196

Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. Desbordamiento de búfer basado en pila en Java Web Start (javaws.exe) en Sun JDK y JRE 6 Actualización 4 y anteriores y 5.0 Actualización 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un archivo JNLP manipulado. • http://download.novell.com/Download?buildid=q5exhSqeBjA~ http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 1%CPEs: 72EXPL: 0

CVE-2008-1185 – Untrusted applet and application privilege escalation (CVE-2008-1186)

https://notcve.org/view.php?id=CVE-2008-1185

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." Una vulnerabilidad no especificada en la Máquina Virtual para Sun Java Runtime Environment (JRE) y JDK versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, permite a atacantes remotos alcanzar privilegios por medio de una aplicación o applet no confiable, un problema diferente de CVE-2008-1186, también se conoce como "the first issue." • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://secunia.com/advisories/32018 http://security.gentoo.org/glsa/glsa-200804-28.xml http://securitytracker.com/id • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0

CVE-2008-0657 – java-1.5.0 Privilege escalation via unstrusted applet and application

https://notcve.org/view.php?id=CVE-2008-0657

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Múltiples vulnerabilidades no especificadas en el Java Runtime Environment en Sun JDK y JRE 6 Update 1 y versiones anteriores y 5.0 Update 13 y versiones anteriores, permite a atacantes según contexto conseguir privilegios a través de (1) aplicación o (2) applet no confiables, como se demostró por una aplicación o applet que garantiza de por sí privilegios de (a) lectura en archivos locales (b) escritura en archivos locales, o (c) ejecución de programas locales. • http://dev2dev.bea.com/pub/advisory/277 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/28795 http://secunia.com/advisories/28888 http://secunia.com/advisories/29214 http://secunia.com/advisories/29498 http://secunia.com/advisories/29841 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://secunia.com/advisories/31497 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-0628 – java-1.6.0 default external entity processing

https://notcve.org/view.php?id=CVE-2008-0628

The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. El código de análisis sintáctico de XML en Sun Java Runtime Environment JDK y JRE 6 actualización 3 y anteriores. Procesa referencias a entidades externas incluso cuando la propiedad "external general entities (entidades generales externas)" es falsa, lo que permite a atacantes remotos llevar a cabo ataques de entidades externas XML (XXE) y provocar una denegación de servicio o acceso restringido a recursos. • http://dev2dev.bea.com/pub/advisory/277 http://scary.beasts.org/security/CESA-2007-002.html http://secunia.com/advisories/28746 http://secunia.com/advisories/29841 http://secunia.com/advisories/29858 http://secunia.com/advisories/30780 http://security.gentoo.org/glsa/glsa-200804-28.xml http://securityreason.com/securityalert/3621 http://sunsolve.sun.com/search/document.do?assetkey=1-66-231246-1 http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml http://www. • CWE-264: Permissions, Privileges, and Access Controls •