CVSS: 10.0EPSS: 8%CPEs: 64EXPL: 0CVE-2007-5689 – java-jre: Applet Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5689
29 Oct 2007 — The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. La Máquina Virtual de java (JVM) de Sun Java Runtime Environment (JRE) de SDK y JRE 1.3.x hasta 1.3.1_20 y 1.4.x hasta 1.4.2_15, y JDK y JRE 5.x hata 5.0 Update 12 y 6.... • http://dev2dev.bea.com/pub/advisory/272 •
CVSS: 7.5EPSS: 4%CPEs: 69EXPL: 0CVE-2007-5274 – Anti-DNS Pinning and Java Applets with Opera and Firefox
https://notcve.org/view.php?id=CVE-2007-5274
08 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution ... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 9.8EPSS: 20%CPEs: 3EXPL: 1CVE-2007-4381 – Sun Java Runtime Environment 1.4.2 - Font Parsing Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-4381
17 Aug 2007 — Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Vulnerabilidad no especificada en la implementación del parche fuente en Sun JDK and JRE 5.0 Update 9 y anteriores, y SDK y JRE 1.4.2_14 y anteriores, permite a atacantes remotos llevar a cabo acciones no autorizadas a través de un applet que gana ciertos ... • https://www.exploit-db.com/exploits/30502 •
CVSS: 9.1EPSS: 3%CPEs: 5EXPL: 0CVE-2007-3922 – Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
https://notcve.org/view.php?id=CVE-2007-3922
21 Jul 2007 — Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. Vulnerabilidad no especificada en Java Runtime Environment (JRE) Applet Class Loader en Sun JDK y JRE 5.0 Update 11 y versiones anteriores ,... • http://dev2dev.bea.com/pub/advisory/248 •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2007-3504
https://notcve.org/view.php?id=CVE-2007-3504
30 Jun 2007 — Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. Una vulnerabilidad de salto de directorio en PersistenceService en Sun Java Web Start en JDK y JRE versión... • http://docs.info.apple.com/article.html?artnum=307177 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 3%CPEs: 4EXPL: 0CVE-2007-2435 – javaws vulnerabilities
https://notcve.org/view.php?id=CVE-2007-2435
02 May 2007 — Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Sun Java Web Start en JDK y JRE 5.0 hasta 10 y anteriores, y Java Web Start en SDK y JRE 1.4.2_13 y anteriores, permite a atacantes remotos realizar acciones no autorizadas a través de una apli... • http://dev2dev.bea.com/pub/advisory/241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 2%CPEs: 11EXPL: 0CVE-2002-0058
https://notcve.org/view.php?id=CVE-2002-0058
07 Mar 2002 — Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. Esta vulnerabilidad en el "Java Runtime Enviroment" (entorno de e... • http://marc.info/?l=bugtraq&m=101534535304228&w=2 •
CVSS: 9.1EPSS: 0%CPEs: 24EXPL: 1CVE-2001-1480
https://notcve.org/view.php?id=CVE-2001-1480
31 Dec 2001 — Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. • http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00120.html •