CVSS: 9.1EPSS: 5%CPEs: 144EXPL: 0CVE-2008-5345 – JRE allows unauthorized file access and connections to localhost
https://notcve.org/view.php?id=CVE-2008-5345
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 7.5EPSS: 3%CPEs: 120EXPL: 0CVE-2008-5346 – JRE allows unauthorized memory read access via a crafted ZIP file
https://notcve.org/view.php?id=CVE-2008-5346
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a applets y aplicaciones no confiables leer zonas ... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 10%CPEs: 91EXPL: 0CVE-2008-5355
https://notcve.org/view.php?id=CVE-2008-5355
05 Dec 2008 — The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. La funcionalidad de actualización de Java en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v... • http://osvdb.org/50498 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 10%CPEs: 91EXPL: 0CVE-2008-5348 – OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://notcve.org/view.php?id=CVE-2008-5348
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores, cuando usa... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5350 – OpenJDK allows to list files within the user home directory (6484091)
https://notcve.org/view.php?id=CVE-2008-5350
05 Dec 2008 — Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a applets y aplicac... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 3%CPEs: 128EXPL: 0CVE-2008-5357 – OpenJDK Truetype Font processing vulnerability (6751322)
https://notcve.org/view.php?id=CVE-2008-5357
05 Dec 2008 — Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. Desbordamiento de entero en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y an... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 91%CPEs: 91EXPL: 4CVE-2008-5353 – Signed Applet Social Engineering - Code Execution
https://notcve.org/view.php?id=CVE-2008-5353
05 Dec 2008 — The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Upda... • https://www.exploit-db.com/exploits/16302 •
CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5344 – Java WebStart unprivileged local file and network access
https://notcve.org/view.php?id=CVE-2008-5344
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE 5.0 Update 16 y anteriores; y en SDK y J... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5342 – Java Web Start BasicService displays local files in the browser
https://notcve.org/view.php?id=CVE-2008-5342
05 Dec 2008 — Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. Vulnerabilidad no especificada en BasicService para Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 5%CPEs: 91EXPL: 0CVE-2008-5340 – Java WebStart privilege escalation
https://notcve.org/view.php?id=CVE-2008-5340
05 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •