CVE-2009-1006
https://notcve.org/view.php?id=CVE-2009-1006
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente JRockit de BEA Product Suite R27.6.2 y anteriores, con SDK/JRE v1.4.2, JRE/JDK v5 y JRE/JDK v6; permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html http://www.securityfocus.com/bid/34461 http://www.securitytracker.com/id?1022059 http://www.us-cert.gov/cas/techalerts/TA09-105A.html •
CVE-2008-5355
https://notcve.org/view.php?id=CVE-2008-5355
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. La funcionalidad de actualización de Java en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores no verifica la firma del JRE que descarga, permitiendo a atacantes remotos ejecutar código de su elección mediante ataques DNS de man-in-the-middle (hombre en medio). • http://osvdb.org/50498 http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= http://www.securitytracker.com/id?1021315 http://www.us-cert.gov/cas/techalerts/TA08-340A.html http://www.vupen.com/english/advisories/2008/3339 http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-0 • CWE-287: Improper Authentication •
CVE-2008-5348 – OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://notcve.org/view.php?id=CVE-2008-5348
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores, cuando usan la autenticación Kerberos, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos del sistema operativo) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50505 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rh •
CVE-2008-5358 – OpenJDK Buffer Overflow in GIF image processing (6766136)
https://notcve.org/view.php?id=CVE-2008-5358
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero GIF manipulado que provoca una corrupción de memoria durante la visualación de la imagen de bienvenida, posiblemente relacionado con la biblioteca "splashscreen.dll". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50515 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://secunia.com/advisories/32991 http://secunia.com/advisories/33015 http://secu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5342 – Java Web Start BasicService displays local files in the browser
https://notcve.org/view.php?id=CVE-2008-5342
Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. Vulnerabilidad no especificada en BasicService para Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite que aplicaciones descargadas no confiables puedan mostrar ficheros locales en el visualizador de usuario de la aplicación no confiable mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50514 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rh • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •