Page 87 of 454 results (0.016 seconds)

CVSS: 7.5EPSS: 1%CPEs: 91EXPL: 0

Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores acepta códigos UTF-8 que no están en la forma "corta", facilitando a los atacantes la evasión de los mecanismos de protección de otras aplicaciones que confían en la codificación UTF-8 en forma corta. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50502 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rh • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.1EPSS: 7%CPEs: 40EXPL: 0

Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante una clave pública RSA modificada. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://osvdb.org/50504 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://sec •

CVSS: 9.3EPSS: 94%CPEs: 40EXPL: 0

Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. Desbordamiento de entero en la utilidad de desempaquetado JAR (unpack200) en la biblioteca de desempaquetar (unpack.dll) en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores, y en JDK y JRE v5.0 Update 16 y anteriores, permite a applets y aplicaciones no confiables obtener privilegios mediante un fichero JAR comprimido con Pack200 provocando un desbordamiento de búfer basado en pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=759 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://osvdb.org/50501 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://secunia.com/advisories/33015 http://secunia.com/advisories/33528 http://secunia.com/advisories/3370 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 42%CPEs: 91EXPL: 0

Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. Desbordamiento de búfer basado en pila en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite a aplicaciones Java no confiables ejecutadas en local y posiblemente en remoto ejecutar código de su elección mediante un fichero JAR con una entrada larga en el manifiesto de Main-Class. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 3%CPEs: 91EXPL: 0

Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite que código oculto realice conexiones de red no autorizadas y secuestrar sesiones HTTP que utilicen cookies almacenadas en el navegador mediante vectores desconocidos. • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50512 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rh •