CVSS: 7.1EPSS: 0%CPEs: 120EXPL: 0CVE-2008-5346 – JRE allows unauthorized memory read access via a crafted ZIP file
https://notcve.org/view.php?id=CVE-2008-5346
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a applets y aplicaciones no confiables leer zonas de memoria de su elección utilizando un fichero ZIP modificado. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://osvdb.org/50507 http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://secunia.com/advisories/33015 http://secunia.com/advisories/33710 http://secunia.com/advisories/34605 http://secunia.com/advisories/34889 http:/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 23%CPEs: 128EXPL: 0CVE-2008-5357 – OpenJDK Truetype Font processing vulnerability (6751322)
https://notcve.org/view.php?id=CVE-2008-5357
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. Desbordamiento de entero en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero de fuentes TrueType manipulado, provocando un desbordamiento de búfer basado en pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=760 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/5051 • CWE-189: Numeric Errors •
CVSS: 6.4EPSS: 0%CPEs: 127EXPL: 0CVE-2008-5360 – OpenJDK temporary files have guessable file names (6721753)
https://notcve.org/view.php?id=CVE-2008-5360
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. Java Runtime Environment (JRE) para Sun JDK y JRE 6 Update 10 y versiones anteriores; JDK y JRE 5.0 Update 16 y versiones anteriores; SDK y JRE 1.4.2_18 y versiones anteriores y SDK y JRE 1.3.1_23 y versiones anteriores crea archivos temporales con nombres de archivo predecibles, lo que podría permitir a atacantes escribir archivos JAR maliciosos a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 •
CVSS: 9.3EPSS: 26%CPEs: 128EXPL: 0CVE-2008-5359 – Sun Java AWT Library Sandbox Violation Vulnerability
https://notcve.org/view.php?id=CVE-2008-5359
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. Desbordamiento de búfer en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos relacionados con el "código de procesamiento de imágenes". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 3%CPEs: 102EXPL: 0CVE-2008-3104 – Java RE allows Same Origin Policy to be Bypassed (6687932)
https://notcve.org/view.php?id=CVE-2008-3104
Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. Múltiples vulnerabilidades sin especificar en Sun Java Runtime Environment (JRE) en JDK y JRE 6 antes de Update 7, JDK y JRE 5.0 antes de Update 16, SDK y JRE 1.4.x antes de 1.4.2_18, y SDK y JRE 1.3.x antes de 1.3.1_23 permiten a atacantes remotos violar el modelo de seguridad para conexiones de salida de un applet conectándose a servicios del localhost que se están ejecutando en la máquina que cargó el applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-264: Permissions, Privileges, and Access Controls •