Page 93 of 522 results (0.005 seconds)

CVSS: 9.3EPSS: 38%CPEs: 38EXPL: 0

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues." Múltiples desbordamientos de búfer en la función useEncodingDecl en Java Web Start en JDK y JRE de Sun versión 6 Update 4 y anteriores, y versión 5.0 Update 14 y anteriores, permiten a los atacantes remotos ejecutar código arbitrario por medio de un archivo JNLP con (1) un nombre de clave largo en el encabezado xml o (2) un valor de juego de caracteres largo, problemas diferentes del CVE-2008-1189, también se conoce como "The first two issues". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the useEncodingDecl() function used while parsing the xml header character encoding attribute. When a user downloads a malicious JNLP file, the charset value is read into a static buffer. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 23%CPEs: 72EXPL: 0

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. El desbordamiento de búfer en Java Web Start en JDK y JRE versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, de Sun, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores desconocidos, un problema diferente del CVE-2008-1188, también se conoce como el problema "third". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 0%CPEs: 72EXPL: 0

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. Una vulnerabilidad no especificada en Java Web Start en Sun JDK y JRE versión 6 Update 4 y versiones anteriores, versión 5.0 Update 14 y versiones anteriores, y SDK/JRE versión 1.4.2_16 y versiones anteriores, permite a atacantes remotos alcanzar privilegios por medio de una aplicación que no es de confianza, un problema diferente de CVE-2008-1191, también se conoce como el problema "fourth". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/29897 http://secunia.com/advisories/30676 http://s • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 2%CPEs: 2EXPL: 0

Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." Una vulnerabilidad no especificada en Java Web Start en Sun JDK y JRE versión 6 Update 4 y anteriores, permite a atacantes remotos crear archivos arbitrarios por medio de una aplicación no confiable, un problema diferente de CVE-2008-1190, también se conoce como "The fifth issue". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29582 http://secunia.com/advisories/29858 http://secunia.com/advisories/30676 http://secunia.com/advisories/30780 http://secunia.com/advisories/32018 http://security.gentoo.org/glsa/glsa-200804-28.xml http://sunsolve.sun.com/sear •

CVSS: 6.8EPSS: 0%CPEs: 116EXPL: 0

Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. Una vulnerabilidad no especificada en el Plug-in de Java para Sun JDK y JRE versión 6 Update 4 y anteriores, y versión 5.0 Update 14 y anteriores; y SDK y JRE versión 1.4.2_16 y anteriores, y versión 1.3.1_21 y anteriores; permite a atacantes remotos omitir la política del mismo origen y "execute local applications" por medio de vectores desconocidos. • http://dev2dev.bea.com/pub/advisory/277 http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html http://secunia.com/advisories/29239 http://secunia.com/advisories/29273 http://secunia.com/advisories/29498 http://secunia.com/advisories/29582 http://secunia.com/advisories/29841 http://secunia.com/advisories/29858 http: • CWE-254: 7PK - Security Features •