CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4328 matches found

RedHat Linux•added 2009/08/06 9:14 p.m.•1 views

Java Web Start Buffer JPEG processing integer overflow (6823373)

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a...

7.5CVSS6.6AI score0.0398EPSS

Exploits0References4

RedHat Linux•added 2009/08/06 9:14 p.m.•4 views

xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass

The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...

5CVSS7.3AI score0.0222EPSS

Exploits0References4

RedHat Linux•added 2009/08/06 9:14 p.m.•4 views

OpenJDK proxy mechanism allows non-authorized socket connections (6801497)

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lack...

7.5CVSS6.2AI score0.14277EPSS

Exploits0References4

RedHat Linux•added 2009/08/06 8:41 p.m.•3 views

Java Web Start Buffer unpack200 processing integer overflow (6830335)

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...

10CVSS6.2AI score0.06835EPSS

Exploits0References4

RedHat Linux•added 2009/08/06 8:41 p.m.•2 views

OpenJDK Proxy mechanism information leaks (6801071)

The SOCKS proxy implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted 1 applet or 2 Java Web Start application via unspecified vectors...

5CVSS6.2AI score0.11181EPSS

Exploits0References4

Prion•added 2009/08/06 3:30 p.m.•22 views

Input validation

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.6AI score0.01044EPSS

Exploits2References63Affected Software9

NVD•added 2009/08/06 3:30 p.m.•19 views

CVE-2009-2625

5CVSS6.6AI score0.01044EPSS

Exploits2References63

OSV•added 2009/08/06 3:30 p.m.•2 views

DEBIAN-CVE-2009-2625

5CVSS6.2AI score0.01044EPSS

Exploits2References1

CVE•added 2009/08/06 3:0 p.m.•221 views

CVE-2009-2625

CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...

5CVSS6.1AI score0.01044EPSS

Exploits2References63Affected Software1

UbuntuCve•added 2009/08/06 12:0 a.m.•34 views

CVE-2009-2625

5CVSS6.8AI score0.01044EPSS

Exploits2References6

seebug.org•added 2009/08/06 12:0 a.m.•18 views

Sun Java Runtime Environment JPEG图像处理整数溢出漏洞

Bugraq ID: 35942 Sun Java Runtime Environment是一款为JAVA应用程序提供可靠的运行环境的解决方案。 Sun Java Runtime Environment负责处理装载WebStart应用程序的定制JPEG的代码存在缺陷，远程攻击者可以利用漏洞以登录用户安全上下文执行任意指令。当处理splash screen时，Javaws.exe错误计算大小并用于之后的缓冲区分配，在之后的解压缩过程中，Java Web Start会写数据到错误分配的缓冲区中，导致基于堆的缓冲区溢出，并以当前用户安全上下文执行任意指令。 Sun JRE 6.0 Updat...

6.9AI score

Exploits0

NVD•added 2009/08/05 7:30 p.m.•18 views

CVE-2009-2670

The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted applets and 2 Java Web Start applications, which allows context-dependent attackers to obtain sensiti...

5CVSS7.3AI score0.03648EPSS

Exploits1References36

NVD•added 2009/08/05 7:30 p.m.•19 views

CVE-2009-2673

7.5CVSS7.5AI score0.14277EPSS

Exploits0References36

Prion•added 2009/08/05 7:30 p.m.•20 views

Information disclosure

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

7.5CVSS6.6AI score0.17519EPSS

Exploits0References31Affected Software2

Prion•added 2009/08/05 7:30 p.m.•20 views

Design/Logic Flaw

7.5CVSS6.8AI score0.14277EPSS

Exploits0References36Affected Software2

Prion•added 2009/08/05 7:30 p.m.•22 views

Information disclosure

5CVSS6AI score0.03648EPSS

Exploits1References36Affected Software2

Prion•added 2009/08/05 7:30 p.m.•20 views

Integer overflow