CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2526 matches found

RedHat Linux•added 2008/04/03 4:19 p.m.•1 views

java-1.5.0 Privilege escalation via unstrusted applet and application

Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...

10CVSS5.9AI score0.02015EPSS

Exploits0References4

RedHat Linux•added 2008/04/03 4:19 p.m.•33 views

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...

10CVSS7.8AI score0.37381EPSS

Exploits2References8

RedHat Linux•added 2008/04/03 4:19 p.m.•1 views

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue...

9.3CVSS6.3AI score0.32968EPSS

Exploits1References4

RedHat Linux•added 2008/04/03 4:19 p.m.•1 views

JRE image parsing library allows privilege escalation (CVE-2008-1194)

Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application...

9.3CVSS5.9AI score0.37381EPSS

Exploits1References4

RedHat Linux•added 2008/04/03 4:19 p.m.•2 views

Buffer overflow security vulnerabilities in Java Web Start

Stack-based buffer overflow in Java Web Start javaws.exe in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file...

6.8CVSS6.4AI score0.32562EPSS

Exploits0References4

Mozilla•added 2008/03/25 12:0 a.m.•35 views

Java socket connection to any local port via LiveConnect — Mozilla

Security researcher Gregory Fleischer demonstrated that web content fetched via the jar: protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the user's machine "localhost". The issue is caused by improper parsing of the content origin passed from the browser to...

9.3CVSS2.6AI score0.14426EPSS

Exploits1References4Affected Software2

RedHat Linux•added 2008/03/11 2:9 p.m.•2 views

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

9.3CVSS5.9AI score0.18441EPSS

Exploits0References4

RedHat Linux•added 2008/03/06 10:11 p.m.•50 views

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

9.3CVSS7.8AI score0.37381EPSS

Exploits2References15

RedHat Linux•added 2008/03/06 10:11 p.m.•2 views

JRE image parsing library allows privilege escalation (CVE-2008-1194)

9.3CVSS5.9AI score0.37381EPSS

Exploits1References4

RedHat Linux•added 2008/03/06 10:11 p.m.•2 views

JRE image parsing library allows privilege escalation (CVE-2008-1194)

Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service crash via unknown vectors...

4.3CVSS5.9AI score0.27243EPSS

Exploits0References4

Prion•added 2008/03/06 9:44 p.m.•18 views

Code injection

Unspecified vulnerability in Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to cause a denial of service JRE crash and possibly execute arbitrary code via unknown vectors related to XSLT transform...

6.8CVSS7.7AI score0.21616EPSS

Exploits0References45Affected Software3

Prion•added 2008/03/06 9:44 p.m.•23 views

Design/Logic Flaw

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment JRE and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.216 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue....

9.3CVSS6.9AI score0.17994EPSS

Exploits0References24Affected Software3

NVD•added 2008/03/06 9:44 p.m.•24 views

CVE-2008-1187

6.8CVSS8.7AI score0.21616EPSS

Exploits0References45

NVD•added 2008/03/06 9:44 p.m.•16 views

CVE-2008-1185

Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186,...

9.3CVSS8.7AI score0.17994EPSS

Exploits0References24

NVD•added 2008/03/06 9:44 p.m.•17 views

CVE-2008-1195

Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...

9.3CVSS8.3AI score0.14426EPSS

Exploits0References45