2579 matches found
CVE-2008-3110
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet...
CVE-2008-3107
CVE-2008-3107 concerns Sun Java Runtime Environment (JRE/JDK) and affects: JRE/JDK 6 before Update 7; JDK/JRE 5.0 before Update 16; and J2SE 1.4.x before 1.4.2_18. Description: an untrusted (1) application or (2) applet could gain privileges via self-granted access, enabling read/write/execute of...
CVE-2008-3109
Technical details for CVE-2008-3109 are not provided in the supplied connected documents. Monitor for updates.
CVE-2008-3105
Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...
Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...
Fujitsu Java Runtime Environment reflection API vulnerability
Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Overview The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations. The Sun Microsystems Java Runtime Environment JRE contains a vulnerability that could allow a remote attacker to elevate its...
Untrusted applet and application XSLT processing privilege escalation
Unspecified vulnerability in Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to cause a denial of service JRE crash and possibly execute arbitrary code via unknown vectors related to XSLT transform...
JRE image parsing library allows privilege escalation (CVE-2008-1194)
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application...
Untrusted applet and application XSLT processing privilege escalation
Unspecified vulnerability in Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to cause a denial of service JRE crash and possibly execute arbitrary code via unknown vectors related to XSLT transform...
JRE image parsing library allows privilege escalation (CVE-2008-1194)
Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service crash via unknown vectors...
SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)
IBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself...
Buffer overflow security vulnerabilities in Java Web Start
Stack-based buffer overflow in Java Web Start javaws.exe in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file...
java-1.5.0 Privilege escalation via unstrusted applet and application
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...
Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue...
JRE image parsing library allows privilege escalation (CVE-2008-1194)
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application...
Critical: Red Hat Security Advisory: java-1.5.0-ibm security update
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...
Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue...
Java socket connection to any local port via LiveConnect — Mozilla
Security researcher Gregory Fleischer demonstrated that web content fetched via the jar: protocol can use Java via LiveConnect to open socket connections to arbitrary ports on the user's machine "localhost". The issue is caused by improper parsing of the content origin passed from the browser to...
java: Vulnerability in the font parsing code
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...