17 matches found
SUSE CVE-2008-5350
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors...
GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200911-02 Sun JDK/JRE: Multiple vulnerabilities Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A...
openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-6313)
The Sun JDK/JRE 5 was updated to Update 19 fixing various bugs and security issues. An exact list of changes published by Sun can be found on http://java.sun.com/j2se/1.5.0/ReleaseNotes.html %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1017)
The Sun JDK/JRE 5 was updated to Update 19 fixing various bugs and security issues. An exact list of changes published by Sun can be found on http://java.sun.com/j2se/1.5.0/ReleaseNotes.html %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the 1 JAX-WS and 2 JAXB packages...
CVE-2008-5360
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
Java-API calls in untrusted Javascript allow network privilege escalation
Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...
java-1.5.0 Privilege escalation via unstrusted applet and application
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants...
GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200804-20 Sun JDK/JRE: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched ...
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit
Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...
Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue...
CVE-2007-4381
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...
CVE-2007-3716
The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715...
GLSA-200705-23 : Sun JDK/JRE: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200705-23 Sun JDK/JRE: Multiple vulnerabilities An unspecified vulnerability involving an 'incorrect use of system classes' was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reporte...
GLSA-200702-07 : Sun JDK/JRE: Execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200702-07 Sun JDK/JRE: Execution of arbitrary code A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact : An attacker could entice a...
GLSA-200602-07 : Sun JDK/JRE: Applet privilege escalation
The remote host is affected by the vulnerability described in GLSA-200602-07 Sun JDK/JRE: Applet privilege escalation Applets executed using JRE or JDK can use 'reflection' APIs functions to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak discovered five vulnerabilities that...