7 matches found
CVE-2005-1974
CVE-2005-1974 corresponds to an unspecified vulnerability in Java 2 Platform (J2SE) 5.0/5.0u1 and 1.4.2 up to 1.4.2_07, affecting multiple platforms including HP-UX and APC PowerChute, where an application can assign permissions to itself and escalate privileges. Connected sources tag this as a J...
CVE-2006-6745
CVE-2006-6745 describes serialization-related flaws in Sun JDK/JRE 5.0 Update 7 and earlier, and Java SDK/JRE 1.4.2_12 and earlier 1.4.x, that could allow an untrusted Java applet or application to gain privileges. The connected advisories confirm these issues affect multiple IBM Java runtimes as...
CVE-2005-0836
CVE-2005-0836 describes an argument injection in Sun Java Web Start/J2SE (Java Web Start for J2SE 1.4.2 up to 1.4.2_06) where the value parameter in a JNLP file’s property tag can be exploited to grant privileges to untrusted applications. This can bypass Java security restrictions and may lead t...
CVE-2005-1973
CVE-2005-1973 affects Java Web Start in J2SE 5.0 and 5.0 Update 1, where applications can assign permissions to themselves and gain privileges. The connected documents corroborate this vulnerability and its privilege-escalation risk, but do not provide a patch version or explicit remediation steps.
CVE-2005-0418
CVE-2005-0418 is an argument-injection vulnerability in Java Web Start for J2SE 1.4.2 (up to 1.4.2_06) on Mac OS X. The flaw allows an untrusted JNLP file to inject values via a property tag, enabling privilege escalation. Connected entries also reference CVE-2005-0836, which describes a related ...
CVE-2006-4302
CVE-2006-4302 affects the Java Plug-in J2SE 1.3.0_02–5.0 Update 5, and Java Web Start 1.0–1.2 and J2SE 1.4.2–5.0 Update 5. Remote attackers could exploit vulnerabilities by specifying a JRE version that contains vulnerable components. The available documents do not provide concrete exploit detail...
CVE-2006-0613
CVE-2006-0613 affects Java Web Start in J2SE 5.0 Update 5 and earlier. The vulnerability, with an unspecified root cause, could allow a remote attacker to obtain privileges via untrusted Java Web Start applications. The issue was addressed by upgrading to Java SE 5.0 Update 6 or later (or disabli...