14 matches found
CVE-2009-1102
Technical details about CVE-2009-1102 are not provided in the connected documents. Please monitor for updates from vendors and security advisories.
CVE-2009-1104
The CVE-2009-1104 issue affects the Java Plug-in in JDK/JRE, specifically versions 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier. The root cause is that the Java Plug-in does not prevent Javascript loaded from localhost from connecting to other ports on the system v...
CVE-2009-1103
The CVE-2009-1103 entry concerns the Java Plug-in in JDK/JRE (versions listed in the description) with an issue linked to deserializing applets (CR 6646860). Affected products include Java Plug-in for Java SE 5.0u17 and earlier, 6u12 and earlier, 1.4.2_19 and earlier, and 1.3.1_24 and earlier. Th...
CVE-2009-1107
CVE-2009-1107 involves the Java Plug-in in JDK/JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier. The vulnerability, tied to a Swing JLabel HTML parsing issue (CR 6782871), lets remote attackers trick a user into trusting a signed applet by misrepresenting the security warning dialog. Th...
CVE-2009-1105
CVE-2009-1105 affects the Java Plug-in in JDK/JRE 6 Update 12, 11, and 10. The issue allows a user‑assisted remote attacker to cause a trusted applet to execute in an older JRE version, enabling exploitation of vulnerabilities present in that older runtime. The description from SUSE corroborates ...
CVE-2010-0887
CVE-2010-0887 affects Oracle Java SE/Java for Business JDK/JRE 6 Update 18–19, targeting the New Java Plug-in. The vulnerability allows a remote attacker to affect confidentiality, integrity, and availability via unknown vectors. An active mitigation is upgrading to Java 6 update 20 (1.6.0_20) fo...
CVE-2003-1134
CVE-2003-1134 affects Sun Java 1.3.1, 1.4.1, and 1.4.2. The issue is a local denial-of-service (JVM crash) potentially triggered by calling the ClassDepth function with a null parameter, which leads to a crash rather than a null pointer exception. The available connected sources confirm the same ...
CVE-1999-0142
The CVE-1999-0142 issue concerns the Java Applet Security Manager in Netscape Navigator 2.0 and Java Developer’s Kit 1.0, where an applet could connect to arbitrary hosts due to how the security manager operates. Affected software/components are the Java Applet Security Manager implementation wit...
CVE-1999-0440
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2005-2529
CVE-2005-2529 affects Apple Mac OS X Java 1.4.2 before 1.4.2 Release 2. The flaw is a local privilege escalation via the updater utility used for Java shared archives. The description does not specify the exact attack vectors or exploited components beyond this updater mechanism. Connected source...
CVE-2005-2530
CVE-2005-2530 is an unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X that allows an untrusted applet to gain privileges via Mac OS X specific extensions. Affected component: Java for Mac OS X 1.3.1 (and possibly 1.4.2 per Nessus plugin reference). Impact: elevated privile...
CVE-2005-2527
CVE-2005-2527 affects Java 1.4.2 on Mac OS X prior to Release 2. The issue is a race condition in the handling of a temporary directory, possibly due to a symlink attack, that allows local users to corrupt files or create arbitrary files. The vulnerability is local (attack vector: local user) and...
CVE-2008-3440
CVE-2008-3440 affects Sun Java 1.6.0_03 and earlier (potentially later versions) where updater authenticity is not properly verified, enabling a man-in-the-middle attacker to run arbitrary code via a Trojan horse update (as demonstrated by evilgrade and DNS cache poisoning). The connected sources...
CVE-2005-2738
The CVE-2005-2738 entry concerns Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X, where multiple programs can open the same port via a Java ServerSocket. The underlying issue is that the runtime does not prevent port-sharing, allowing a local user to have a Java program intercept data intende...