Search Results (Refine Search)
- CPE Product Version: cpe:/a:sun:sdk:1.4.2_16
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3108 |
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. Published: July 09, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3111 |
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220. Published: July 09, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3112 |
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. Published: July 09, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3113 |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. Published: July 09, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-3114 |
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. Published: July 09, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1185 |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1186 |
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1187 |
Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1189 |
Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1190 |
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1192 |
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1195 |
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1196 |
Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. Published: March 06, 2008; 4:44:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-2435 |
Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. Published: May 02, 2007; 6:19:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |