Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:sun:jre:1.3.1_26:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 190 matching records.
Displaying matches 181 through 190.
Vuln ID Summary CVSS Severity
CVE-2007-5237

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."

Published: October 05, 2007; 8:17:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-4381

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.

Published: August 17, 2007; 5:17:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

Published: July 20, 2007; 8:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3716

The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715.

Published: July 11, 2007; 7:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3504

Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.

Published: June 29, 2007; 9:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2435

Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

Published: May 02, 2007; 6:19:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-6009

Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.

Published: November 21, 2006; 6:07:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0616

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."

Published: February 08, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-0617

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."

Published: February 08, 2006; 9:02:00 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2003-0896

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.

Published: November 17, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH