| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. |
| Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. |
| The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". |
| Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. |
| Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. |
| Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. |
| The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file. |
| bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts. |
| Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, and CVE-2009-0889. |
| Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. |
| packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB). |
| wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion. |
| The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an erroneous tvb_memcpy call. |
| packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling the (1) PRP or (2) MATE post dissector. |
| Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that trigger an exception. |
