Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
1.43%
Published
2008-12-17
Updated
2017-08-08
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.
Max CVSS
9.3
EPSS Score
20.94%
Published
2008-12-05
Updated
2019-10-09
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
Max CVSS
9.3
EPSS Score
22.38%
Published
2008-12-05
Updated
2017-09-29
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
18.31%
Published
2008-12-05
Updated
2019-10-09
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
Max CVSS
9.3
EPSS Score
43.17%
Published
2008-12-05
Updated
2017-09-29
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
Max CVSS
9.3
EPSS Score
42.19%
Published
2008-12-05
Updated
2017-09-29
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
95.12%
Published
2008-12-05
Updated
2017-09-29

CVE-2008-4556

Public exploit
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
Max CVSS
10.0
EPSS Score
80.92%
Published
2008-10-14
Updated
2018-10-11
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
Max CVSS
10.0
EPSS Score
9.29%
Published
2008-10-13
Updated
2017-08-08
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
Max CVSS
10.0
EPSS Score
67.51%
Published
2008-07-09
Updated
2018-10-30
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
Max CVSS
10.0
EPSS Score
1.10%
Published
2008-07-09
Updated
2019-07-31
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-06-16
Updated
2018-10-30
Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.
Max CVSS
10.0
EPSS Score
9.27%
Published
2008-06-04
Updated
2017-08-08
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
Max CVSS
9.3
EPSS Score
56.35%
Published
2008-03-06
Updated
2019-07-31
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
Max CVSS
9.3
EPSS Score
10.31%
Published
2008-08-08
Updated
2018-10-30
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
Max CVSS
9.3
EPSS Score
35.61%
Published
2008-08-08
Updated
2018-10-30
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
Max CVSS
7.5
EPSS Score
45.88%
Published
2008-01-18
Updated
2018-10-15
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!