Sun Java Enterprise System vulnerabilities

CVE-2007-2435 [CRITICAL] CWE-264 CVE-2007-2435: Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2 Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files.

CVE-2006-3127 [HIGH] CWE-399 CVE-2006-3127: Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 th Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.

CVE-2004-0826 [HIGH] CVE-2004-0826: Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attacke Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.