Cross site scripting

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.219 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted...

CVE-2009-1103

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors...

CVE-2009-1098

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

CVE-2009-1105

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490...

CVE-2009-1100

Multiple unspecified vulnerabilities in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service disk consumption via vectors related to temporary font files and 1 "limits on Font...

CVE-2009-1095

CVE-2009-1095 : Integer overflow in unpack200 within Java SE/JRE up to JDK/JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier. This vulnerability enables a remote attacker to gain access to files or execute arbitrary code by delivering a crafted Pack200 header inside a JAR. The provided d...

CVE-2009-1097

Technical details for CVE-2009-1097 are not publicly provided in the supplied documents. The initial entry mentions buffer overflows in JDK/JRE 6 Update 12 and earlier but no concrete remediation or impact details are given here. Monitor for updates.

CVE-2009-1107

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing...

CVE-2009-1099

Integer signedness error in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and...

CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

CVE-2009-1101

Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allows remote attackers to cause a denial of service probably resource consumption for a JAX-WS service endpoint via a connection without...

CVE-2009-1098

CVE-2009-1098 is a buffer overflow in Oracle Java SE/JRE components that can allow remote code execution via a crafted GIF image. Affected are JDK/JRE 5.0 Update 17 and earlier, 6 Update 12 and earlier, 1.4.2_19 and earlier, and 1.3.1_24 and earlier. The vulnerability enables an attacker to acces...

Java WebStart privilege escalation

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...

Critical: Red Hat Security Advisory: java-1.6.0-ibm security update

Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM® 1.6.0 Java™ release...

CVE-2009-1097

Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...

CVE-2009-1094

Unspecified vulnerability in the LDAP implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier allows remote LDAP servers to execute arbitrary code via unknown vector...

CVE-2009-1098

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

CVE-2009-1095

Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...

CVE-2009-1100

Multiple unspecified vulnerabilities in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service disk consumption via vectors related to temporary font files and 1 "limits on Font...

IBM-Sun deal could alter identity management landscape

The rumored acquisition of Sun Microsystems by IBM could have far-reaching consequences for the identity-management market. Both companies have long histories in the IAM market, but have taken different paths over the years, with Sun focusing on open-source development and IBM sticking with the...