OpenJDK Jar200 Decompression buffer overflow (6755943)

Integer overflow in the JAR unpacking utility unpack200 in the unpack library unpack.dll in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JA...

OpenJDK Jar200 Decompression buffer overflow (6755943)

Integer overflow in the JAR unpacking utility unpack200 in the unpack library unpack.dll in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JA...

OpenJDK Denial-Of-Service in kerberos authentication (6588160)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service OS resource consumption via...

OpenJDK allows to list files within the user home directory (6484091)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors...

OpenJDK Buffer overflow in image processing (6726779)

Buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the...

Java WebStart allows hidden code privilege escalation

Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF an...

Java WebStart privilege escalation

Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...

OpenJDK RSA public key length denial-of-service (6497740)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service CPU consumption via a crafted RSA public key...

OpenJDK temporary files have guessable file names (6721753)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

OpenJDK applet privilege escalation via JAX package access (6592792)

Multiple unspecified vulnerabilities in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the 1 JAX-WS and 2 JAXB packages...

JRE allows unauthorized file access and connections to localhost

Unspecified vulnerability in Java Runtime Environment JRE with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make...

Critical: Red Hat Security Advisory: java-1.6.0-sun security update

Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Java RE allows Same Origin Policy to be Bypassed (6687932)

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

OpenJDK JAX-WS unauthorized URL access (6542088)

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...

Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

security flaw

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

CVE-2008-4410

The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where writeldtentry was intended, which allows local users to cause a denial of service persistent application failure via crafted function calls, relat...

CVE-2008-4410

The vmiwriteldtentry function in arch/x86/kernel/vmi32.c in the Virtual Machine Interface VMI in the Linux kernel 2.6.26.5 invokes writeidtentry where writeldtentry was intended, which allows local users to cause a denial of service persistent application failure via crafted function calls, relat...