OpenJDK: LogManager security bypass (Libraries, 7169884)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different...

OpenJDK: XMLDecoder sandbox restriction bypass (Beans, 7195917)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans...

OpenJDK: uninitialized Array JVM memory disclosure (Hotspot, 7198606)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot...

OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than...

OpenJDK: AWT hardening fixes (AWT, 7163201)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate...

OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors...

JDK: unspecified vulnerability fixed in 6u26 (Deployment)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...

OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D...

JDK: unspecified vulnerability fixed in 6u26 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

JDK: unspecified vulnerabilities fixed in 6u26 (Sound)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different...

OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ...

OpenJDK JPEG Image Writer quantization problem (6862968)

The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968...

JDK DoS with crafted .jnlp file

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException via a crafted .jnlp file, as demonstrated by the jnlpfile/appletDesc/index.htmlmisc test in the Technology Compatibility Kit TCK for the Java...

JDK DoS with Swing Synthcontext implementation

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException in the Jemmy library via unknown vectors...