43 matches found
Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution
Binary data 6711.prm...
java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
The launch method in the Deployment Toolkit plugin in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752...
Sun Java SE Multiple Vulnerabilities - Nov09 (Windows)
This host is installed with Sun Java SE and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodsunjavasemultvulnnov09win.nasl 7699 2017-11-08 12:10:34Z santu $ Sun Java SE Multiple Vulnerabilities - Nov09 Windows Authors: Nikita MR Copyright: Copyright c 2009 SecPod,...
Sun Java JRE Remote Code Execution Vulnerability (Linux)
This host is installed with Sun Java JRE and is prone to Remote Code Execution Vulnerability. OpenVAS Vulnerability Test $Id: gbsunjavajrecodeexevulnlin.nasl 7699 2017-11-08 12:10:34Z santu $ Sun Java JRE Remote Code Execution Vulnerability Linux Authors: Nikita MR Copyright: Copyright c 2009...
Sun Java JRE < 6 Update 17 RCE Vulnerability - Windows
Sun Java JRE is prone to a remote code execution RCE vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Design/Logic Flaw
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo aka tz files, aka Bug Id 6824265...
CVE-2009-3886
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP 1 application or 2 applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531...
CVE-2009-3886
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP 1 application or 2 applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531...
CVE-2009-3881
CVE-2009-3881 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), and OpenJDK. The issue is that class loader hierarchy can allow children of a resurrected ClassLoader to exist, enabling a remote attacker to gain privileges via unspecified vectors (information leak vulner...
CVE-2009-3886
CVE-2009-3886 concerns the Java Web Start implementation in Sun Java SE 6 before Update 17, where the interaction between a signed JAR and a JNLP application or applet is not handled correctly. The entry notes a regression (Bug 6870531) as the underlying issue, but the provided documents do not s...
CVE-2009-3886
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP 1 application or 2 applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531...
CVE-2009-3866
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...
CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752...
Integer overflow
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file...
Code injection
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an...
CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752...
CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...
CVE-2009-3875
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
Sun Java JDK/JRE Multiple Vulnerabilities (Windows)
This host is installed with Sun Java JDK/JRE and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavajredosvulnwin.nasl 7699 2017-11-08 12:10:34Z santu $ Sun Java JDK/JRE Multiple Vulnerabilities Windows Authors: Sharath S Copyright: Copyright c 2009 Greenbone Networks...
Sun Java JDK/JRE Multiple Vulnerabilities (Apr 2009) - Windows
Sun Java JDK/JRE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...