2636 matches found
CVE-2009-1099
Integer signedness error in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and...
CVE-2009-1097
Technical details for CVE-2009-1097 are not publicly provided in the supplied documents. The initial entry mentions buffer overflows in JDK/JRE 6 Update 12 and earlier but no concrete remediation or impact details are given here. Monitor for updates.
CVE-2009-1095
CVE-2009-1095 : Integer overflow in unpack200 within Java SE/JRE up to JDK/JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier. This vulnerability enables a remote attacker to gain access to files or execute arbitrary code by delivering a crafted Pack200 header inside a JAR. The provided d...
Critical: Red Hat Security Advisory: java-1.6.0-ibm security update
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM® 1.6.0 Java™ release...
Java WebStart privilege escalation
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...
CVE-2009-1095
Integer overflow in unpack200 in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers...
CVE-2009-1098
Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...
CVE-2009-1100
Multiple unspecified vulnerabilities in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service disk consumption via vectors related to temporary font files and 1 "limits on Font...
CVE-2009-1097
Multiple buffer overflows in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via 1 a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen,...
CVE-2009-1094
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.124 and earlier; and 1.4.219 and earlier allows remote LDAP servers to execute arbitrary code via unknown vector...
RedHat Security Advisory RHSA-2009:0015
The remote host is missing updates announced in advisory RHSA-2009:0015. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software...
OpenJDK Buffer overflow in image processing (6726779)
Buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the...
Critical: Red Hat Security Advisory: java-1.5.0-ibm security update
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...
OpenJDK Truetype Font processing vulnerability (6751322)
Integer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which...
JavaWebStart allows unauthorized network connections
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka...
Critical: Red Hat Security Advisory: java-1.6.0-ibm security update
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2...
OpenJDK temporary files have guessable file names (6721753)
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...
OpenJDK Denial-Of-Service in kerberos authentication (6588160)
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service OS resource consumption via...
JRE allows unauthorized memory read access via a crafted ZIP file
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...
Java WebStart privilege escalation
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...