2579 matches found
CVE-2008-5346
CVE-2008-5346 affects Sun JDK/JRE: untrusted applets and applications could read arbitrary memory via a crafted ZIP file. Affected are JRE/JDK 5.0 Update 16 and earlier; JRE 1.4.2_18 and earlier; JRE 1.3.1_23 or earlier. The connected docs confirm related advisories (e.g., RHSA entries) but do no...
CVE-2008-5357
The CVE-2008-5357 issue is an integer/heap-based overflow in Java Runtime Environment font parsing. A crafted TrueType font file can trigger arbitrary code execution. Affected products include Sun JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier; SD...
CVE-2008-5359
CVE-2008-5359 is a buffer overflow in the Sun Java Runtime Environment (JRE) affecting JRE/JDK versions up to: 6 Update 10 and earlier; 5.0 Update 16 and earlier; 1.4.2_18 and earlier; and 1.3.1_23 and earlier. Root cause involves a ConvolveOp operation in the AWT library, enabling a remote attac...
CVE-2008-5352
CVE-2008-5352: Integer overflow in Pack200 jar unpacking in unpack200 (unpack.dll) used by Java Runtime Environment (JRE) for Sun JDK/JRE. Affected: JRE/JDK 6 Update 10 and earlier, and JDK/JRE 5.0 Update 16 and earlier. The overflow in the heap-based buffer can allow untrusted applications and a...
CVE-2008-5351
CVE-2008-5351 affects Java Runtime Environment (Sun JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier). The issue is that UTF-8 encodings in use may not be the shortest form, which can allow bypassing protection mechanisms relying on shortest-form UT...
CVE-2008-5359
Buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the...
CVE-2008-5348
CVE-2008-5348 concerns an unspecified vulnerability in Sun JDK/JRE across multiple major versions (JDK/JRE 6 Update 10 and earlier; 5.0 Update 16 and earlier; 1.4.2_18 and earlier) that, when Kerberos authentication is used, can allow remote attackers to cause a denial of service through OS resou...
CVE-2008-5349
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service CPU consumption via a crafted RSA public key...
CVE-2008-5348
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service OS resource consumption via...
CVE-2008-5350
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors...
CVE-2008-5353
The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...
CVE-2008-5347
Multiple unspecified vulnerabilities in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the 1 JAX-WS and 2 JAXB packages...
CVE-2008-5358
Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll...
CVE-2008-5359
Buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the...
CVE-2008-5352
Integer overflow in the JAR unpacking utility unpack200 in the unpack library unpack.dll in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JA...
CVE-2008-5354
Stack-based buffer overflow in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with...
Critical: Red Hat Security Advisory: java-1.6.0-sun security update
Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...
Java WebStart privilege escalation
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors,...
JRE allows unauthorized file access and connections to localhost
Unspecified vulnerability in Java Runtime Environment JRE with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make...
JRE allows unauthorized memory read access via a crafted ZIP file
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...