CVE-2010-0092

CVE-2010-0092 is reported in OpenJDK/OpenJRE and Oracle Java SE/OpenJDK contexts. The connected documents indicate the flaw is in the OpenJDK/OpenJRE implementation where operations involving AtomicReferenceArray can lead to a crash (SIGSEGV) in affected Java runtimes, contributing to potential s...

CVE-2010-0837

CVE-2010-0837 describes an unspecified vulnerability in the Pack200 component of Oracle Java SE and Java for Business . Affects versions listed in the initial entry (e.g., 6 Update 18, 5.0 Update, 23, etc.). The description notes a remote attacker could affect confidentiality, integrity, and avai...

CVE-2010-0843

CVE-2010-0843 affects Oracle Java SE/Java for Business: Sound component in Java 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27. Root cause described as related to XNewPtr and improper handling of an integer parameter when allocating heap memory in com.sun.media.sound libraries, enabling remot...

CVE-2010-0844

Technical details for CVE-2010-0844 are not publicly provided in the supplied documents. No concrete affected products, versions, or fixes are present here. Monitor for updates.

CVE-2010-0845

CVE-2010-0845 is addressed in Oracle’s March 2010 Java CPU advisory (and related Oracle/OpenJDK advisories). The connected documents indicate CVE-2010-0845 is among OpenJDK/JRE vulnerabilities fixed by the CPU update, which also bundles fixes for other OpenJDK issues and notes that affected Java ...

CVE-2010-0847

CVE-2010-0847 is described in connected Nessus/OSINT sources as an OpenJDK ImagingLib arbitrary code execution vulnerability in the Java 6 OpenJDK/OpenJDK stack (OpenJDK ImagingLib component). Affected product lineage appears to be Java 1.6/OpenJDK builds that include ImagingLib; the exact affect...

CVE-2010-0848

CVE-2010-0848 is referenced in connected records as an OpenJDK/OpenJRE issue: a missing input validation flaw in the JRE could cause an untrusted applet or application to crash. Affected context in the provided OpenVAS/Nessus entries ties this CVE to Java 6/OpenJDK components, notably in SL/Fedor...

CVE-2010-0849

CVE-2010-0849 affects Oracle Java SE/Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27. The described issue is a heap-based overflow in a JPEGImageDecoderImpl decoding routine (claimed) that could enable code execution via a crafted JPEG image, impacting confidentiality, integr...

CVE-2010-0850

CVE-2010-0850 is an unspecified vulnerability in the Java 2D component of Oracle Java SE and Java for Business 1.3.1_27. The connected documents confirm the affected software and component (Java 2D) but do not provide a concrete root cause, exploit details, affected versions beyond the product/da...

CVE-2010-0091

CVE-2010-0091 is evidenced in connected Nessus entries tied to OpenJDK/OpenJRE updates for Scientific Linux Scientific Linux Security Update: java-1.6.0-openjdk (SL5.x) and related OpenJDK advisories. The described issue: unsigned applets could retrieve dragged information before the drop action ...

OpenJDK File TOCTOU deserialization vulnerability (6736390)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

CVE-2010-0084

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091...

CVE-2010-0082

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

CVE-2010-0085

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than...

CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.225 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from...

CVE-2010-0094

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...

Oracle Java Runtime Environment 'HsbParser.getSoundBank()' Remote Heap Buffer Overflow Vulnerability

Description Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment JRE. Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE. Versions prior to Java 5.0 Update...

OpenJDK ICC_Profile file existence detection information leak (6631533)

Directory traversal vulnerability in the ICCProfile.getInstance method in Java Runtime Environment JRE in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium ICC profile files via a .. dot...

Information disclosure

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...

Code injection

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...