50 matches found
Security Bulletin: TADDM 7.2.1.4: Vulnerabilities in embedded JRE.
Abstract Multiple security vulnerabilities exist in the Java Runtime Environments JREs IBM JRE 5.0 Service Release 16 or earlier, and non-IBM Java 5.0 or earlier, that can affect the security of IBM Tivoli Application Dependency Discovery Manager. Content VULNERABILITY DETAILS: CVEID: CVE-2013-14...
Java Runtime Environment Hotspot final field vulnerability
Added: 04/24/2013 CVE: CVE-2013-2423 BID: 59162 OSVDB: 92348 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
Java Runtime Environment Hotspot final field vulnerability
Added: 04/24/2013 CVE: CVE-2013-2423 BID: 59162 OSVDB: 92348 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
Java Runtime Environment Color Management memory overwrite
Added: 04/04/2013 CVE: CVE-2013-1493 BID: 58238 OSVDB: 90737 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
Java Runtime Environment Color Management memory overwrite
Added: 04/04/2013 CVE: CVE-2013-1493 BID: 58238 OSVDB: 90737 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...
openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers...
Integer overflow
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file...
Design/Logic Flaw
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969...
CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...
CVE-2009-3875
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
Input validation
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...
CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...
CVE-2009-2676
Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.221 and earlier; allows remote attackers to create or modify arbitrary files via vecto...
Information disclosure
The audio system in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by 1 untrusted applets and 2 Java Web Start applications, which allows context-dependent attackers to obtain sensiti...
CVE-2009-2672
The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...
Sun Java JDK/JRE Multiple Vulnerabilities (Windows)
This host is installed with Sun Java JDK/JRE and is prone to Multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: gbsunjavajredosvulnwin.nasl 7699 2017-11-08 12:10:34Z santu $ Sun Java JDK/JRE Multiple Vulnerabilities Windows Authors: Sharath S Copyright: Copyright c 2009 Greenbone Networks...
Design/Logic Flaw
Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file...
Design/Logic Flaw
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071...
Design/Logic Flaw
Unspecified vulnerability in Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors...
Code injection
Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF an...