OpenJDK: Incorrect image attribute verification (2D, 8012438)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: disable Gopher support by default (Gopher, 7189567)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote authenticated users to have an unspecified impact via unknown vectors related to Networking...

JDK unspecified vulnerability in Deployment component

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown...

JDK Double.parseDouble Denial-Of-Service

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

OpenJDK Swing timer-based security manager bypass (6907662)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, an...

JDK Double.parseDouble Denial-Of-Service

The Double.parseDouble method in Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a...

Java Web Start Buffer unpack200 processing integer overflow (6830335)

Integer overflow in the unpack200 utility in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to...

OpenJDK RSA public key length denial-of-service (6497740)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service CPU consumption via a crafted RSA public key...

JRE applet launcher vulnerability

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.221 and earlier; allows remote attackers to create or modify arbitrary files via vecto...

OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

OpenJDK allows to list files within the user home directory (6484091)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors...

OpenJDK UTF-8 decoder accepts non-shortest form sequences (4486841)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications...

OpenJDK calendar object deserialization allows privilege escalation (6734167)

The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...

OpenJDK JMX allows illegal operations with local monitoring (6332953)

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

Untrusted applet and application XSLT processing privilege escalation

Unspecified vulnerability in Sun Java Runtime Environment JRE and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to cause a denial of service JRE crash and possibly execute arbitrary code via unknown vectors related to XSLT transform...