1772 matches found
CVE-2009-3729
CVE-2009-3729 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17). The vulnerability lies in the TrueType font parsing functionality and can cause an application crash (DoS) via a crafted test suite. Documents confirm the issue is a crash rather than remote code execution,...
CVE-2009-3885
Technical details (affected products, vulnerable components, exploit specifics, and fixes) for CVE-2009-3885 are not provided in the connected documents. Monitor for updates.
CVE-2009-3884
CVE-2009-3884 is an information-leak vulnerability in the TimeZone.getTimeZone handling for zoneinfo files used by Sun Java/OpenJDK JRE/OpenJDK (Sun JRE 5.0/6, Update 22/17 or prior, and OpenJDK). The issue allows a remote attacker to probe the local filesystem by observing how tz files are proce...
Critical: Red Hat Security Advisory: java-1.6.0-sun security update
Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6...
java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303)
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via a long file: URL in a...
java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970...
JRE JPEG JFIF Decoder issue (6862969)
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969...
CVE-2009-3883
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel PL&F feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug...
CVE-2009-3884
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo aka tz files, aka Bug Id 6824265...
CVE-2009-3885
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium ICC profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445...
CVE-2009-3880
The Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the...
CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
CVE-2009-3879
Multiple unspecified vulnerabilities in the 1 X11 and 2 Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug I...
CVE-2009-3882
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026...
Heap overflow
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote...
Design/Logic Flaw
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969...
Integer overflow
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file...
CVE-2009-3865
The launch method in the Deployment Toolkit plugin in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752...
CVE-2009-3868
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970...
CVE-2009-3864
The Java Update functionality in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabiliti...