Java@* Security Vulnerabilities and Issues — Java@* CVE List

Lucene search

SunJava*

9 matches found

CVE•added 2009/03/25 11:30 p.m.•95 views

CVE-2009-1104

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted at...

5.8CVSS6.9AI score0.01231EPSS

CVE•added 2009/03/25 11:30 p.m.•94 views

CVE-2009-1107

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing J...

4.3CVSS7AI score0.02587EPSS

CVE•added 2009/03/25 11:30 p.m.•92 views

CVE-2009-1102

Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."

6.4CVSS7.5AI score0.04131EPSS

CVE•added 2009/03/25 11:30 p.m.•90 views

CVE-2009-1103

Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors...

6.4CVSS7.5AI score0.03856EPSS

CVE•added 2009/03/25 11:30 p.m.•89 views

CVE-2009-1105

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.

7.5CVSS7.3AI score0.08032EPSS

CVE•added 2000/06/02 4:0 a.m.•50 views

CVE-1999-0142

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

7.5CVSS7.4AI score0.00489EPSS

CVE•added 2000/10/13 4:0 a.m.•49 views

CVE-1999-0440

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

7.5CVSS7.5AI score0.01617EPSS

CVE•added 2006/08/05 1:0 a.m.•44 views

CVE-2005-2527

Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.

1.2CVSS6.1AI score0.00041EPSS

CVE•added 2008/08/01 2:41 p.m.•41 views

CVE-2008-3440

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5CVSS7.5AI score0.00699EPSS