126 matches found
CVE-2010-4476
CVE-2010-4476 concerns the Java Double.parseDouble path in JRE/JDK (Oracle Java SE, OpenJDK, and related bundles), where a crafted string like 2.2250738585072012e-308 can trigger an infinite estimation loop, causing a denial of service. Connected advisories confirm this affects Java runtimes used...
CVE-2009-1098
CVE-2009-1098 is a buffer overflow in Oracle Java SE/JRE components that can allow remote code execution via a crafted GIF image. Affected are JDK/JRE 5.0 Update 17 and earlier, 6 Update 12 and earlier, 1.4.2_19 and earlier, and 1.3.1_24 and earlier. The vulnerability enables an attacker to acces...
CVE-2009-3869
CVE-2009-3869 : A stack-based buffer overflow in the Abstract Window Toolkit (AWT) setDiffICM function of the Java Runtime Environment allows remote code execution. Affected products include Sun/Oracle Java SE/JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, SDK/JRE 1.3.x before 1.3.1_27...
CVE-2010-4448
CVE-2010-4448 is described as an unspecified vulnerability in the Java Runtime Environment (JRE) within Oracle Java SE and Java for Business, affecting 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier. It allegedly allows remote untrusted Java Web Start applications and un...
CVE-2009-2676
CVE-2009-2676 describes an unspecified vulnerability in Sun Java SE/JDK/JRE (up to 6 Update 14, 5.0 Update 19, and 1.4.2_21) involving the JNLPAppletLauncher. Affected component is the JNLPAppletLauncher exposed to untrusted applets; the root cause is an issue in how an old launcher can be access...
CVE-2008-2086
CVE-2008-2086 affects Sun Java Web Start and Java Plug-in used by JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier. It arises from a crafted jnlp file that modifies the java.home, java.ext.dirs, or user.home System Properties, enabling remote attack...
CVE-2008-5353
CVE-2008-5353 affects Sun JDK/JRE families: JRE/JDK 6 up to update 10, Java 5.0 up to update 16, and SDK/JRE 1.4.2 up to 1.4.2_18. It is caused by improper enforcement of ZoneInfo object contexts during deserialization, allowing remote attackers to elevate privileges by deserializing Calendar obj...
CVE-2010-0848
CVE-2010-0848 is referenced in connected records as an OpenJDK/OpenJRE issue: a missing input validation flaw in the JRE could cause an untrusted applet or application to crash. Affected context in the provided OpenVAS/Nessus entries ties this CVE to Java 6/OpenJDK components, notably in SL/Fedor...
CVE-2009-1093
CVE-2009-1093 affects the LDAP service in Java SE (JDK/JRE) by failing to close the LDAP connection when initialization fails, causing a denial of service (LDAP service hang). Affected are JDK/JRE versions: 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.3.1_24 and earlier; and 1.4.2_19 and...
CVE-2009-3876
CVE-2009-3876 affects Sun Java SE/JRE/JDK components. The vulnerability stems from the ASN.1 DER input stream parser failing to properly decode crafted DER-encoded data, allowing remote attackers to cause a denial of service via memory consumption. Affected products include Sun JRE/JDK 5.0 before...
CVE-2005-1080
The CVE-2005-1080 entry concerns a directory traversal vulnerability in the jar utility of the Java Archive Tool (Jar) used by J2SE SDK 1.4.2/1.5 and OpenJDK. The underlying issue allows a remote attacker to create or overwrite arbitrary files via a .. sequence in filenames stored inside a .jar f...
CVE-2010-4465
CVE-2010-4465 is described in the MiracleLinux AXSA:2011-61:02 advisory as an unspecified vulnerability in the Java Runtime Environment that affects Oracle Java SE/Java for Business up to certain older builds. The issue is associated with Swing and allows remote untrusted Java Web Start applicati...
CVE-2009-3873
CVE-2009-3873 is the OpenJDK/Sun JPEG Image Writer quantization vulnerability. The issue allows remote attackers to gain privileges by crafting a malicious image file. Affected products include Sun Java SE JDK/JRE 5.0 prior to Update 22, JDK/JRE 6 prior to Update 17, and SDK/JRE 1.4.x prior to 1....
CVE-2010-3562
CVE-2010-3562 is tied to OpenJDK/IcedTea's IndexColorModel double-free bug. US/EU advisories (e.g., openSUSE SUSE-11_3_JAVA-1_6_0-SUN-101019, Gentoo GLSA 201406-32) enumerate CVE-2010-3562 among the openJDK issues, but the connected documents provide only high‑level notes: a double-free in IndexC...
CVE-2008-3112
Technical details about CVE-2008-3112 (affected product, root cause, impact, and fix) are not provided in the connected documents. The initial description gives only high-level vulnerability information. Monitor for official advisories for updates.
CVE-2009-1094
CVE-2009-1094 affects multiple Java SE components (JDK/JRE) earlier than specified Update/Release levels across 5.0 Update 17 and earlier; 6 Update 12 and earlier; JDK/JRE 1.3.1_24 and earlier; 1.4.2_19 and earlier. The vulnerability is described as an unspecified remote code execution via LDAP, ...
CVE-2009-3877
CVE-2009-3877 affects Sun Java SE/JRE/JDK across multiple releases: JRE/JDK 5.0 before Update 22, JRE/JDK 6 before Update 17, and older 1.3.x before 1.3.1_27 and 1.4.x before 1.4.2_24. Root cause: the ASN.1 DER input stream parser fails to properly parse crafted HTTP headers, enabling a remote at...
CVE-2010-3571
Technical details for CVE-2010-3571 are not publicly provided in the connected documents. No specifics on affected products/versions, root cause, or fix are available here. Monitor for updates.
CVE-2008-5360
CVE-2008-5360 affects Java Runtime Environment (JRE/JDK) across multiple versions (Sun JDK/JRE 6 Update 10 and earlier; 5.0 Update 16 and earlier; 1.4.2_18 and earlier; 1.3.1_23 and earlier).Description states the vulnerability: JRE creates temporary files with predictable file names, enabling at...
CVE-2009-3875
CVE-2009-3875 : The Java Runtime Environment (JRE) in Sun/Oracle Java SE has a timing-attack flaw in the HMAC digest verification that could allow forged signatures and potentially bypass authentication. Affected products include JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and older...
CVE-2008-5354
CVE-2008-5354 describes a stack-based buffer overflow in Sun JRE/JDK/J2SE components that affects JRE/JDK 6u10 and earlier, 5.0u16 and earlier, and 1.4.2_18 and earlier. The vulnerability allows arbitrary code execution when a user opens a crafted JAR file, with the issue triggered by an excessiv...
CVE-2009-3868
CVE-2009-3868 affects Sun Java SE (JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, SDK/JRE 1.3.x before 1.3.1_27, SDK/JRE 1.4.x before 1.4.2_24) and arises from improper parsing of color profiles. A crafted image file could allow remote attackers to gain privileges. The description spec...
CVE-2009-3867
CVE-2009-3867 is a stack-based buffer overflow in Sun Java SE: HsbParser.getSoundBank that can allow remote code execution via a long file: URL argument. Affected are Sun JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, SDK/JRE 1.3.x before 1.3.1_27, and SDK/JRE 1.4.x before 1.4.2_24. Ex...
CVE-2009-3874
CVE-2009-3874 is an integer overflow in JPEGImageReader of Java Image I/O that allows remote code execution via large JPEG subsample dimensions. Affected: Sun JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and SDK/JRE 1.4.x before 1.4.2_24. Remediation: upgrade to a version where the J...
CVE-2010-3556
CVE-2010-3556 affects Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28. The vulnerability is in the 2D component and is described as unspecified with unknown attack vectors; it is stated to impact confidentiality, integrity, and availability. No concrete exp...
CVE-2010-0084
CVE-2010-0084 is linked to OpenJDK/OpenJRE flaws addressing Policy/PolicyFile leakage in Java 6/5/OpenJDK packages. Connected docs indicate affected products (Oracle Java SE/Business, OpenJDK/OpenJRE) and versions, but do not provide a concrete fix/version unless drawn from advisories; remediatio...
CVE-2010-3574
CVE-2010-3574 is tied to HttpURLConnection HTTP TRACE handling. Oracle Java SE/Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, 1.3.1_28 were noted as affected in the CVE entry, and the entry cites a claim that untrusted code could perform TRACE requests due to a permission check issue. Co...
CVE-2010-4469
CVE-2010-4469 affects Oracle Java SE and Java for Business JRE components, with the MiracleLinux AXSA advisory listing Java 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier. The connected Nessus entry explicitly states the issue is an unspecified vulnerability in the J...
CVE-2009-3871
CVE-2009-3871 is a heap-based buffer overflow in the AWT setBytePixels function of the Java Runtime Environment (JRE). Affected products/lines include Sun Java SE (JDK/JRE) 5.0 before Update 22, JDK/JRE 6 before Update 17, and older SDK/JRE 1.3.x/1.4.x branches. Other connected advisories referen...
CVE-2010-0095
CVE-2010-0095 affects Java Runtime/OpenJDK/OpenJRE (as tracked in OpenVAS Scientific Linux/Nessus entries). Vulnerability: Subclasses of InetAddress may incorrectly interpret network addresses, potentially allowing an untrusted applet or application to bypass network access restrictions. This is ...
CVE-2006-2426
CVE-2006-2426 affects Sun JRE/JDK/J2SDK 1.5.0_6 and earlier. The vulnerability enables a remote attacker to cause a denial of service via disk consumption by abusing Font.createFont to create temporary files in the %temp% directory. Affected products include Sun JRE/JDK/Sun SDK up to 1.5.0_6; con...
CVE-2008-3104
CVE-2008-3104 affects Sun Java Runtime Environment (JRE) and related JDK/JRE distributions. The issue involves multiple vulnerabilities in the JRE that can allow a remote attacker to bypass an applet’s outbound connection restrictions by connecting to localhost services on the machine that loaded...
CVE-2010-4450
CVE-2010-4450 is an unspecified vulnerability in the Java Runtime Environment (JRE) across Oracle Java SE and Java for Business packages ( Solaris/Linux: 6 Update 23 and earlier; 5.0 Update 27 and earlier; 1.4.2_29 and earlier). The issue is described as allowing local standalone applications to ...
CVE-2007-2789
CVE-2007-2789 concerns the BMP image parser in Sun JDK/JRE on Unix/Linux, where untrusted applets or applications that open arbitrary local files via a crafted BMP can cause the JVM to hang (DoS). Affected product ranges include JDK/JRE prior to 1.5.0_11-b03, 1.6.x prior to 1.6.0_01-b06, and olde...
CVE-2010-3569
CVE-2010-3569 is reported as a vulnerability in the Java Runtime Environment affecting JRE/OpenJDK/related distributions (e.g., IcedTea/OpenJDK builds). The root cause is described as inconsistencies in the Serialization API, with remote attackers able to impact confidentiality, integrity, and av...
CVE-2008-3107
CVE-2008-3107 concerns Sun Java Runtime Environment (JRE/JDK) and affects: JRE/JDK 6 before Update 7; JDK/JRE 5.0 before Update 16; and J2SE 1.4.x before 1.4.2_18. Description: an untrusted (1) application or (2) applet could gain privileges via self-granted access, enabling read/write/execute of...
CVE-2008-5357
The CVE-2008-5357 issue is an integer/heap-based overflow in Java Runtime Environment font parsing. A crafted TrueType font file can trigger arbitrary code execution. Affected products include Sun JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier; SD...
CVE-2010-3549
CVE-2010-3549 affects Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28. The incident is tied to incorrect handling of HTTP chunked transfer encoding by HttpURLConnection, with potential impacts to confidentiality, integrity, and availability. The connected O...
CVE-2010-0842
CVE-2010-0842 affects Oracle Java SE and Java for Business: Sound component vulnerabilities in Java 6u18 and earlier (also listed for 5.0u23, 1.4.2_25, 1.3.1_27) allow remote attackers to compromise confidentiality, integrity, and availability via unknown vectors. Connected sources provide concre...
CVE-2008-5341
CVE-2008-5341 describes an unspecified vulnerability in Sun Java Web Start (JWS) and Java Plug-in affecting Sun JDK/JRE 6 Update 10 and earlier, and JDK/JRE 5.0 Update 16 and earlier. The issue allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username ...
CVE-2008-5351
CVE-2008-5351 affects Java Runtime Environment (Sun JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier). The issue is that UTF-8 encodings in use may not be the shortest form, which can allow bypassing protection mechanisms relying on shortest-form UT...
CVE-2010-3568
CVE-2010-3568 is described as an OpenJDK deserialization race condition affecting Java Runtime Environment components. The initial report cites impact to confidentiality, integrity, and availability via unspecified vectors in Oracle Java SE/Java for Business 6u21, 5.0u25, and 1.4.2_27. Connected ...
CVE-2008-5339
CVE-2008-5339 affects Sun JDK/JRE components (Java Web Start and Java Plug-in) across multiple older builds: Java 6 Update 10 and earlier, Java 5.0 Update 16 and earlier, and SDK/JRE 1.4.2_18 and earlier. The description indicates an unspecified vulnerability where untrusted JWS applications coul...
CVE-2010-3553
Technical details for CVE-2010-3553 are not publicly available in the provided connected documents. Please monitor for updated advisories that disclose affected products, vulnerabilities, remediation, or exploitation information.
CVE-2008-3111
CVE-2008-3111 affects Sun Java Web Start in JDK/JRE 6 prior to Update 4, JDK/JRE 5.0 prior to Update 16, and SDK/JRE 1.4.x prior to 1.4.2_18. The root cause is a stack-based buffer overflow in GetVMArgsOption triggered by a long value in a j2se tag in a JNLP file, allowing context-dependent attac...
CVE-2010-0089
CVE-2010-0089 affects Oracle Java SE/Java for Business components (Java Web Start, Java Plug-in) in Java 6 Update 18, 5.0 Update 23, and 1.4.2_25. Connected data corroborate that multiple sources reference this CVE within a broader set of Java/VM vulnerabilities and related advisories; however, t...
CVE-2010-3541
CVE-2010-3541 affects Oracle Java SE/Java for Business (e.g., 6 Update 21; 5.0 Update 25; 1.4.2_27; 1.3.1_28) and is linked in OpenVAS/SUSE advisories. The Connected/OpenVAS entries note the vulnerability arises from limit setting of some request headers in HttpURLConnection, impacting confidenti...
CVE-2010-3548
Technical details for CVE-2010-3548 are not publicly available in the provided documents. Monitor for updates.
CVE-2010-0093
CVE-2010-0093 is observed in OpenJDK 1.6.0-openjdk on Scientific Linux 5.x (java-1.6.0-openjdk). The root cause: System.arraycopy mishandles large index values, potentially causing array corruption in untrusted applets/applications. Impact wording in the source notes partial confidentiality/integ...
CVE-2010-0847
CVE-2010-0847 is described in connected Nessus/OSINT sources as an OpenJDK ImagingLib arbitrary code execution vulnerability in the Java 6 OpenJDK/OpenJDK stack (OpenJDK ImagingLib component). Affected product lineage appears to be Java 1.6/OpenJDK builds that include ImagingLib; the exact affect...