Lucene search
K

126 matches found

CVE
CVE
added 2011/02/17 6:31 p.m.191 views

CVE-2010-4476

CVE-2010-4476 concerns the Java Double.parseDouble path in JRE/JDK (Oracle Java SE, OpenJDK, and related bundles), where a crafted string like 2.2250738585072012e-308 can trigger an infinite estimation loop, causing a denial of service. Connected advisories confirm this affects Java runtimes used...

5CVSS8.4AI score0.2349EPSS
In wild
CVE
CVE
added 2009/03/25 11:0 p.m.135 views

CVE-2009-1098

CVE-2009-1098 is a buffer overflow in Oracle Java SE/JRE components that can allow remote code execution via a crafted GIF image. Affected are JDK/JRE 5.0 Update 17 and earlier, 6 Update 12 and earlier, 1.4.2_19 and earlier, and 1.3.1_24 and earlier. The vulnerability enables an attacker to acces...

9.3CVSS7.8AI score0.06787EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.135 views

CVE-2009-3869

CVE-2009-3869 : A stack-based buffer overflow in the Abstract Window Toolkit (AWT) setDiffICM function of the Java Runtime Environment allows remote code execution. Affected products include Sun/Oracle Java SE/JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, SDK/JRE 1.3.x before 1.3.1_27...

9.3CVSS7.8AI score0.65461EPSS
Web
CVE
CVE
added 2011/02/17 6:31 p.m.132 views

CVE-2010-4448

CVE-2010-4448 is described as an unspecified vulnerability in the Java Runtime Environment (JRE) within Oracle Java SE and Java for Business, affecting 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier. It allegedly allows remote untrusted Java Web Start applications and un...

2.6CVSS8.3AI score0.02407EPSS
CVE
CVE
added 2009/08/05 7:0 p.m.129 views

CVE-2009-2676

CVE-2009-2676 describes an unspecified vulnerability in Sun Java SE/JDK/JRE (up to 6 Update 14, 5.0 Update 19, and 1.4.2_21) involving the JNLPAppletLauncher. Affected component is the JNLPAppletLauncher exposed to untrusted applets; the root cause is an issue in how an old launcher can be access...

6.8CVSS7.2AI score0.03645EPSS
CVE
CVE
added 2008/12/05 2:0 a.m.128 views

CVE-2008-2086

CVE-2008-2086 affects Sun Java Web Start and Java Plug-in used by JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier. It arises from a crafted jnlp file that modifies the java.home, java.ext.dirs, or user.home System Properties, enabling remote attack...

9.3CVSS7.8AI score0.07319EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.128 views

CVE-2008-5353

CVE-2008-5353 affects Sun JDK/JRE families: JRE/JDK 6 up to update 10, Java 5.0 up to update 16, and SDK/JRE 1.4.2 up to 1.4.2_18. It is caused by improper enforcement of ZoneInfo object contexts during deserialization, allowing remote attackers to elevate privileges by deserializing Calendar obj...

10CVSS7.5AI score0.84807EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.128 views

CVE-2010-0848

CVE-2010-0848 is referenced in connected records as an OpenJDK/OpenJRE issue: a missing input validation flaw in the JRE could cause an untrusted applet or application to crash. Affected context in the provided OpenVAS/Nessus entries ties this CVE to Java 6/OpenJDK components, notably in SL/Fedor...

7.5CVSS6.8AI score0.03567EPSS
CVE
CVE
added 2009/03/25 11:0 p.m.126 views

CVE-2009-1093

CVE-2009-1093 affects the LDAP service in Java SE (JDK/JRE) by failing to close the LDAP connection when initialization fails, causing a denial of service (LDAP service hang). Affected are JDK/JRE versions: 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.3.1_24 and earlier; and 1.4.2_19 and...

5CVSS7.1AI score0.03381EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.125 views

CVE-2009-3876

CVE-2009-3876 affects Sun Java SE/JRE/JDK components. The vulnerability stems from the ASN.1 DER input stream parser failing to properly decode crafted DER-encoded data, allowing remote attackers to cause a denial of service via memory consumption. Affected products include Sun JRE/JDK 5.0 before...

5CVSS6.2AI score0.03409EPSS
CVE
CVE
added 2005/04/12 4:0 a.m.124 views

CVE-2005-1080

The CVE-2005-1080 entry concerns a directory traversal vulnerability in the jar utility of the Java Archive Tool (Jar) used by J2SE SDK 1.4.2/1.5 and OpenJDK. The underlying issue allows a remote attacker to create or overwrite arbitrary files via a .. sequence in filenames stored inside a .jar f...

5CVSS6.5AI score0.06717EPSS
CVE
CVE
added 2011/02/17 6:31 p.m.124 views

CVE-2010-4465

CVE-2010-4465 is described in the MiracleLinux AXSA:2011-61:02 advisory as an unspecified vulnerability in the Java Runtime Environment that affects Oracle Java SE/Java for Business up to certain older builds. The issue is associated with Swing and allows remote untrusted Java Web Start applicati...

10CVSS8.3AI score0.04132EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.123 views

CVE-2009-3873

CVE-2009-3873 is the OpenJDK/Sun JPEG Image Writer quantization vulnerability. The issue allows remote attackers to gain privileges by crafting a malicious image file. Affected products include Sun Java SE JDK/JRE 5.0 prior to Update 22, JDK/JRE 6 prior to Update 17, and SDK/JRE 1.4.x prior to 1....

9.3CVSS6.5AI score0.04211EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.121 views

CVE-2010-3562

CVE-2010-3562 is tied to OpenJDK/IcedTea's IndexColorModel double-free bug. US/EU advisories (e.g., openSUSE SUSE-11_3_JAVA-1_6_0-SUN-101019, Gentoo GLSA 201406-32) enumerate CVE-2010-3562 among the openJDK issues, but the connected documents provide only high‑level notes: a double-free in IndexC...

10CVSS7.9AI score0.07099EPSS
CVE
CVE
added 2008/07/09 11:0 p.m.120 views

CVE-2008-3112

Technical details about CVE-2008-3112 (affected product, root cause, impact, and fix) are not provided in the connected documents. The initial description gives only high-level vulnerability information. Monitor for official advisories for updates.

10CVSS8.6AI score0.25727EPSS
CVE
CVE
added 2009/03/25 11:0 p.m.120 views

CVE-2009-1094

CVE-2009-1094 affects multiple Java SE components (JDK/JRE) earlier than specified Update/Release levels across 5.0 Update 17 and earlier; 6 Update 12 and earlier; JDK/JRE 1.3.1_24 and earlier; 1.4.2_19 and earlier. The vulnerability is described as an unspecified remote code execution via LDAP, ...

10CVSS7.6AI score0.04389EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.120 views

CVE-2009-3877

CVE-2009-3877 affects Sun Java SE/JRE/JDK across multiple releases: JRE/JDK 5.0 before Update 22, JRE/JDK 6 before Update 17, and older 1.3.x before 1.3.1_27 and 1.4.x before 1.4.2_24. Root cause: the ASN.1 DER input stream parser fails to properly parse crafted HTTP headers, enabling a remote at...

5CVSS6.2AI score0.04813EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.120 views

CVE-2010-3571

Technical details for CVE-2010-3571 are not publicly provided in the connected documents. No specifics on affected products/versions, root cause, or fix are available here. Monitor for updates.

10CVSS7.5AI score0.09146EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.118 views

CVE-2008-5360

CVE-2008-5360 affects Java Runtime Environment (JRE/JDK) across multiple versions (Sun JDK/JRE 6 Update 10 and earlier; 5.0 Update 16 and earlier; 1.4.2_18 and earlier; 1.3.1_23 and earlier).Description states the vulnerability: JRE creates temporary files with predictable file names, enabling at...

6.4CVSS7.5AI score0.03478EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.118 views

CVE-2009-3875

CVE-2009-3875 : The Java Runtime Environment (JRE) in Sun/Oracle Java SE has a timing-attack flaw in the HMAC digest verification that could allow forged signatures and potentially bypass authentication. Affected products include JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and older...

5CVSS6.3AI score0.03107EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.115 views

CVE-2008-5354

CVE-2008-5354 describes a stack-based buffer overflow in Sun JRE/JDK/J2SE components that affects JRE/JDK 6u10 and earlier, 5.0u16 and earlier, and 1.4.2_18 and earlier. The vulnerability allows arbitrary code execution when a user opens a crafted JAR file, with the issue triggered by an excessiv...

9.3CVSS8.1AI score0.04798EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.114 views

CVE-2009-3868

CVE-2009-3868 affects Sun Java SE (JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, SDK/JRE 1.3.x before 1.3.1_27, SDK/JRE 1.4.x before 1.4.2_24) and arises from improper parsing of color profiles. A crafted image file could allow remote attackers to gain privileges. The description spec...

9.3CVSS6.3AI score0.04262EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.113 views

CVE-2009-3867

CVE-2009-3867 is a stack-based buffer overflow in Sun Java SE: HsbParser.getSoundBank that can allow remote code execution via a long file: URL argument. Affected are Sun JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, SDK/JRE 1.3.x before 1.3.1_27, and SDK/JRE 1.4.x before 1.4.2_24. Ex...

9.3CVSS7.7AI score0.73376EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.113 views

CVE-2009-3874

CVE-2009-3874 is an integer overflow in JPEGImageReader of Java Image I/O that allows remote code execution via large JPEG subsample dimensions. Affected: Sun JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and SDK/JRE 1.4.x before 1.4.2_24. Remediation: upgrade to a version where the J...

9.3CVSS7.8AI score0.09533EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.112 views

CVE-2010-3556

CVE-2010-3556 affects Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28. The vulnerability is in the 2D component and is described as unspecified with unknown attack vectors; it is stated to impact confidentiality, integrity, and availability. No concrete exp...

10CVSS6.8AI score0.05193EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.111 views

CVE-2010-0084

CVE-2010-0084 is linked to OpenJDK/OpenJRE flaws addressing Policy/PolicyFile leakage in Java 6/5/OpenJDK packages. Connected docs indicate affected products (Oracle Java SE/Business, OpenJDK/OpenJRE) and versions, but do not provide a concrete fix/version unless drawn from advisories; remediatio...

5CVSS6.9AI score0.03162EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.111 views

CVE-2010-3574

CVE-2010-3574 is tied to HttpURLConnection HTTP TRACE handling. Oracle Java SE/Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, 1.3.1_28 were noted as affected in the CVE entry, and the entry cites a claim that untrusted code could perform TRACE requests due to a permission check issue. Co...

10CVSS7.3AI score0.049EPSS
CVE
CVE
added 2011/02/17 6:31 p.m.111 views

CVE-2010-4469

CVE-2010-4469 affects Oracle Java SE and Java for Business JRE components, with the MiracleLinux AXSA advisory listing Java 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier. The connected Nessus entry explicitly states the issue is an unspecified vulnerability in the J...

10CVSS8.5AI score0.02921EPSS
CVE
CVE
added 2009/11/05 4:0 p.m.109 views

CVE-2009-3871

CVE-2009-3871 is a heap-based buffer overflow in the AWT setBytePixels function of the Java Runtime Environment (JRE). Affected products/lines include Sun Java SE (JDK/JRE) 5.0 before Update 22, JDK/JRE 6 before Update 17, and older SDK/JRE 1.3.x/1.4.x branches. Other connected advisories referen...

9.3CVSS7.9AI score0.06842EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.109 views

CVE-2010-0095

CVE-2010-0095 affects Java Runtime/OpenJDK/OpenJRE (as tracked in OpenVAS Scientific Linux/Nessus entries). Vulnerability: Subclasses of InetAddress may incorrectly interpret network addresses, potentially allowing an untrusted applet or application to bypass network access restrictions. This is ...

6.8CVSS7AI score0.03036EPSS
CVE
CVE
added 2006/05/17 10:0 a.m.108 views

CVE-2006-2426

CVE-2006-2426 affects Sun JRE/JDK/J2SDK 1.5.0_6 and earlier. The vulnerability enables a remote attacker to cause a denial of service via disk consumption by abusing Font.createFont to create temporary files in the %temp% directory. Affected products include Sun JRE/JDK/Sun SDK up to 1.5.0_6; con...

6.4CVSS6.3AI score0.12692EPSS
CVE
CVE
added 2008/07/09 11:0 p.m.108 views

CVE-2008-3104

CVE-2008-3104 affects Sun Java Runtime Environment (JRE) and related JDK/JRE distributions. The issue involves multiple vulnerabilities in the JRE that can allow a remote attacker to bypass an applet’s outbound connection restrictions by connecting to localhost services on the machine that loaded...

6.8CVSS8.9AI score0.03597EPSS
CVE
CVE
added 2011/02/17 6:31 p.m.108 views

CVE-2010-4450

CVE-2010-4450 is an unspecified vulnerability in the Java Runtime Environment (JRE) across Oracle Java SE and Java for Business packages ( Solaris/Linux: 6 Update 23 and earlier; 5.0 Update 27 and earlier; 1.4.2_29 and earlier). The issue is described as allowing local standalone applications to ...

3.7CVSS8AI score0.00411EPSS
CVE
CVE
added 2007/05/22 12:0 a.m.107 views

CVE-2007-2789

CVE-2007-2789 concerns the BMP image parser in Sun JDK/JRE on Unix/Linux, where untrusted applets or applications that open arbitrary local files via a crafted BMP can cause the JVM to hang (DoS). Affected product ranges include JDK/JRE prior to 1.5.0_11-b03, 1.6.x prior to 1.6.0_01-b06, and olde...

4.3CVSS6.2AI score0.03485EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.106 views

CVE-2010-3569

CVE-2010-3569 is reported as a vulnerability in the Java Runtime Environment affecting JRE/OpenJDK/related distributions (e.g., IcedTea/OpenJDK builds). The root cause is described as inconsistencies in the Serialization API, with remote attackers able to impact confidentiality, integrity, and av...

10CVSS7.8AI score0.07099EPSS
CVE
CVE
added 2008/07/09 11:0 p.m.105 views

CVE-2008-3107

CVE-2008-3107 concerns Sun Java Runtime Environment (JRE/JDK) and affects: JRE/JDK 6 before Update 7; JDK/JRE 5.0 before Update 16; and J2SE 1.4.x before 1.4.2_18. Description: an untrusted (1) application or (2) applet could gain privileges via self-granted access, enabling read/write/execute of...

10CVSS8.6AI score0.03644EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.105 views

CVE-2008-5357

The CVE-2008-5357 issue is an integer/heap-based overflow in Java Runtime Environment font parsing. A crafted TrueType font file can trigger arbitrary code execution. Affected products include Sun JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier; SD...

9.3CVSS8AI score0.10015EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.105 views

CVE-2010-3549

CVE-2010-3549 affects Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28. The incident is tied to incorrect handling of HTTP chunked transfer encoding by HttpURLConnection, with potential impacts to confidentiality, integrity, and availability. The connected O...

6.8CVSS7.2AI score0.03337EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.104 views

CVE-2010-0842

CVE-2010-0842 affects Oracle Java SE and Java for Business: Sound component vulnerabilities in Java 6u18 and earlier (also listed for 5.0u23, 1.4.2_25, 1.3.1_27) allow remote attackers to compromise confidentiality, integrity, and availability via unknown vectors. Connected sources provide concre...

7.5CVSS7.4AI score0.77721EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.103 views

CVE-2008-5341

CVE-2008-5341 describes an unspecified vulnerability in Sun Java Web Start (JWS) and Java Plug-in affecting Sun JDK/JRE 6 Update 10 and earlier, and JDK/JRE 5.0 Update 16 and earlier. The issue allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username ...

5CVSS7.3AI score0.03013EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.103 views

CVE-2008-5351

CVE-2008-5351 affects Java Runtime Environment (Sun JDK/JRE 6 Update 10 and earlier; JDK/JRE 5.0 Update 16 and earlier; SDK/JRE 1.4.2_18 and earlier). The issue is that UTF-8 encodings in use may not be the shortest form, which can allow bypassing protection mechanisms relying on shortest-form UT...

7.5CVSS7.6AI score0.03426EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.103 views

CVE-2010-3568

CVE-2010-3568 is described as an OpenJDK deserialization race condition affecting Java Runtime Environment components. The initial report cites impact to confidentiality, integrity, and availability via unspecified vectors in Oracle Java SE/Java for Business 6u21, 5.0u25, and 1.4.2_27. Connected ...

10CVSS7.2AI score0.049EPSS
CVE
CVE
added 2008/12/05 11:0 a.m.102 views

CVE-2008-5339

CVE-2008-5339 affects Sun JDK/JRE components (Java Web Start and Java Plug-in) across multiple older builds: Java 6 Update 10 and earlier, Java 5.0 Update 16 and earlier, and SDK/JRE 1.4.2_18 and earlier. The description indicates an unspecified vulnerability where untrusted JWS applications coul...

5CVSS7.4AI score0.03451EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.102 views

CVE-2010-3553

Technical details for CVE-2010-3553 are not publicly available in the provided connected documents. Please monitor for updated advisories that disclose affected products, vulnerabilities, remediation, or exploitation information.

10CVSS7.2AI score0.049EPSS
CVE
CVE
added 2008/07/09 11:0 p.m.101 views

CVE-2008-3111

CVE-2008-3111 affects Sun Java Web Start in JDK/JRE 6 prior to Update 4, JDK/JRE 5.0 prior to Update 16, and SDK/JRE 1.4.x prior to 1.4.2_18. The root cause is a stack-based buffer overflow in GetVMArgsOption triggered by a long value in a j2se tag in a JNLP file, allowing context-dependent attac...

10CVSS8.9AI score0.04267EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.101 views

CVE-2010-0089

CVE-2010-0089 affects Oracle Java SE/Java for Business components (Java Web Start, Java Plug-in) in Java 6 Update 18, 5.0 Update 23, and 1.4.2_25. Connected data corroborate that multiple sources reference this CVE within a broader set of Java/VM vulnerabilities and related advisories; however, t...

5CVSS6.8AI score0.03361EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.101 views

CVE-2010-3541

CVE-2010-3541 affects Oracle Java SE/Java for Business (e.g., 6 Update 21; 5.0 Update 25; 1.4.2_27; 1.3.1_28) and is linked in OpenVAS/SUSE advisories. The Connected/OpenVAS entries note the vulnerability arises from limit setting of some request headers in HttpURLConnection, impacting confidenti...

5.1CVSS7.3AI score0.03102EPSS
CVE
CVE
added 2010/10/19 9:0 p.m.101 views

CVE-2010-3548

Technical details for CVE-2010-3548 are not publicly available in the provided documents. Monitor for updates.

5CVSS7.1AI score0.02999EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.100 views

CVE-2010-0093

CVE-2010-0093 is observed in OpenJDK 1.6.0-openjdk on Scientific Linux 5.x (java-1.6.0-openjdk). The root cause: System.arraycopy mishandles large index values, potentially causing array corruption in untrusted applets/applications. Impact wording in the source notes partial confidentiality/integ...

5.1CVSS7AI score0.03084EPSS
CVE
CVE
added 2010/04/01 4:0 p.m.100 views

CVE-2010-0847

CVE-2010-0847 is described in connected Nessus/OSINT sources as an OpenJDK ImagingLib arbitrary code execution vulnerability in the Java 6 OpenJDK/OpenJDK stack (OpenJDK ImagingLib component). Affected product lineage appears to be Java 1.6/OpenJDK builds that include ImagingLib; the exact affect...

7.5CVSS7.5AI score0.05431EPSS
Total number of security vulnerabilities126