Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5238 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 2.6 LOW | N/A |
| Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." | |||||
| CVE-2007-5237 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.1 HIGH | N/A |
| Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." | |||||
| CVE-2007-5236 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 5.4 MEDIUM | N/A |
| Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. | |||||
| CVE-2007-5232 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 4.0 MEDIUM | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. | |||||
| CVE-2007-4381 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | |||||
| CVE-2007-3922 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. | |||||
| CVE-2007-3716 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 9.3 HIGH | N/A |
| The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. | |||||
| CVE-2007-3698 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 7.8 HIGH | N/A |
| The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. | |||||
| CVE-2007-3504 | 2 Microsoft, Sun | 4 Windows, Jdk, Jre and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | |||||
| CVE-2007-2789 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 4.3 MEDIUM | N/A |
| The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. | |||||
| CVE-2007-2788 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow. | |||||
| CVE-2007-0243 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.8 MEDIUM | N/A |
| Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | |||||
| CVE-2006-6737 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." | |||||
| CVE-2006-6736 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue." | |||||
| CVE-2006-6731 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6009 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. | |||||
| CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2024-11-21 | 4.0 MEDIUM | N/A |
| Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
| CVE-2006-2426 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.4 MEDIUM | N/A |
| Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | |||||
| CVE-2006-0617 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 4.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." | |||||
| CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | |||||