Filtered by vendor Sun
Subscribe
Total
1712 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0360 | 1 Sun | 1 Java System Web Server | 2024-11-21 | 10.0 HIGH | N/A |
Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273. | |||||
CVE-2010-0313 | 1 Sun | 1 Java System Directory Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message. | |||||
CVE-2010-0311 | 2 Ibm, Sun | 4 Tivoli Access Manager For E-business, Java System Access Manager, Java System Identity Server and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. | |||||
CVE-2010-0310 | 1 Sun | 1 Solaris | 2024-11-21 | 6.8 MEDIUM | N/A |
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates. | |||||
CVE-2010-0273 | 1 Sun | 1 Java System Web Server | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2010-0272 | 1 Sun | 1 Java System Web Server | 2024-11-21 | 7.5 HIGH | N/A |
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2010-0271 | 1 Sun | 1 Opensolaris | 2024-11-21 | 4.6 MEDIUM | N/A |
hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification. | |||||
CVE-2010-0095 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093. | |||||
CVE-2010-0094 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | |||||
CVE-2010-0093 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095. | |||||
CVE-2010-0092 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2010-0091 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084. | |||||
CVE-2010-0090 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. | |||||
CVE-2010-0089 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors. | |||||
CVE-2010-0088 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085. | |||||
CVE-2010-0087 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2010-0085 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088. | |||||
CVE-2010-0084 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091. | |||||
CVE-2010-0082 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2010-0079 | 2 Oracle, Sun | 3 Bea Product Suite, Jdk, Jre | 2024-11-21 | 10.0 HIGH | N/A |
Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. |