Filtered by vendor Sun
Subscriptions
Filtered by product Jdk
Subscriptions
Total
395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1097 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. | ||||
| CVE-2009-1100 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Rhel Extras Sap and 2 more | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. | ||||
| CVE-2009-1101 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." | ||||
| CVE-2009-2676 | 2 Redhat, Sun | 6 Network Satellite, Rhel Extras, Java Se and 3 more | 2025-04-09 | N/A |
| Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. | ||||
| CVE-2008-5356 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | ||||
| CVE-2009-2030 | 2 Ibm, Sun | 2 Os\/400, Jdk | 2025-04-09 | N/A |
| Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | ||||
| CVE-2007-0243 | 2 Redhat, Sun | 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more | 2025-04-09 | N/A |
| Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | ||||
| CVE-2009-2671 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | ||||
| CVE-2009-2673 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | ||||
| CVE-2009-2675 | 2 Redhat, Sun | 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more | 2025-04-09 | N/A |
| Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | ||||
| CVE-2010-0079 | 2 Oracle, Sun | 3 Bea Product Suite, Jdk, Jre | 2025-04-09 | N/A |
| Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. | ||||
| CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2025-04-09 | N/A |
| Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | ||||
| CVE-2008-5358 | 2 Redhat, Sun | 3 Rhel Extras, Jdk, Jre | 2025-04-09 | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | ||||
| CVE-2007-2789 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2025-04-09 | N/A |
| The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. | ||||
| CVE-2008-5340 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | ||||
| CVE-2008-5341 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | ||||
| CVE-2008-5342 | 2 Redhat, Sun | 4 Rhel Extras, Jdk, Jre and 1 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | ||||
| CVE-2003-1123 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | N/A |
| Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model. | ||||
| CVE-2003-1156 | 1 Sun | 2 Jdk, Jre | 2025-04-03 | N/A |
| Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | ||||
| CVE-2006-0615 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | ||||