CVE Daily
← All tags

Tag: OpenJDK builds from Oracle

All CVEs associated with "OpenJDK builds from Oracle". Page 2/2 • 134 CVEs.

Subscribe CVEs: RSS for “OpenJDK builds from Oracle”  ·  RSS (High+Critical only)

About “OpenJDK builds from Oracle”

A curated feed of “OpenJDK builds from Oracle”-related CVEs appears below. We currently track 134 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 7.2 (all time), and 57% are rated High/Critical (all time). Top CWEs (all time): CWE-59 - Improper Link Resolution Before File Access ('Link Following'), CWE-264 - CWE-264, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2009-11-09
Medium

CVE-2009-3880

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to…

CVSS: 5.0 CWE: CWE-264 View on NVD
High

CVE-2009-3879

Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vect…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2009-3728

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attack…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-08-10
Medium

CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information vi…

CVSS: 5.0 CWE: CWE-264 View on NVD
Critical

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent att…

CVSS: 10.0 CWE: CWE-264 View on NVD
Critical

CVE-2009-2476

The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass inten…

CVSS: 10.0 CWE: CWE-264 View on NVD
High

CVE-2009-2475

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2009-1896

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed j…

CVSS: 10.0 CWE: CWE-264 View on NVD
2009-04-13
Medium

CVE-2009-0794

Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows rem…

CVSS: 5.0 CWE: CWE-189 View on NVD
2009-04-09
Medium

CVE-2009-0793

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2009-03-23
Critical

CVE-2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attac…

CVSS: 9.3 CWE: CWE-787 - Out-of-bounds Write View on NVD
Critical

CVE-2009-0723

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafte…

CVSS: 9.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2009-0581

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and…

CVSS: 4.3 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2005-05-02
Medium

CVE-2005-1080

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in f…

CVSS: 5.0 CWE: N/A View on NVD