CVE Daily
← All tags

Tag: Oracle JDK

All CVEs associated with "Oracle JDK". Page 38/43 • 5132 CVEs.

Subscribe CVEs: RSS for “Oracle JDK”  ·  RSS (High+Critical only)

About “Oracle JDK”

A curated feed of “Oracle JDK”-related CVEs appears below. We currently track 5132 CVEs for this tag (all time). In the last 365 days, 784 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2011-04-27
Medium

CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote at…

CVSS: 6.4 CWE: CWE-264 View on NVD
2011-04-20
Medium

CVE-2011-0849

Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2011-0847

Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote authenticated users to affect confidentiality…

CVSS: 4.0 CWE: N/A View on NVD
Medium

CVE-2011-0846

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2011-0844

Unspecified vulnerability in the OpenSSO Enterprise and Sun Java System Access Manager components in Oracle Sun Products Suite 7.1 and 8.0 allows remote attackers to affect integrity via unknown vect…

CVSS: 4.3 CWE: N/A View on NVD
Critical

CVE-2011-0807

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, an…

CVSS: 10.0 CWE: N/A View on NVD
2011-03-08
Medium

CVE-2011-1322

The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote atta…

CVSS: 5.0 CWE: CWE-399 View on NVD
2011-02-25
High

CVE-2011-0388

Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x do not properly restrict remote ac…

CVSS: 7.8 CWE: CWE-399 View on NVD
Critical

CVE-2011-0384

The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions,…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2011-0383

The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, a…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2011-0381

Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related…

CVSS: 10.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2011-02-17
Medium

CVE-2010-4476

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJD…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-4475

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2010-4474

Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Se…

CVSS: 2.1 CWE: N/A View on NVD
Critical

CVE-2010-4473

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote atta…

CVSS: 10.0 CWE: N/A View on NVD
Low

CVE-2010-4472

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2010-4471

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start a…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-4470

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vector…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2010-4469

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2010-4468

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start…

CVSS: 4.0 CWE: N/A View on NVD
Critical

CVE-2010-4467

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrust…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2010-4466

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2010-4465

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-4463

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrust…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-4462

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote atta…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-4454

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote atta…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-4452

Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applicat…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2010-4451

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect…

CVSS: 7.6 CWE: N/A View on NVD
Low

CVE-2010-4450

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux;…

CVSS: 3.7 CWE: N/A View on NVD
Low

CVE-2010-4448

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untruste…

CVSS: 2.6 CWE: N/A View on NVD
Medium

CVE-2010-4447

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untr…

CVSS: 4.3 CWE: N/A View on NVD
High

CVE-2010-4422

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 7.6 CWE: N/A View on NVD
2011-02-09
Critical

CVE-2011-0921

crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to exec…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
2011-02-07
Medium

CVE-2011-0902

Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LI…

CVSS: 6.9 CWE: N/A View on NVD
2011-02-02
Critical

CVE-2011-0276

HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitr…

CVSS: 10.0 CWE: N/A View on NVD
2011-01-31
Medium

CVE-2011-0680

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended fo…

CVSS: 5.0 CWE: N/A View on NVD
2011-01-24
Medium

CVE-2011-0410

CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information…

CVSS: 5.0 CWE: CWE-310 View on NVD
2011-01-20
Medium

CVE-2010-4351

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in…

CVSS: 6.8 CWE: CWE-264 View on NVD
2011-01-19
Medium

CVE-2010-4456

Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2010-4444

Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2010-4438

Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, and Java System Message Queue 4.1 allows local users to affect confidentiality, integrity, and availability, related to Java Messa…

CVSS: 5.7 CWE: N/A View on NVD
Low

CVE-2010-4431

Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.

CVSS: 1.0 CWE: N/A View on NVD
2010-12-10
Critical

CVE-2010-3775

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remot…

CVSS: 9.3 CWE: N/A View on NVD
2010-12-08
Medium

CVE-2010-3860

IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive infor…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-11-26
Medium

CVE-2010-4172

Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-11-16
Medium

CVE-2010-3796

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an ap…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-11-12
Critical

CVE-2010-3894

Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Ent…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-11-09
Medium

CVE-2010-0786

The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attac…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2010-10-20
Medium

CVE-2010-2057

shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it e…

CVSS: 5.0 CWE: CWE-310 View on NVD
2010-10-19
Critical

CVE-2010-3574

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, int…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2010-3573

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availabil…

CVSS: 5.1 CWE: N/A View on NVD
Critical

CVE-2010-3572

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3571

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2010-3570

Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via un…

CVSS: 7.6 CWE: N/A View on NVD
Critical

CVE-2010-3569

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality,…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3568

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality,…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3567

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3566

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3565

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availa…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3563

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown ve…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3562

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2010-3561

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability v…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2010-3560

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 2.6 CWE: N/A View on NVD
Critical

CVE-2010-3559

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3558

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknow…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2010-3557

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2010-3556

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity,…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3555

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown ve…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2010-3554

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3553

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrit…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-3552

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unkn…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2010-3551

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown ve…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2010-3550

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2010-3549

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, int…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2010-3548

Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affec…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-3541

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, int…

CVSS: 5.1 CWE: N/A View on NVD
2010-10-14
Medium

CVE-2010-3579

Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality an…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2010-3575

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to aff…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2010-3564

Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality…

CVSS: 6.4 CWE: N/A View on NVD
Medium

CVE-2010-3546

Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2010-3545

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2010-3544

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unk…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2010-3514

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vect…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2010-3512

Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, relat…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2010-2419

Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integ…

CVSS: 6.5 CWE: N/A View on NVD
Low

CVE-2010-2414

Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality vi…

CVSS: 2.6 CWE: N/A View on NVD
2010-09-16
Critical

CVE-2010-3402

Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary…

CVSS: 9.3 CWE: N/A View on NVD
2010-08-05
High

CVE-2010-1871

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows re…

CVSS: 8.8 CWE: CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') View on NVD
2010-07-13
Low

CVE-2010-2397

Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to…

CVSS: 2.4 CWE: N/A View on NVD
Medium

CVE-2010-2385

Unspecified vulnerability in Oracle Sun Java System Web Proxy Server 4.0.13 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration Server.

CVSS: 5.8 CWE: N/A View on NVD
2010-06-28
Critical

CVE-2010-1929

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow r…

CVSS: 9.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-05-27
Medium

CVE-2010-2103

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Busin…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2010-05-26
Medium

CVE-2009-4875

FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters.

CVSS: 5.0 CWE: CWE-399 View on NVD
2010-05-21
Medium

CVE-2010-0539

Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary c…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2010-0538

Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause…

CVSS: 6.8 CWE: CWE-399 View on NVD
2010-04-21
Critical

CVE-2009-4776

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C+…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2010-04-20
Critical

CVE-2010-0887

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and av…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2010-0886

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integr…

CVSS: 10.0 CWE: N/A View on NVD
2010-04-15
Critical

CVE-2010-1423

Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux…

CVSS: 9.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2010-04-13
High

CVE-2010-0897

Unspecified vulnerability in the Sun Java System Directory Server component in Oracle Sun Product Suite 5.2, 6.0, 6.1, 6.2, 6.3, and 6.3.1 allows remote attackers to affect confidentiality, integrity…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2010-0894

Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and i…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2010-0885

Unspecified vulnerability in the Sun Java System Communications Express component in Oracle Sun Product Suite 6 2005Q4 (6.2) and and 6.3 allows remote authenticated users to affect confidentiality vi…

CVSS: 6.8 CWE: N/A View on NVD
2010-04-01
Medium

CVE-2010-1227

Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as de…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2010-0850

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0849

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integr…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0848

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integr…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0847

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integr…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0846

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integr…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2010-0845

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and av…

CVSS: 5.1 CWE: N/A View on NVD
High

CVE-2010-0844

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrit…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0843

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrit…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0842

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrit…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0841

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and a…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2010-0840

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality,…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2010-0839

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrit…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0838

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availabil…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0837

Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availabil…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2010-0095

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality,…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2010-0094

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity,…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2010-0093

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality,…

CVSS: 5.1 CWE: N/A View on NVD