CVE Daily
← All tags

Tag: Oracle JDK

All CVEs associated with "Oracle JDK". Page 39/43 • 5132 CVEs.

Subscribe CVEs: RSS for “Oracle JDK”  ·  RSS (High+Critical only)

About “Oracle JDK”

A curated feed of “Oracle JDK”-related CVEs appears below. We currently track 5132 CVEs for this tag (all time). In the last 365 days, 784 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a MODERATE impact class. JDK and JVM updates affect TLS, serialization, and performance. Upgrade JDK or JRE, restart dependents, avoid unsupported builds, and consider key or cert rotation if needed. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2010-04-01
Medium

CVE-2010-0092

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2010-0091

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2010-0090

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown ve…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2010-0089

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-0088

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confid…

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2010-0087

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect co…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2010-0085

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confid…

CVSS: 5.1 CWE: N/A View on NVD
Medium

CVE-2010-0084

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-0082

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality,…

CVSS: 5.1 CWE: N/A View on NVD
2010-03-30
Medium

CVE-2010-0523

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-02-25
Medium

CVE-2010-0708

Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enter…

CVSS: 5.0 CWE: N/A View on NVD
2010-01-25
Medium

CVE-2010-0389

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method to…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2010-0388

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have u…

CVSS: 7.5 CWE: CWE-134 - Use of Externally-Controlled Format String View on NVD
High

CVE-2010-0387

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibl…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2010-0386

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credential…

CVSS: 8.1 CWE: CWE-16 View on NVD
2010-01-20
Critical

CVE-2010-0361

Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and poss…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2010-0360

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
2010-01-14
Medium

CVE-2010-0313

The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon cra…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2010-0311

Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows…

CVSS: 6.8 CWE: N/A View on NVD
2010-01-13
High

CVE-2009-4611

Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbit…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2010-01-08
High

CVE-2010-0273

Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to execute arbitrary code by sending a process memory address and crafted data to TCP port 80, as…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2010-0272

Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-12-28
Medium

CVE-2009-4443

Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote a…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2009-4442

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote…

CVSS: 5.0 CWE: CWE-16 View on NVD
Medium

CVE-2009-4441

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cau…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-4440

Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows rem…

CVSS: 6.8 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2009-12-08
Medium

CVE-2009-2843

Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

CVSS: 5.0 CWE: CWE-310 View on NVD
2009-12-04
Critical

CVE-2009-4211

The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java,…

CVSS: 9.3 CWE: CWE-264 View on NVD
2009-12-03
Medium

CVE-2009-4187

Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via uns…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-11-13
Medium

CVE-2009-3936

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UN…

CVSS: 5.8 CWE: CWE-310 View on NVD
2009-11-09
High

CVE-2009-3886

The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2009-3885

Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International C…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-3884

The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handl…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2009-3883

Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have un…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2009-3882

Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "in…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2009-3881

Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via uns…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2009-3880

The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to…

CVSS: 5.0 CWE: CWE-264 View on NVD
High

CVE-2009-3879

Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vect…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2009-3729

Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-3728

Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attack…

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2009-11-05
Critical

CVE-2009-3878

Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote at…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2009-3876

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote at…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2009-3875

The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and…

CVSS: 5.0 CWE: CWE-310 View on NVD
Critical

CVE-2009-3874

Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2…

CVSS: 9.3 CWE: CWE-189 View on NVD
Critical

CVE-2009-3873

The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafte…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-3872

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2009-3871

Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 befor…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-3869

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-3868

Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-3867

Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and J…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-3866

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to exe…

CVSS: 9.3 CWE: CWE-264 View on NVD
Critical

CVE-2009-3865

The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a craft…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2009-3864

The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, d…

CVSS: 7.5 CWE: N/A View on NVD
2009-11-03
High

CVE-2009-3852

Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."

CVSS: 7.5 CWE: N/A View on NVD
2009-10-13
Medium

CVE-2009-2897

Multiple cross-site scripting (XSS) vulnerabilities in hq/web/common/GenericError.jsp in the generic exception handler in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x befo…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-10-07
Medium

CVE-2009-3579

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value par…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-09-09
Medium

CVE-2009-2205

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-09-04
Critical

CVE-2009-3068

Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp)…

CVSS: 9.3 CWE: CWE-264 View on NVD
2009-08-21
Medium

CVE-2009-2932

Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-08-13
Medium

CVE-2009-2090

Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Managem…

CVSS: 5.0 CWE: N/A View on NVD
2009-08-10
Critical

CVE-2009-2724

Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."

CVSS: 9.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2009-2723

Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262.

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2009-2722

Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorr…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2009-2721

Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003.

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2009-2720

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a den…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-2719

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2009-2718

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, whic…

CVSS: 6.8 CWE: CWE-264 View on NVD
Medium

CVE-2009-2717

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent a…

CVSS: 6.8 CWE: CWE-264 View on NVD
High

CVE-2009-2716

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certific…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information vi…

CVSS: 5.0 CWE: CWE-264 View on NVD
Critical

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent att…

CVSS: 10.0 CWE: CWE-264 View on NVD
Critical

CVE-2009-2476

The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass inten…

CVSS: 10.0 CWE: CWE-264 View on NVD
High

CVE-2009-2475

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared…

CVSS: 7.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2009-1896

The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed j…

CVSS: 10.0 CWE: CWE-264 View on NVD
2009-08-07
Medium

CVE-2009-2713

The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct cl…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2009-2712

Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by read…

CVSS: 2.1 CWE: CWE-264 View on NVD
2009-08-06
Medium

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote atta…

CVSS: 5.0 CWE: N/A View on NVD
2009-08-05
Medium

CVE-2009-2676

Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK…

CVSS: 6.8 CWE: N/A View on NVD
Critical

CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain pri…

CVSS: 10.0 CWE: CWE-264 View on NVD
High

CVE-2009-2674

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access res…

CVSS: 7.5 CWE: CWE-264 View on NVD
High

CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrust…

CVSS: 7.5 CWE: CWE-264 View on NVD
Medium

CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the a…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2009-2670

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted…

CVSS: 5.0 CWE: CWE-264 View on NVD
2009-07-27
High

CVE-2009-2597

The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request.

CVSS: 7.8 CWE: N/A View on NVD
2009-07-13
Medium

CVE-2009-2445

Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ONE Web Server) 6.1 before SP12, and 7.0 through Update 6, when running on Windows, allows remote attackers to read arbitrary JSP…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2009-07-01
Medium

CVE-2009-2283

Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbit…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Low

CVE-2009-2268

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web scr…

CVSS: 2.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-06-16
High

CVE-2009-1719

The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor wi…

CVSS: 7.5 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-06-12
High

CVE-2009-1837

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary cod…

CVSS: 7.5 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2009-06-10
Critical

CVE-2009-1712

WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via…

CVSS: 9.3 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2009-06-08
Medium

CVE-2008-6830

The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same…

CVSS: 4.0 CWE: N/A View on NVD
2009-06-05
Medium

CVE-2009-1934

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2009-0033

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of servic…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2009-06-02
Critical

CVE-2004-2764

Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read da…

CVSS: 10.0 CWE: CWE-264 View on NVD
2009-06-01
Critical

CVE-2003-1572

Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstr…

CVSS: 9.3 CWE: N/A View on NVD
2009-05-27
Critical

CVE-2009-1473

The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a sym…

CVSS: 10.0 CWE: CWE-310 View on NVD
Critical

CVE-2009-1472

The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-i…

CVSS: 10.0 CWE: CWE-310 View on NVD
2009-05-26
Medium

CVE-2009-1796

Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2009-1754

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sha…

CVSS: 4.3 CWE: CWE-287 - Improper Authentication View on NVD
2009-05-21
Medium

CVE-2009-1729

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abpe…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-05-18
Critical

CVE-2009-1672

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2009-1671

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-05-11
Medium

CVE-2009-1595

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified usernam…

CVSS: 4.0 CWE: CWE-287 - Improper Authentication View on NVD
2009-05-06
Medium

CVE-2009-1554

Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web scri…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2009-05-05
High

CVE-2009-1521

Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and t…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2008-4828

Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-04-27
Medium

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 throu…

CVSS: 5.0 CWE: CWE-399 View on NVD
2009-04-23
Medium

CVE-2009-1357

CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting att…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2009-04-17
Medium

CVE-2009-1332

The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial conte…

CVSS: 5.0 CWE: N/A View on NVD
2009-04-13
Medium

CVE-2009-0794

Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows rem…

CVSS: 5.0 CWE: CWE-189 View on NVD
2009-04-01
Medium

CVE-2009-1219

Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via mu…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2009-1218

Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attack…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2009-1211

Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java,…

CVSS: 5.8 CWE: CWE-16 View on NVD
2009-03-30
Critical

CVE-2007-6721

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vu…

CVSS: 10.0 CWE: N/A View on NVD
2009-03-25
Medium

CVE-2009-1107

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a si…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2009-1106

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass int…

CVSS: 6.4 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2009-1105

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE ver…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2009-1104

The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is l…

CVSS: 5.8 CWE: CWE-16 View on NVD