Total
400 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-5237 | 1 Sun | 2 Jdk, Jre | 2017-09-28 | 7.1 HIGH | N/A |
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities." | |||||
CVE-2010-3560 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 2.6 LOW | N/A |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. | |||||
CVE-2010-3552 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 10.0 HIGH | N/A |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2010-3563 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions. | |||||
CVE-2010-3558 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2010-3570 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 7.6 HIGH | N/A |
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
CVE-2010-4422 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 7.6 HIGH | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
CVE-2010-3555 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 9.3 HIGH | N/A |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code. | |||||
CVE-2009-3866 | 1 Sun | 2 Jdk, Jre | 2017-09-18 | 9.3 HIGH | N/A |
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | |||||
CVE-2009-2030 | 2 Ibm, Sun | 2 Os\/400, Jdk | 2017-08-16 | 10.0 HIGH | N/A |
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | |||||
CVE-2006-6009 | 1 Sun | 2 Jdk, Jre | 2017-07-19 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. | |||||
CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2017-07-19 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | |||||
CVE-2006-0617 | 1 Sun | 2 Jdk, Jre | 2017-07-19 | 4.0 MEDIUM | N/A |
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." | |||||
CVE-2005-0471 | 1 Sun | 2 Jdk, Jre | 2017-07-10 | 5.0 MEDIUM | N/A |
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. | |||||
CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2017-07-10 | 5.0 MEDIUM | N/A |
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | |||||
CVE-2001-1480 | 2 Apple, Sun | 4 Mac Os Runtime For Java, Jdk, Jre and 1 more | 2017-07-10 | 7.5 HIGH | N/A |
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. | |||||
CVE-2003-1123 | 1 Sun | 2 Jdk, Jre | 2017-07-10 | 7.5 HIGH | N/A |
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model. | |||||
CVE-2003-1156 | 1 Sun | 2 Jdk, Jre | 2017-07-10 | 4.6 MEDIUM | N/A |
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | |||||
CVE-2010-0079 | 2 Oracle, Sun | 3 Bea Product Suite, Jdk, Jre | 2012-10-22 | 10.0 HIGH | N/A |
Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. | |||||
CVE-2009-1006 | 2 Oracle, Sun | 4 Jrockit, Jdk, Jre and 1 more | 2012-10-22 | 10.0 HIGH | N/A |
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |