Filtered by vendor Sun
Subscribe
Total
1705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1227 | 1 Sun | 1 Java System Communications Express | 2018-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc. | |||||
| CVE-2010-0886 | 2 Microsoft, Sun | 3 Windows, Jdk, Jre | 2018-10-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-0850 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-0843 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2010-0845 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-0837 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-0838 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM. | |||||
| CVE-2010-0453 | 1 Sun | 2 Opensolaris, Solaris | 2018-10-10 | 4.9 MEDIUM | N/A |
| The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision. | |||||
| CVE-2010-0092 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-0090 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 5.8 MEDIUM | N/A |
| Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors. | |||||
| CVE-2010-0094 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized. | |||||
| CVE-2009-4211 | 2 Disa, Sun | 2 Srr For Solaris, Solaris | 2018-10-10 | 9.3 HIGH | N/A |
| The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2009-2723 | 1 Sun | 1 Java Se | 2018-10-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262. | |||||
| CVE-2009-2722 | 1 Sun | 1 Java Se | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003. | |||||
| CVE-2009-2724 | 1 Sun | 1 Java Se | 2018-10-10 | 9.3 HIGH | N/A |
| Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." | |||||
| CVE-2009-2718 | 2 Sun, X.org | 2 Java Se, X11 | 2018-10-10 | 6.8 MEDIUM | N/A |
| The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | |||||
| CVE-2009-2719 | 1 Sun | 1 Java Se | 2018-10-10 | 5.0 MEDIUM | N/A |
| The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). | |||||
| CVE-2009-2720 | 1 Sun | 1 Java Se | 2018-10-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors. | |||||
| CVE-2009-2721 | 1 Sun | 1 Java Se | 2018-10-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003. | |||||
| CVE-2009-2675 | 1 Sun | 2 Jdk, Jre | 2018-10-10 | 10.0 HIGH | N/A |
| Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | |||||