Filtered by vendor Sun
Subscribe
Total
1705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5343 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 9.0 HIGH | N/A |
| Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535. | |||||
| CVE-2008-5342 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668. | |||||
| CVE-2008-5341 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071. | |||||
| CVE-2008-5340 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081. | |||||
| CVE-2008-5339 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2008-5354 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | |||||
| CVE-2008-5352 | 1 Sun | 2 Jdk, Jre | 2017-09-28 | 9.3 HIGH | N/A |
| Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. | |||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
| CVE-2008-5358 | 1 Sun | 2 Jdk, Jre | 2017-09-28 | 9.3 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | |||||
| CVE-2008-5010 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 10.0 HIGH | N/A |
| in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805. | |||||
| CVE-2008-5356 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | |||||
| CVE-2008-4160 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation. | |||||
| CVE-2008-4131 | 1 Sun | 1 Solaris | 2017-09-28 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of tags with (1) the -t option and (2) the :tag command in the (a) vi, (b) ex, (c) vedit, (d) view, and (e) edit programs. | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2008-5684 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session). | |||||
| CVE-2008-3549 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in Sun Solaris 10 and OpenSolaris before snv_90 allows local users to cause a denial of service (system hang or panic) via unknown vectors. | |||||
| CVE-2008-3875 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-28 | 7.2 HIGH | N/A |
| The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted Extensions multi-level security policy, and establish a covert communication channel, via unspecified vectors involving system calls. | |||||
| CVE-2008-2089 | 1 Sun | 1 Solaris | 2017-09-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. | |||||
| CVE-2008-2090 | 1 Sun | 1 Solaris | 2017-09-28 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. | |||||