Sun Jdk vulnerabilities

392 known vulnerabilities affecting sun/jdk.

Total CVEs

392

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL151HIGH70MEDIUM149LOW20

Vulnerabilities

Page 14 of 20

CVE-2010-0845MEDIUMCVSS 5.1≤ 1.6.0v1.6.0+2 more2010-04-01

CVE-2010-0845 [MEDIUM] CVE-2010-0845: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

nvd

CVE-2010-0084MEDIUMCVSS 5.0≤ 1.6.0v1.6.0+2 more2010-04-01

CVE-2010-0084 [MEDIUM] CVE-2010-0084: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.

nvd

CVE-2010-0089MEDIUMCVSS 5.0≤ 1.6.0v1.6.0+2 more2010-04-01

CVE-2010-0089 [MEDIUM] CVE-2010-0089: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java f Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.

nvd

CVE-2010-0092MEDIUMCVSS 5.1≤ 1.6.0v1.6.0+2 more2010-04-01

CVE-2010-0092 [MEDIUM] CVE-2010-0092: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

nvd

CVE-2010-0082MEDIUMCVSS 5.1≤ 1.6.0v1.6.0+37 more2010-04-01

CVE-2010-0082 [MEDIUM] CVE-2010-0082: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

nvd

CVE-2010-0085MEDIUMCVSS 5.1≤ 1.6.0v1.6.0+37 more2010-04-01

CVE-2010-0085 [MEDIUM] CVE-2010-0085: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.

nvd

CVE-2010-0088MEDIUMCVSS 6.8≤ 1.6.0v1.6.0+37 more2010-04-01

CVE-2010-0088 [MEDIUM] CVE-2010-0088: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.

nvd

CVE-2010-0090MEDIUMCVSS 5.8≤ 1.6.0v1.6.02010-04-01

CVE-2010-0090 [MEDIUM] CVE-2010-0090: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java f Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.

nvd

CVE-2010-0095MEDIUMCVSS 6.8≤ 1.6.0v1.6.0+2 more2010-04-01

CVE-2010-0095 [MEDIUM] CVE-2010-0095: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.

nvd

CVE-2009-3882HIGHCVSS 7.5≤ 1.5.0v1.5.0+2 more2009-11-09

CVE-2009-3882 [HIGH] CWE-200 CVE-2009-3882: Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.

nvd

CVE-2009-3883HIGHCVSS 7.5≤ 1.5.0v1.5.0+2 more2009-11-09

CVE-2009-3883 [HIGH] CWE-200 CVE-2009-3883: Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Sw Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138.

nvd

CVE-2009-3869CRITICALCVSS 9.3PoCv1.5.0v1.6.02009-11-05

CVE-2009-3869 [CRITICAL] CWE-119 CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argum

nvd

CVE-2009-3868CRITICALCVSS 9.3v1.5.0v1.6.02009-11-05

CVE-2009-3868 [CRITICAL] CWE-119 CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x b Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.

nvd

CVE-2009-3871CRITICALCVSS 9.3v1.5.0v1.6.02009-11-05

CVE-2009-3871 [CRITICAL] CWE-119 CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Jav Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted argu

nvd

CVE-2009-3866CRITICALCVSS 9.3v1.6.02009-11-05

CVE-2009-3866 [CRITICAL] CWE-264 CVE-2009-3866: The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

nvd

CVE-2009-3867CRITICALCVSS 9.3PoCv1.5.0v1.6.02009-11-05

CVE-2009-3867 [CRITICAL] CWE-119 CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

nvd

CVE-2009-3874CRITICALCVSS 9.3v1.5.0v1.6.02009-11-05

CVE-2009-3874 [CRITICAL] CWE-189 CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in J Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug

nvd

CVE-2009-3872CRITICALCVSS 9.3v1.5.0v1.6.02009-11-05

CVE-2009-3872 [CRITICAL] CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 2 Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

nvd

CVE-2009-3865CRITICALCVSS 9.3v1.6.02009-11-05

CVE-2009-3865 [CRITICAL] CWE-94 CVE-2009-3865: The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.

nvd

CVE-2009-3873CRITICALCVSS 9.3v1.5.0v1.6.02009-11-05

CVE-2009-3873 [CRITICAL] CWE-119 CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Updat The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.

nvd

← Previous14 / 20Next →