Sun Openjdk vulnerabilities

5 known vulnerabilities affecting sun/openjdk.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2009-1896CRITICALCVSS 10.0≤ 1.6.0.02009-08-10
CVE-2009-1896 [CRITICAL] CWE-264 CVE-2009-1896: The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and befo The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted applicatio
nvd
CVE-2009-0794MEDIUMCVSS 5.0v1.6.0.02009-04-13
CVE-2009-0794 [MEDIUM] CWE-189 CVE-2009-0794: Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/Pul Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line.
nvd
CVE-2009-0793MEDIUMCVSS 4.3v62009-04-09
CVE-2009-0793 [MEDIUM] CWE-20 CVE-2009-0793: cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows re cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
nvd
CVE-2009-0733CRITICALCVSS 9.3≤ 72009-03-23
CVE-2009-0733 [CRITICAL] CWE-787 CVE-2009-0733: Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or libl Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the Re
nvd
CVE-2009-0723CRITICALCVSS 9.3≤ 72009-03-23
CVE-2009-0723 [CRITICAL] CWE-190 CVE-2009-0723: Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3 Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
nvd