Sun Sdk vulnerabilities

CVE-2010-0084 [MEDIUM] CVE-2010-0084: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.

CVE-2010-0089 [MEDIUM] CVE-2010-0089: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java f Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.

CVE-2010-0082 [MEDIUM] CVE-2010-0082: Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVE-2010-0085 [MEDIUM] CVE-2010-0085: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.

CVE-2010-0088 [MEDIUM] CVE-2010-0088: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.

CVE-2010-0095 [MEDIUM] CVE-2010-0095: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for B Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.

CVE-2009-3869 [CRITICAL] CWE-119 CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argum

CVE-2009-3868 [CRITICAL] CWE-119 CVE-2009-3868: Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x b Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.

CVE-2009-3871 [CRITICAL] CWE-119 CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Jav Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted argu

CVE-2009-3867 [CRITICAL] CWE-119 CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

CVE-2009-3874 [CRITICAL] CWE-189 CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in J Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug

CVE-2009-3872 [CRITICAL] CVE-2009-3872: Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 2 Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.

CVE-2009-3873 [CRITICAL] CWE-119 CVE-2009-3873: The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Updat The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.

CVE-2009-3877 [MEDIUM] CWE-399 CVE-2009-3877: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before U Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, ak

CVE-2009-3875 [MEDIUM] CWE-310 CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5 The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors rel

CVE-2009-3876 [MEDIUM] CWE-399 CVE-2009-3876: Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before U Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser

CVE-2009-2676 [MEDIUM] CVE-2009-2676: Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old versi

CVE-2004-2764 [CRITICAL] CWE-264 CVE-2004-2764: Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."

CVE-2009-1094 [CRITICAL] CVE-2009-1094: Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runti Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.

CVE-2009-1098 [CRITICAL] CWE-119 CVE-2009-1098: Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 an Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.