Search Results (Refine Search)
- CPE Product Version: cpe:/a:sun:jre:1.4.2_37
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-1101 |
Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak." Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1100 |
Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886. Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1098 |
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-1097 |
Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997. Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-1096 |
Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-1095 |
Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-1094 |
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-1093 |
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). Published: March 25, 2009; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-5358 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-5356 |
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-5355 |
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-5354 |
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-5353 |
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-5352 |
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-5351 |
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-5350 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-5349 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-5348 |
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2008-5347 |
Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-5344 |
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217. Published: December 05, 2008; 6:30:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |