Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sdk
(Sun)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 126 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-05-17 | CVE-2006-2426 | Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | Jdk, Jre, Sdk | N/A | ||
| 2006-02-09 | CVE-2006-0614 | Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | Jdk, Jre, Sdk | N/A | ||
| 2005-11-16 | CVE-2005-3583 | (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. | Jre, Sdk | N/A | ||
| 2005-05-02 | CVE-2005-1080 | Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. | Sdk | N/A | ||
| 2005-05-02 | CVE-2005-0223 | The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. | Tru64, Rte, Sdk | N/A | ||
| 2009-06-02 | CVE-2004-2764 | Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." | Jre, Sdk | N/A | ||
| 2004-08-06 | CVE-2004-0651 | Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang). | Jre, Sdk | N/A | ||
| 2002-03-19 | CVE-2002-0076 | Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability. | Java_jre\-Jdk, Virtual_machine, Jdk, Jre, Sdk | N/A | ||
| 2002-03-15 | CVE-2002-0058 | Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. | Virtual_machine, Jdk, Jre, Sdk | N/A | ||
| 2001-12-31 | CVE-2001-1480 | Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. | Mac_os_runtime_for_java, Jdk, Jre, Sdk | N/A |