Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sdk
(Sun)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 126 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-08-17 | CVE-2007-4381 | Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | Jdk, Jre, Sdk | N/A | ||
| 2007-07-20 | CVE-2007-3922 | Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet. | Jdk, Jre, Sdk | N/A | ||
| 2007-07-11 | CVE-2007-3698 | The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. | Jdk, Jre, Sdk | N/A | ||
| 2007-06-29 | CVE-2007-3504 | Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file. | Jdk, Jre, Sdk | N/A | ||
| 2007-05-02 | CVE-2007-2435 | Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, allows remote attackers to perform unauthorized actions via an application that grants privileges to itself, related to "Incorrect Use of System Classes" and probably related to support for JNLP files. | Java_enterprise_system, Jre, Sdk | N/A | ||
| 2007-01-17 | CVE-2007-0243 | Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | Jdk, Jre, Sdk | N/A | ||
| 2006-05-17 | CVE-2006-2426 | Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | Jdk, Jre, Sdk | N/A | ||
| 2006-02-09 | CVE-2006-0614 | Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | Jdk, Jre, Sdk | N/A | ||
| 2005-11-16 | CVE-2005-3583 | (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. | Jre, Sdk | N/A | ||
| 2005-05-02 | CVE-2005-1080 | Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file. | Sdk | N/A |