apk package
chainguard/openjdk-25-openj9-default-jvm
pkg:apk/chainguard/openjdk-25-openj9-default-jvm
Vulnerabilities (326)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-1717 | — | < 0.59.0-r1 | 0.59.0-r1 | Jun 16, 2012 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on S | ||
| CVE-2012-1716 | — | < 0.59.0-r1 | 0.59.0-r1 | Jun 16, 2012 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to S | ||
| CVE-2012-0551 | — | < 0.59.0-r1 | 0.59.0-r1 | May 3, 2012 | Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect co | ||
| CVE-2011-3549 | — | < 0.59.0-r1 | 0.59.0-r1 | Oct 19, 2011 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, | ||
| CVE-2011-3548 | — | < 0.59.0-r1 | 0.59.0-r1 | Oct 19, 2011 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiali | ||
| CVE-2011-3545 | — | < 0.59.0-r1 | 0.59.0-r1 | Oct 19, 2011 | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and avail | ||
| CVE-2011-0814 | — | < 0.59.0-r1 | 0.59.0-r1 | Jun 14, 2011 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to S | ||
| CVE-2011-0802 | — | < 0.59.0-r1 | 0.59.0-r1 | Jun 14, 2011 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to S | ||
| CVE-2010-1423 | — | < 0.59.0-r1 | 0.59.0-r1 | Apr 15, 2010 | Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltj | ||
| CVE-2009-2675 | — | < 0.59.0-r1 | 0.59.0-r1 | Aug 5, 2009 | Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR f | ||
| CVE-2009-2673 | — | < 0.59.0-r1 | 0.59.0-r1 | Aug 5, 2009 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a de | ||
| CVE-2009-2672 | — | < 0.59.0-r1 | 0.59.0-r1 | Aug 5, 2009 | The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers | ||
| CVE-2009-2671 | — | < 0.59.0-r1 | 0.59.0-r1 | Aug 5, 2009 | The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via | ||
| CVE-2009-2670 | — | < 0.59.0-r1 | 0.59.0-r1 | Aug 5, 2009 | The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent atta | ||
| CVE-2009-1103 | — | < 0.59.0-r1 | 0.59.0-r1 | Mar 25, 2009 | Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code | ||
| CVE-2008-5358 | — | < 0.59.0-r1 | 0.59.0-r1 | Dec 5, 2008 | Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | ||
| CVE-2008-5356 | — | < 0.59.0-r1 | 0.59.0-r1 | Dec 5, 2008 | Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | ||
| CVE-2008-5355 | — | < 0.59.0-r1 | 0.59.0-r1 | Dec 5, 2008 | The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to exec | ||
| CVE-2008-5354 | — | < 0.59.0-r1 | 0.59.0-r1 | Dec 5, 2008 | Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code | ||
| CVE-2008-5353 | — | < 0.59.0-r1 | 0.59.0-r1 | Dec 5, 2008 | The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted |
- CVE-2012-1717Jun 16, 2012affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on S
- CVE-2012-1716Jun 16, 2012affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to S
- CVE-2012-0551May 3, 2012affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect co
- CVE-2011-3549Oct 19, 2011affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality,
- CVE-2011-3548Oct 19, 2011affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiali
- CVE-2011-3545Oct 19, 2011affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and avail
- CVE-2011-0814Jun 14, 2011affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to S
- CVE-2011-0802Jun 14, 2011affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to S
- CVE-2010-1423Apr 15, 2010affected < 0.59.0-r1fixed 0.59.0-r1
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltj
- CVE-2009-2675Aug 5, 2009affected < 0.59.0-r1fixed 0.59.0-r1
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR f
- CVE-2009-2673Aug 5, 2009affected < 0.59.0-r1fixed 0.59.0-r1
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a de
- CVE-2009-2672Aug 5, 2009affected < 0.59.0-r1fixed 0.59.0-r1
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers
- CVE-2009-2671Aug 5, 2009affected < 0.59.0-r1fixed 0.59.0-r1
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via
- CVE-2009-2670Aug 5, 2009affected < 0.59.0-r1fixed 0.59.0-r1
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent atta
- CVE-2009-1103Mar 25, 2009affected < 0.59.0-r1fixed 0.59.0-r1
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code
- CVE-2008-5358Dec 5, 2008affected < 0.59.0-r1fixed 0.59.0-r1
Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
- CVE-2008-5356Dec 5, 2008affected < 0.59.0-r1fixed 0.59.0-r1
Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
- CVE-2008-5355Dec 5, 2008affected < 0.59.0-r1fixed 0.59.0-r1
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to exec
- CVE-2008-5354Dec 5, 2008affected < 0.59.0-r1fixed 0.59.0-r1
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code
- CVE-2008-5353Dec 5, 2008affected < 0.59.0-r1fixed 0.59.0-r1
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted
Page 15 of 17