VYPR

JDK and JRE 6

by Sun Corporation

CVEs (10)

  • CVE-2008-5353Dec 5, 2008
    Sun Corporation
    Jdk
    risk 0.10cvss epss 0.90

    The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run…

  • CVE-2008-1188Mar 6, 2008
    Sun Corporation
    Jdk
    risk 0.03cvss epss 0.31

    Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset…

  • CVE-2008-5358Dec 5, 2008
    Sun Corporation
    Jdk
    risk 0.02cvss epss 0.26

    Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.

  • CVE-2008-3103Jul 9, 2008
    Sun Corporation
    Jdk
    risk 0.02cvss epss 0.22

    Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform…

  • CVE-2008-5355Dec 5, 2008
    Sun Corporation
    Jdk
    risk 0.01cvss epss 0.16

    The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to…

  • CVE-2008-5352Dec 5, 2008
    Sun Corporation
    Jdk
    risk 0.01cvss epss 0.09

    Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via…

  • CVE-2006-6745Dec 26, 2006
    Sun Corporation
    Jre
    risk 0.01cvss epss 0.15

    Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are…

  • CVE-2008-5360Dec 5, 2008
    Sun Corporation
    Jdk
    risk 0.00cvss epss 0.04

    Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write…

  • CVE-2008-5341Dec 5, 2008
    Sun Corporation
    Jdk
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors,…

  • CVE-2007-5237Oct 6, 2007
    Sun Corporation
    Jdk
    risk 0.00cvss epss 0.01

    Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulnerabilities."