Vulnerabilities > SUN > JRE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-09 | CVE-2006-0615 | Unspecified vulnerability in SUN Jdk, JRE and SDK Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." | 4.0 |
| 2006-02-09 | CVE-2006-0614 | Unspecified vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | 6.4 |
| 2005-03-14 | CVE-2005-0471 | Remote Security vulnerability in SUN JDK and JRE Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. | 5.0 |
| 2004-12-31 | CVE-2004-2540 | Denial-Of-Service vulnerability in SUN JDK and JRE readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | 5.0 |
| 2004-12-31 | CVE-2004-1503 | Remote Denial Of Service vulnerability in Sun Java Runtime Environment InitialDirContext Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative. | 5.0 |
| 2004-08-06 | CVE-2004-0651 | Remote Denial Of Service vulnerability in Sun Java Runtime Environment Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang). | 5.0 |
| 2003-12-31 | CVE-2003-1301 | Denial Of Service vulnerability in Sun Java Runtime Environment Nested Array Objects Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses. | 5.0 |
| 2003-12-31 | CVE-2003-1156 | File Corruption vulnerability in SUN JDK and JRE Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | 4.6 |
| 2002-12-31 | CVE-2002-2072 | Unspecified vulnerability in SUN JRE 1.2.2/1.3.1 java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument. | 5.0 |
| 2002-03-15 | CVE-2002-0058 | Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. | 5.0 |