Vulnerabilities > SUN > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-10 | CVE-2009-2476 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | 10.0 |
2009-08-10 | CVE-2009-1896 | Permissions, Privileges, and Access Controls vulnerability in SUN Openjdk The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. | 10.0 |
2009-08-05 | CVE-2009-2675 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | 10.0 |
2009-07-02 | CVE-2009-2296 | Unspecified vulnerability in SUN Opensolaris and Solaris The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors. | 10.0 |
2009-06-11 | CVE-2009-2030 | Security vulnerability in IBM OS/400 JVA-RUN JDK6.0 XML Digital Signature Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." | 10.0 |
2009-06-02 | CVE-2004-2764 | Permissions, Privileges, and Access Controls vulnerability in SUN JRE and SDK Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." | 10.0 |
2009-06-01 | CVE-2003-1573 | SQL Injection vulnerability in SUN J2Ee 1.4 The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages." | 10.0 |
2009-06-01 | CVE-2003-1572 | Unspecified vulnerability in SUN JMF Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields. | 9.3 |
2009-05-26 | CVE-2008-3870 | Numeric Errors vulnerability in SUN Solaris 8.0/9.0 Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | 10.0 |
2009-05-26 | CVE-2008-3869 | Buffer Errors vulnerability in SUN Solaris 8.0/9.0 Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. | 10.0 |