Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| sun | sunos | 5.4 |
| hp | hp-ux | 10.03 |
| ibm | aix | 4.1.2 |
| sun | sunos | 5.0 |
| ibm | aix | 4.1.5 |
| sun | solaris | 2.6 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| sgi | irix | 6.0 |
| sgi | irix | 6.1 |
| ibm | aix | 4.1.4 |
| ibm | aix | 4.2.1 |
| sun | sunos | - |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.3 |
| ibm | aix | 4.2 |
| sgi | irix | 6.2 |
| ibm | aix | 4.1 |
| hp | hp-ux | 10.02 |
| ibm | aix | 4.3 |
| sun | sunos | 5.2 |
| hp | hp-ux | 11.00 |
| sgi | irix | 6.3 |
| tritreal | ted_cde | 4.3 |
| sun | sunos | 5.1 |
| ibm | aix | 4.1.3 |
| sun | sunos | 5.5.1 |
| sgi | irix | 5.2 |
Buffer overflow in NIS+, in Sun's rpc.nisd program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| hp | hp-ux | 10.34 |
| sun | sunos | 5.3 |
| hp | hp-ux | 11.00 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 3.3.1 |
| sgi | irix | 5.3 |
| sco | open_desktop | 5.0 |
| sgi | irix | 5.1.1 |
| bsdi | bsd_os | 2.0.1 |
| ibm | aix | 4.1.2 |
| sco | unixware | 2.1 |
| sgi | irix | 4.0.5h |
| sun | solaris | 2.6 |
| redhat | linux | 5.0 |
| sgi | irix | 6.1 |
| bsdi | bsd_os | 2.1 |
| data_general | dg_ux | 5.4_3.1 |
| sgi | irix | 4.0.1t |
| ibm | aix | 4.1.1 |
| netbsd | netbsd | 1.2.1 |
| sun | sunos | 5.3 |
| sgi | irix | 6.2 |
| sgi | irix | 4.0.2 |
| sgi | irix | 4.0.5d |
| ibm | aix | 4.1 |
| sgi | irix | 4.0.1 |
| sgi | irix | 4.0.4 |
| sgi | irix | 4.0 |
| sco | unixware | 7.0 |
| sco | open_desktop | 3.0 |
| data_general | dg_ux | 5.4_4.1 |
| sgi | irix | 4.0.4b |
| sgi | irix | 4.0.5g |
| caldera | openlinux | 1.0 |
| sgi | irix | 4.0.5f |
| sgi | irix | 5.1 |
| sgi | irix | 4.0.5a |
| data_general | dg_ux | 5.4_4.11 |
| netbsd | netbsd | 1.0 |
| sgi | irix | 3.3.3 |
| sun | sunos | 5.5.1 |
| sgi | irix | 4.0.5e |
| sgi | irix | 5.2 |
| netbsd | netbsd | 1.3.1 |
| sun | sunos | 5.4 |
| isc | bind | 4.9.6 |
| sgi | irix | 3.2 |
| sun | solaris | 2.5.1 |
| redhat | linux | 4.1 |
| ibm | aix | 4.1.5 |
| sgi | irix | 4.0.5_ipr |
| isc | bind | 8.1 |
| sun | sunos | 5.5 |
| sgi | irix | 6.0 |
| ibm | aix | 4.1.4 |
| sun | solaris | 2.5 |
| ibm | aix | 4.2.1 |
| sun | sunos | - |
| sgi | irix | 5.0 |
| ibm | aix | 4.2 |
| sgi | irix | 4.0.4t |
| redhat | linux | 4.0 |
| isc | bind | 8.1.1 |
| bsdi | bsd_os | 2.0 |
| sgi | irix | 4.0.5 |
| netbsd | netbsd | 1.2 |
| sgi | irix | 5.0.1 |
| netbsd | netbsd | 1.1 |
| nec | asl_ux_4800 | 64 |
| data_general | dg_ux | 5.4_3.0 |
| sgi | irix | 4.0.3 |
| sgi | irix | 4.0.5_iop |
| netbsd | netbsd | 1.3 |
| ibm | aix | 4.3 |
| sgi | irix | 3.3.2 |
| redhat | linux | 4.2 |
| sgi | irix | 6.3 |
| ibm | aix | 4.1.3 |
| sgi | irix | 3.3 |
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nec | asl_ux_4800 | 13 |
| netbsd | netbsd | 1.3.1 |
| sun | sunos | 5.4 |
| data_general | dg_ux | y2k_patchr4.12mu03 |
| sco | unixware | 2.1 |
| data_general | dg_ux | y2k_patchr4.20mu01 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| redhat | linux | 5.0 |
| nec | asl_ux_4800 | 11 |
| sun | sunos | 5.3 |
| data_general | dg_ux | y2k_patchr4.11mu05 |
| ibm | aix | 4.2 |
| data_general | dg_ux | y2k_patchr4.20mu03 |
| sun | sunos | 5.6 |
| ibm | aix | 4.1 |
| sco | unixware | 7.0 |
| isc | bind | 4.9 |
| sco | open_desktop | 3.0 |
| isc | bind | 8 |
| sco | unix | 3.2v4 |
| data_general | dg_ux | y2k_patchr4.20mu02 |
| netbsd | netbsd | 1.3 |
| ibm | aix | 4.3 |
| redhat | linux | 4.2 |
| sun | sunos | 5.5.1 |
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-1067,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nec | asl_ux_4800 | 13 |
| netbsd | netbsd | 1.3.1 |
| sun | sunos | 5.4 |
| data_general | dg_ux | y2k_patchr4.12mu03 |
| sco | unixware | 2.1 |
| data_general | dg_ux | y2k_patchr4.20mu01 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| redhat | linux | 5.0 |
| nec | asl_ux_4800 | 11 |
| sun | sunos | 5.3 |
| data_general | dg_ux | y2k_patchr4.11mu05 |
| ibm | aix | 4.2 |
| data_general | dg_ux | y2k_patchr4.20mu03 |
| sun | sunos | 5.6 |
| ibm | aix | 4.1 |
| sco | unixware | 7.0 |
| isc | bind | 4.9 |
| sco | open_desktop | 3.0 |
| isc | bind | 8 |
| sco | unix | 3.2v4 |
| data_general | dg_ux | y2k_patchr4.20mu02 |
| netbsd | netbsd | 1.3 |
| ibm | aix | 4.3 |
| redhat | linux | 4.2 |
| sun | sunos | 5.5.1 |
Teardrop IP denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_nt | 3.5.1 |
| microsoft | windows_95 | 0.0a |
| hp | hp-ux | 10.24 |
| microsoft | windows_nt | 4.0 |
| hp | hp-ux | 10.20 |
| netbsd | netbsd | 1.2 |
| hp | hp-ux | 10 |
| sun | sunos | 4.1.4 |
| hp | hp-ux | 9.04 |
| netbsd | netbsd | 1.1 |
| hp | hp-ux | 10.01 |
| hp | hp-ux | 10.16 |
| sun | sunos | 4.1.3u1 |
| hp | hp-ux | 9.00 |
| netbsd | netbsd | 1.2.1 |
| hp | hp-ux | 9.07 |
| hp | hp-ux | 9.05 |
| hp | hp-ux | 11.00 |
| hp | hp-ux | 9.01 |
| netbsd | netbsd | 1.0 |
| hp | hp-ux | 9.03 |
| hp | hp-ux | 10.30 |
Land IP denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | winsock | 2.0 |
| hp | hp-ux | 10.24 |
| microsoft | windows_nt | 4.0 |
| hp | hp-ux | 10.10 |
| microsoft | windows_95 | * |
| hp | hp-ux | 10.20 |
| sun | sunos | 4.1.4 |
| hp | hp-ux | 9.04 |
| netbsd | netbsd | 1.1 |
| hp | hp-ux | 10.01 |
| hp | hp-ux | 10.16 |
| hp | hp-ux | 10.00 |
| gnu | inet | 5.01 |
| sun | sunos | 4.1.3u1 |
| hp | hp-ux | 9.00 |
| hp | hp-ux | 9.07 |
| hp | hp-ux | 9.05 |
| hp | hp-ux | 11.00 |
| hp | hp-ux | 9.01 |
| netbsd | netbsd | 1.0 |
| hp | hp-ux | 9.03 |
| hp | hp-ux | 10.30 |
| cisco | ios | 7000 |
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| caldera | openlinux | 1.2 |
| freebsd | freebsd | 1.0 |
| sco | unixware | 2.1 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3u1 |
| netbsd | netbsd | 1.2.1 |
| sun | sunos | 5.3 |
| ibm | aix | 4.2 |
| freebsd | freebsd | 2.1.0 |
| ibm | aix | 3.2 |
| washington_university | wu-ftpd | 2.4 |
| gnu | inet | 6.02 |
| ibm | aix | 4.1 |
| netbsd | netbsd | 1.2 |
| sun | sunos | 4.1.4 |
| netbsd | netbsd | 1.1 |
| freebsd | freebsd | 1.2 |
| sco | open_desktop | 3.0 |
| freebsd | freebsd | 2.0 |
| gnu | inet | 5.01 |
| siemens | reliant_unix | * |
| freebsd | freebsd | 2.1.7 |
| ibm | aix | 4.3 |
| gnu | inet | 6.01 |
| netbsd | netbsd | 1.0 |
| sun | sunos | 5.5.1 |
| freebsd | freebsd | 1.1 |
| sco | openserver | 5.0.4 |
Buffer overflow in statd allows root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| ibm | aix | 3.2 |
| sgi | irix | 5.1.1 |
| sun | sunos | 5.4 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.1 |
| sgi | irix | 5.0.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5 |
| sun | solaris | 2.5 |
| sgi | irix | 5.0 |
| sgi | irix | 5.1 |
| sun | sunos | 5.5.1 |
| sgi | irix | 5.2 |
Delete or create a file via rpc.statd, due to invalid information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | aix | 3.2 |
| sun | sunos | 5.4 |
| data_general | dg_ux | 4.11 |
| ibm | aix | 4.1 |
| nighthawk | powerux | * |
| sun | sunos | 4.1.4 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sun | sunos | 4.1.3 |
| sco | open_desktop | 2 |
| sgi | irix | 6.1 |
| sco | unixware | 2 |
| sun | sunos | 5.3 |
| sco | openserver | 3.0 |
| ncr | mp-ras | 2.03 |
| nighthawk | cx_ux | * |
| sco | open_desktop | 3 |
| ncr | mp-ras | 3.0 |
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| sgi | irix | 5.1.1 |
| sun | sunos | 5.4 |
| ibm | aix | 4.1.2 |
| sun | sunos | 5.0 |
| ibm | aix | 4.1.5 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| bsdi | bsd_os | 1.1 |
| sgi | irix | 6.0 |
| sun | solaris | 4.1.3 |
| sgi | irix | 6.1 |
| ibm | aix | 4.1.4 |
| sun | sunos | 4.1.3u1 |
| ibm | aix | 4.1.1 |
| freebsd | freebsd | 2.0.5 |
| sun | sunos | 5.3 |
| sgi | irix | 5.0 |
| ibm | aix | 3.2.4 |
| ibm | aix | 4.2 |
| freebsd | freebsd | 2.1.0 |
| sgi | irix | 6.2 |
| ibm | aix | 3.2 |
| ibm | aix | 4.1 |
| sgi | irix | 5.0.1 |
| ibm | aix | 3.1 |
| freebsd | freebsd | 2.0 |
| hp | hp-ux | 10.00 |
| sgi | irix | 6.0.1 |
| sgi | irix | 5.1 |
| sun | sunos | 5.2 |
| sgi | irix | 6.3 |
| ibm | aix | 3.2.5 |
| sun | sunos | 5.1 |
| ibm | aix | 4.1.3 |
| sgi | irix | 5.2 |
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sco | unixware | 2.1 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sun | sunos | 4.1.3 |
| sun | sunos | 4.1.3u1 |
| inet | inet | 6.01 |
| sco | tcp_ip | 1.2.0 |
| sun | sunos | - |
| freebsd | freebsd | 2.0.5 |
| sun | sunos | 5.3 |
| ibm | aix | 4.2 |
| sco | tcp_ip | 1.2.1 |
| freebsd | freebsd | 2.1.0 |
| sco | open_desktop | 2.0 |
| sco | unixware | 2.0 |
| sco | openserver | 5.0.2 |
| ibm | aix | 3.2 |
| freebsd | freebsd | 2.2 |
| sco | internet_faststart | 1.0 |
| sco | openserver | 2.0 |
| ibm | aix | 4.1 |
| inet | inet | 5.01 |
| sun | sunos | 4.1.4 |
| sco | open_desktop | 3.0 |
| freebsd | freebsd | 2.0 |
| bsdi | bsd_os | * |
| sun | sunos | 5.5.1 |
DNS cache poisoning via BIND, by predictable query IDs.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| nec | ews-ux_v | 4.2mp |
| sun | solaris | 2.5.1 |
| isc | bind | 4.9.5 |
| ibm | aix | 4.1 |
| sco | unixware | 2.1 |
| bsdi | bsd_os | 3.0 |
| sun | solaris | 2.4 |
| nec | ews-ux_v | 4.2 |
| sun | solaris | 2.6 |
| nec | asl_ux_4800 | 64 |
| isc | bind | 8.1 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sco | open_desktop | 3.0 |
| nec | up-ux_v | 4.2mp |
| bsdi | bsd_os | 2.1 |
| sun | solaris | 2.5 |
| sco | unix | 3.2v4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| ibm | aix | 4.2 |
| sun | sunos | 5.5.1 |
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.2 |
| sgi | irix | 6.4 |
| sgi | irix | 5.1.1 |
| sun | sunos | 4.1.4 |
| sgi | irix | 5.0.1 |
| next | nextstep | 4.0 |
| sgi | irix | 6.0 |
| freebsd | freebsd | 2.0 |
| sgi | irix | 6.1 |
| sun | sunos | 4.1.3u1 |
| bsdi | bsd_os | 2.1 |
| next | nextstep | 4.1 |
| sgi | irix | 6.0.1 |
| freebsd | freebsd | 2.0.5 |
| freebsd | freebsd | 2.1.5 |
| sgi | irix | 5.0 |
| sgi | irix | 5.1 |
| sgi | irix | 6.3 |
| freebsd | freebsd | 2.1.0 |
| sgi | irix | 5.2 |
Command execution in Sun systems via buffer overflow in the at program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sgi | irix | * |
| sco | unixware | 2.1 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sco | open_desktop | 3.0 |
| ibm | aix | * |
| sco | unixware | 3.2v4 |
| sun | sunos | 5.3 |
| sco | openserver | 3.0 |
| sun | sunos | 5.5.1 |
| ncr | mp-ras | 3.0 |
Buffer overflow in xlock program allows local users to execute commands as root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| sgi | irix | 5.1.1 |
| sun | sunos | 5.4 |
| hp | hp-ux | 10.24 |
| sun | solaris | 2.5.1 |
| hp | hp-ux | 10.20 |
| data_general | dg_ux | 1.0 |
| hp | hp-ux | 10.08 |
| data_general | dg_ux | 2.0 |
| data_general | dg_ux | 7.0 |
| debian | debian_linux | 0.93 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| sgi | irix | 6.0 |
| sgi | irix | 6.1 |
| bsdi | bsd_os | 2.1 |
| sun | solaris | 2.5 |
| hp | hp-ux | 10.34 |
| sun | sunos | 5.3 |
| sgi | irix | 5.0 |
| ibm | aix | 4.2 |
| data_general | dg_ux | 4.0 |
| hp | hp-ux | 10.30 |
| debian | debian_linux | 1.2 |
| ibm | aix | 3.2 |
| debian | debian_linux | 1.3 |
| hp | hp-ux | 10.10 |
| debian | debian_linux | 1.1 |
| data_general | dg_ux | 5.0 |
| ibm | aix | 4.1 |
| sgi | irix | 5.0.1 |
| sun | solaris | 2.4 |
| hp | hp-ux | 10.16 |
| hp | hp-ux | 10.00 |
| sgi | irix | 6.0.1 |
| data_general | dg_ux | 6.0 |
| sgi | irix | 5.1 |
| sgi | irix | 6.3 |
| sun | sunos | 5.5.1 |
| data_general | dg_ux | 3.0 |
| sgi | irix | 5.2 |
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| sun | sunos | 5.4 |
| bsdi | bsd_os | 2.0.1 |
| hp | hp-ux | 10.24 |
| sun | solaris | 2.5.1 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 10.08 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| sgi | irix | 6.0 |
| freebsd | freebsd | 1.1.5.1 |
| sgi | irix | 6.1 |
| sun | sunos | 4.1.3u1 |
| nec | up-ux_v | 4.2mp |
| bsdi | bsd_os | 2.1 |
| sun | solaris | 2.5 |
| hp | hp-ux | 9.00 |
| hp | hp-ux | 10.34 |
| sun | sunos | 5.3 |
| sgi | irix | 5.0 |
| ibm | aix | 4.2 |
| hp | hp-ux | 10.30 |
| hp | hp-ux | 9.10 |
| sgi | irix | 6.2 |
| ibm | aix | 3.2 |
| bsdi | bsd_os | 2.0 |
| nec | ews-ux_v | 4.2mp |
| hp | hp-ux | 10.10 |
| hp | hp-ux | 10.09 |
| ibm | aix | 4.1 |
| sgi | irix | 4.0 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| nec | ews-ux_v | 4.2 |
| nec | asl_ux_4800 | 64 |
| hp | hp-ux | 10.16 |
| freebsd | freebsd | 2.0 |
| hp | hp-ux | 10.00 |
| hp | hp-ux | 9.01 |
| sgi | irix | 6.3 |
| sun | sunos | 5.5.1 |
Buffer overflow of rlogin program using TERM environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| bsdi | bsd_os | 2.0.1 |
| hp | hp-ux | 10.24 |
| oracle | solaris | 2.6 |
| ibm | aix | 4.1.2 |
| hp | hp-ux | 10.20 |
| data_general | dg_ux | 1.0 |
| hp | hp-ux | 10.08 |
| data_general | dg_ux | 2.0 |
| debian | debian_linux | 0.93 |
| digital | unix | 3.2g |
| next | nextstep | 2.0 |
| bsdi | bsd_os | 2.1 |
| oracle | solaris | - |
| digital | ultrix | 4.2 |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.3 |
| digital | ultrix | 4.5 |
| next | nextstep | 3.2 |
| next | nextstep | 2.1 |
| digital | ultrix | 4.3 |
| next | nextstep | 1.0 |
| digital | ultrix | 4.4 |
| digital | ultrix | 4.3a |
| digital | unix | 4.0b |
| ibm | aix | 4.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| hp | hp-ux | 10.16 |
| freebsd | freebsd | 2.1.5 |
| digital | ultrix | 4.1 |
| next | nextstep | 3.3 |
| netbsd | netbsd | 1.0 |
| sun | sunos | 5.5.1 |
| digital | ultrix | - |
| sun | sunos | 5.4 |
| oracle | solaris | 8 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.1.5 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| bsdi | bsd_os | 1.1 |
| freebsd | freebsd | 1.1.5.1 |
| ibm | aix | 4.1.4 |
| digital | ultrix | 3.0 |
| sun | sunos | 4.1.3u1 |
| oracle | solaris | 7.0 |
| sun | solaris | 2.5 |
| next | nextstep | 3.1 |
| hp | hp-ux | 10.34 |
| freebsd | freebsd | 2.0.5 |
| data_general | dg_ux | 4.0 |
| freebsd | freebsd | 2.1.0 |
| hp | hp-ux | 10.30 |
| ibm | aix | 3.2 |
| bsdi | bsd_os | 2.0 |
| hp | hp-ux | 10.10 |
| hp | hp-ux | 10.09 |
| next | nextstep | - |
| next | nextstep | 4.0 |
| netbsd | netbsd | 1.1 |
| next | nextstep | 3.0 |
| freebsd | freebsd | 2.0 |
| digital | ultrix | 2.2 |
| hp | hp-ux | 10.00 |
| digital | unix | 4.0 |
| next | nextstep | 1.0a |
| digital | unix | 4.0a |
| digital | ultrix | 4.0 |
| ibm | aix | 4.1.3 |
| data_general | dg_ux | 3.0 |
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| sgi | irix | 5.1.1 |
| sgi | irix | 4.0.5h |
| sun | sunos | 4.1.1 |
| sgi | irix | 6.1 |
| sgi | irix | 4.0.1t |
| globetrotter | flexlm | 4.0 |
| sgi | license_oeo | 3.1.1 |
| sgi | irix | 6.2 |
| sgi | irix | 4.0.2 |
| sgi | license_oeo | 3.0 |
| sgi | irix | 4.0.5d |
| sgi | irix | 4.0.1 |
| sgi | irix | 4.0.4 |
| sgi | irix | 4.0 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sgi | license_oeo | 3.1 |
| sgi | irix | 4.0.4b |
| sgi | irix | 4.0.5g |
| sgi | irix | 4.0.5f |
| sgi | irix | 5.1 |
| sgi | irix | 4.0.5a |
| sgi | irix | 3.3.3 |
| sun | sunos | 5.5.1 |
| sgi | irix | 4.0.5e |
| sgi | irix | 5.2 |
| sun | sunos | 5.4 |
| sun | solaris | 2.5.1 |
| sun | sunos | 4.1.4jl |
| sgi | irix | 4.0.5_ipr |
| sun | sunos | 4.1.2 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| sgi | irix | 6.0 |
| sun | sunos | 4.1.3u1 |
| sun | solaris | 2.5 |
| sgi | irix | 5.0 |
| sgi | irix | 4.0.4t |
| globetrotter | flexlm | 5.0 |
| sgi | irix | 4.0.5 |
| sgi | irix | 5.0.1 |
| globetrotter | flexlm | 4.1 |
| sgi | irix | 4.0.3 |
| sgi | irix | 4.0.5_iop |
| sgi | irix | 6.0.1 |
| sgi | irix | 3.3.2 |
| sgi | irix | 6.3 |
Sun's ftpd daemon can be subjected to a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflows in Sun libnsl allow root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.3.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5 |
| sun | solaris | 2.5 |
| ibm | aix | 4.2.1 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| ibm | aix | 4.3 |
| sun | sunos | 5.2 |
| ibm | aix | 4.2 |
| sun | sunos | 5.5.1 |
| ibm | aix | 4.3.2 |
Buffer overflow in Sun's ping program can give root access to local users.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | sunos | * |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Vacation program allows command execution by remote users through a sendmail command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | aix | * |
| hp | hp-ux | 10.00 |
| sun | solaris | * |
| freebsd | freebsd | 6.2 |
| hp | hp-ux | 10.24 |
| eric_allman | vacation | * |
| sun | sunos | * |
| hp | hp-ux | 9 |
| hp | hp-ux | 10.09 |
| hp | vvos | * |
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Solaris ufsrestore buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| freebsd | freebsd | 6.2 |
| next | nextstep | * |
| ibm | aix | 3.2 |
| hp | hp-ux | * |
| sun | sunos | 5.4 |
| sco | openserver | 5 |
| ncr | mp-ras | 3.01 |
| ibm | aix | 4.1 |
| nec | up-ux_v | * |
| sco | unixware | 2.1 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1 |
| ncr | mp-ras | 2.03 |
| ibm | aix | 4.2 |
| bsdi | bsd_os | * |
| ncr | mp-ras | 3.0 |
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | nfs | * |
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| hp | hp-ux | 10.24 |
| ibm | aix | 4.1.2 |
| sun | solaris | 2.5.1 |
| hp | hp-ux | 10.20 |
| ibm | aix | 4.1.5 |
| hp | hp-ux | 9.04 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5 |
| hp | hp-ux | 9.09 |
| hp | hp-ux | 9.06 |
| ibm | aix | 4.1.4 |
| sun | sunos | 4.1.3u1 |
| sun | solaris | 2.5 |
| hp | hp-ux | 9.00 |
| ibm | aix | 4.2.1 |
| sun | sunos | - |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.3 |
| ibm | aix | 3.2.4 |
| ibm | aix | 4.2 |
| hp | hp-ux | 9.03 |
| hp | hp-ux | 9.08 |
| hp | hp-ux | 9.10 |
| sun | sunos | 4.1.3c |
| ibm | aix | 3.2 |
| hp | hp-ux | 10.10 |
| ibm | aix | 4.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| hp | hp-ux | 10.16 |
| hp | hp-ux | 10.00 |
| hp | hp-ux | 9.07 |
| hp | hp-ux | 9.05 |
| hp | hp-ux | 11.00 |
| hp | hp-ux | 9.01 |
| ibm | aix | 3.2.5 |
| ibm | aix | 4.1.3 |
| sun | sunos | 5.5.1 |
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| convex | convexos | 10.1 |
| ibm | aix | 3.2 |
| sun | sunos | 5.4 |
| bsdi | bsd_os | 2.0 |
| bsdi | bsd_os | 2.0.1 |
| cray | unicos | 9.0 |
| ibm | aix | 4.1 |
| cray | unicos | 8.3 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| convex | convexos | 10.2 |
| cray | unicos | 8.0 |
| sun | sunos | 4.1.3 |
| sun | sunos | 4.1.3u1 |
| convex | convexos | 11.0 |
| convex | spp-ux | 3 |
| sun | sunos | 5.3 |
| convex | convexos | 11.1 |
A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3u1 |
| hp | hp-ux | * |
| microsoft | windows_nt | 4.0 |
| microsoft | windows_95 | 0a |
| sun | sunos | 4.1.4 |
| caldera | openlinux | 2.0 |
Buffer overflow in ffbconfig in Solaris 2.5.1.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | - |
Buffer overflow in SGI IRIX mailx program.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sun | solaris | 2.5 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| redhat | linux | 4.2 |
| sgi | irix | 6.3 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
| sgi | irix | 5.2 |
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | sng | * |
| ibm | aix | 3.2 |
| sun | sunos | 5.4 |
| sco | internet_faststart | 1.1 |
| linux | linux_kernel | 1.3.0 |
| sco | internet_faststart | 1.0 |
| ibm | aix | 4.1 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sco | open_desktop | 3.0 |
| linux | linux_kernel | 2.0 |
| digital | osf_1 | 1.3.3 |
| ibm | sng | 2.2 |
| ibm | sng | 2.1 |
| ibm | aix | 4.2 |
| sco | tcp_ip | 1.2.1 |
| sun | sunos | 5.5.1 |
| sco | openserver | 5.0.2 |
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eric_allman | sendmail | 8.8.2 |
| sun | sunos | 5.4 |
| sco | internet_faststart | 1.1 |
| sun | solaris | 2.5.1 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sun | sunos | 4.1.3u1 |
| bsdi | bsd_os | 2.1 |
| eric_allman | sendmail | 8.8.1 |
| sun | solaris | 2.5 |
| freebsd | freebsd | 2.1.6 |
| eric_allman | sendmail | 8.8.3 |
| sun | sunos | 5.3 |
| ibm | aix | 4.2 |
| sco | openserver | 5.0.2 |
| ibm | aix | 3.2 |
| hp | hp-ux | 10.10 |
| sco | internet_faststart | 1.0 |
| eric_allman | sendmail | 8.8 |
| ibm | aix | 4.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| hp | hp-ux | 10.16 |
| hp | hp-ux | 10.00 |
| freebsd | freebsd | 2.1.5 |
| freebsd | freebsd | 2.1.6.1 |
| sun | sunos | 5.5.1 |
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3c |
| sun | sunos | 5.4 |
| hp | hp-ux | 9 |
| sun | sunos | 5.0 |
| hp | hp-ux | 10 |
| sun | solaris | 2.4 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
| sun | sunos | 4.1.3u1 |
| sun | sunos | 5.3 |
| sun | sunos | 5.2 |
| sun | sunos | 5.1 |
vold in Solaris 2.x allows local users to gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | * |
| netscape | navigator | * |
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| mit | kerberos | 4.0 |
| mit | kerberos_5 | - |
| sun | sunos | 5.3 |
| process_software | multinet | 3.4 |
| process_software | multinet | 3.5 |
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
NFS cache poisoning.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 3.5 |
| linux | linux_kernel | 2.6.20.1 |
| sun | sunos | 5.4 |
| sun | sunos | 4.0.1 |
| sun | sunos | 4.0.2 |
| sun | sunos | 5.0 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sun | sunos | 4.0 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
| sun | nfs | * |
| sun | sunos | 4.1 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | sunos | 5.2 |
| sun | sunos | 4.0.3 |
| bsdi | bsd_os | * |
| sun | sunos | 5.1 |
NFS allows users to use a "cd .." command to access other directories besides the exported file system.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | nfs | * |
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.1 |
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3c |
| sun | sunos | 4.1.3 |
NFS allows attackers to read and write any file on the system by specifying a false UID.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | nfs | * |
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3u1 |
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.6 |
The passwd command in Solaris can be subjected to a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
The SunView (SunTools) selection_svc facility allows remote users to read files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 3.5 |
| sun | sunos | 4.1 |
| sun | sunos | 4.0.1 |
| sun | sunos | 4.0.2 |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.0 |
| sun | sunos | 4.1.1 |
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3c |
| sun | sunos | 5.0 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
| sun | sunos | 5.0 |
libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Denial of service by sending forged ICMP unreachable packets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3a1 |
| sun | sunos | 4.1 |
| sun | sunos | 4.1psr_a |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.0.3c |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xfree86_project | x11r6 | * |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sgi | irix | * |
A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.6 |
Solaris SUNWadmap can be exploited to obtain root access.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | - |
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.5.1 |
The WorkMan program can be used to overwrite any file to get root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.0 |
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Solaris volrmmount program allows attackers to read any file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | - |
| sun | solaris | 2.6 |
ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | 2.3 |
| slackware | slackware_linux | 2.2 |
| sun | sunos | 4.1.4 |
| slackware | slackware_linux | 2.1 |
| sun | sunos | 4.1.3 |
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in SunOS/Solaris ps command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.3 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| openbsd | openbsd | 2.1 |
| netbsd | netbsd | 1.3.1 |
| sun | sunos | 5.4 |
| sun | solaris | 1.1.3 |
| sun | sunos | 5.0 |
| sun | solaris | 1.1.4 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| openbsd | openbsd | 2.2 |
| sun | solaris | 2.5 |
| digital | osf_1 | 1.1 |
| sun | sunos | - |
| netbsd | netbsd | 1.3 |
| sun | sunos | 5.3 |
| sun | sunos | 5.2 |
| sun | sunos | 5.1 |
| sun | sunos | 5.5.1 |
Buffer overflow in Solaris fdformat command gives root access to local users.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| redhat | linux | 6.0 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| ibm | aix | 4 |
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3u1 |
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| sun | sunos | 5.0 |
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.2 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ibm | aix | 3.2 |
| sco | internet_faststart | 1.1 |
| sco | openserver | 5 |
| sun | sunos | * |
| sco | internet_faststart | 1.0 |
| freebsd | freebsd | 1.0 |
| ibm | aix | 4.1 |
| freebsd | freebsd | 1.2 |
| freebsd | freebsd | 2.0 |
| freebsd | freebsd | 1.1.5.1 |
| ibm | sng | 2.2 |
| ibm | sng | 2.1 |
| freebsd | freebsd | 2.0.5 |
| ibm | aix | 4.2 |
| sco | open_desktop | 3 |
| freebsd | freebsd | 1.1 |
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| sun | sunos | 5.4 |
| sun | solaris | 1.1.3 |
| sun | sunos | 5.0 |
| sun | solaris | 1.1.4 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| sun | solaris | 2.5 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | sunos | 5.2 |
| sun | sunos | 5.1 |
| sun | sunos | 5.5.1 |
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq | * |
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | - |
64 bit Solaris 7 procfs allows local users to perform a denial of service.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netscape | navigator | 4.5 |
| netscape | navigator | 4.61 |
| netscape | communicator | 4.5 |
| netscape | navigator | 4.04 |
| netscape | navigator | 4.02 |
| netscape | navigator | 4.03 |
| sun | java | * |
| netscape | navigator | 4.05 |
| netscape | navigator | 4.07 |
| netscape | navigator | 4.01 |
| netscape | navigator | 4.06 |
| netscape | navigator | 4.0 |
| netscape | navigator | 4.08 |
Solaris ff.core allows local users to modify files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
A Unix account has a default, null, blank, or missing password.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| redhat | linux | 6.0 |
| hp | hp-ux | 10.20 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0d |
| sun | sunos | 5.4 |
| sun | solaris | 2.5.1 |
| freebsd | freebsd | 2.2.4 |
| hp | hp-ux | 10.20 |
| sun | solaris | 2.6 |
| digital | unix | 3.2g |
| sun | sunos | 5.5 |
| linux | linux_kernel | 2.0 |
| freebsd | freebsd | 1.1.5.1 |
| freebsd | freebsd | 2.2.3 |
| sun | solaris | 2.5 |
| sun | sunos | - |
| freebsd | freebsd | 2.1.6 |
| freebsd | freebsd | 2.0.5 |
| ibm | aix | 3.2.4 |
| linux | linux_kernel | 2.1 |
| freebsd | freebsd | 2.1.0 |
| ibm | aix | 3.2 |
| digital | unix | 4.0b |
| netbsd | netbsd | 1.2 |
| sun | solaris | 2.4 |
| ibm | aix | 3.1 |
| digital | unix | 4.0 |
| freebsd | freebsd | 2.1.5 |
| hp | hp-ux | 11.00 |
| digital | unix | 4.0a |
| freebsd | freebsd | 2.1.7.1 |
| ibm | aix | 3.2.5 |
| sun | sunos | 5.5.1 |
| digital | unix | 4.0c |
| freebsd | freebsd | 2.2.2 |
An SNMP community name is the default (e.g. public), null, or missing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 11.00 |
| sun | sunos | 5.0 |
| hp | hp-ux | 10 |
rpc.admind in Solaris is not running in a secure mode.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
A version of rusers is running that exposes valid user information to any entity on the network.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | rpc.ruserd | * |
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netbsd | netbsd | 1.3.1 |
| sun | sunos | 5.4 |
| openbsd | openbsd | 2.5 |
| openbsd | openbsd | 2.4 |
| openbsd | openbsd | 2.3 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5 |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| netbsd | netbsd | 1.2.1 |
| sun | sunos | 5.3 |
| netbsd | netbsd | 1.3.3 |
| openbsd | openbsd | 2.1 |
| netbsd | netbsd | 1.2 |
| sun | solaris | 2.4 |
| netbsd | netbsd | 1.1 |
| openbsd | openbsd | 2.2 |
| netbsd | netbsd | 1.4 |
| openbsd | openbsd | 2.0 |
| netbsd | netbsd | 1.3 |
| sun | sunos | 5.7 |
| sun | sunos | 5.2 |
| netbsd | netbsd | 1.0 |
| sun | sunos | 5.1 |
| sun | sunos | 5.5.1 |
| netbsd | netbsd | 1.3.2 |
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0d |
| sun | sunos | 5.4 |
| ibm | aix | 4.1.2 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.3.1 |
| ibm | aix | 4.1.5 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5 |
| ibm | aix | 4.1.4 |
| sun | sunos | 4.1.3u1 |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| ibm | aix | 4.2.1 |
| sun | sunos | - |
| ibm | aix | 4.1.1 |
| sun | sunos | 5.3 |
| cde | cde | 1.1 |
| ibm | aix | 4.2 |
| cde | cde | 2.120 |
| cde | cde | 2.1 |
| ibm | aix | 4.1 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| cde | cde | 2.0 |
| ibm | aix | 4.3 |
| sun | sunos | 5.7 |
| cde | cde | 1.2 |
| cde | cde | 1.0.1 |
| cde | cde | 1.0.2 |
| ibm | aix | 4.1.3 |
| sun | sunos | 5.5.1 |
| ibm | aix | 4.3.2 |
| digital | unix | 4.0f |
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5.1 |
| cde | cde | 2.1 |
| sun | solaris | 2.6 |
| cde | cde | 2.0 |
| sun | sunos | 5.5 |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| cde | cde | 1.2 |
| cde | cde | 1.1 |
| cde | cde | 1.0.1 |
| cde | cde | 1.0.2 |
| cde | cde | 2.120 |
| sun | sunos | 5.5.1 |
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| digital | unix | 4.0d |
| sun | sunos | 5.4 |
| digital | unix | 4.0e |
| ibm | aix | 4.1.2 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.3.1 |
| ibm | aix | 4.1.5 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5 |
| ibm | aix | 4.1.4 |
| sun | solaris | 7.0 |
| ibm | aix | 4.2.1 |
| ibm | aix | 4.1.1 |
| cde | cde | 1.1 |
| ibm | aix | 4.2 |
| cde | cde | 2.1 |
| ibm | aix | 4.1 |
| sun | solaris | 2.4 |
| cde | cde | 2.0 |
| ibm | aix | 4.3 |
| sun | sunos | 5.7 |
| cde | cde | 1.2 |
| cde | cde | 1.0.1 |
| cde | cde | 1.0.2 |
| ibm | aix | 4.1.3 |
| sun | sunos | 5.5.1 |
| ibm | aix | 4.3.2 |
| digital | unix | 4.0f |
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| hp | hp-ux | 10.24 |
| sun | sunos | 5.3 |
| hp | hp-ux | 11.00 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_2 | * |
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
Buffer overflow in Solaris lpset program allows local users to gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| sun | sunos | * |
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
Buffer overflow in Solaris dtprintinfo program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.0 |
Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
Denial of service in Linux syslogd via a large number of connections.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cobalt | qube | 1.0 |
| suse | suse_linux | 6.2 |
| debian | debian_linux | 2.2 |
| suse | suse_linux | 6.3 |
| cobalt | qube | 2.0 |
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| sun | cobalt_raq | 1.1 |
Buffer overflow in BIND 8.2 via NXT records.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| isc | bind | 8.2 |
| isc | bind | 8.2.1 |
Denial of service in BIND named via malformed SIG records.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sco | openserver | 5 |
| sco | unixware | 2 |
| ibm | aix | 4.3 |
| sun | sunos | 5.7 |
| sco | unixware | 7 |
Denial of service in BIND by improperly closing TCP sessions via so_linger.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| isc | bind | 8.2 |
| isc | bind | 8.2.1 |
Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| isc | bind | 8.2 |
| isc | bind | 8.2.1 |
Denial of service in BIND named via naptr.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sco | openserver | 5 |
| sco | unixware | 2 |
| ibm | aix | 4.3 |
| sun | sunos | 5.7 |
| sco | unixware | 7 |
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 4.0 |
| isc | inn | 1.5.1 |
| nec | goah_intrasv | r1.1 |
| nec | goah_networksv | r2.2 |
| redhat | linux | 4.1 |
| netscape | news_server | 1.1 |
| sun | sparc | * |
| nec | goah_networksv | r3.1 |
| nec | goah_networksv | r1.2 |
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | - |
| microsoft | windows_98se | * |
| microsoft | windows_95 | 0a |
| microsoft | windows_2000 | * |
| sun | solaris | 2.6 |
| microsoft | windows_95 | 0b |
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.2 |
| sgi | irix | 6.4 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| turbolinux | turbolinux | 4.2 |
| sgi | irix | 6.5 |
| sun | sunos | 5.7 |
| sgi | irix | 6.3 |
| sun | solaris | 2.6 |
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 5.3 |
| sgi | irix | 6.2 |
| sgi | irix | 6.4 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| turbolinux | turbolinux | 4.2 |
| sgi | irix | 6.5 |
| sun | sunos | 5.7 |
| sgi | irix | 6.3 |
| sun | solaris | 2.6 |
Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.5 |
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | web-based_enterprise_management | 2.0 |
| sun | solaris | 8.0 |
| sun | web-based_enterprise_management | 1.0 |
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.6 |
| sun | sunos | - |
| sun | solaris | 2.6 |
aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.6 |
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | a_ux | 2.0.1 |
| bsd | bsd | 4.3 |
| sun | sunos | * |
| sgi | irix | * |
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.6 |
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.0.1 |
| sun | sunos | * |
| sun | sunos | 4.0 |
The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.1.1 |
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| sun | sunos | 4.1 |
| sun | sunos | * |
| sun | sunos | 5.0 |
SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | solaris | 2.5.1 |
| sun | sunos | * |
| sun | solaris | 2.4 |
| sun | sunos | 5.5 |
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | sunos | * |
| sun | sunos | 5.5 |
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.1 |
Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.0.3 |
| sun | sunos | 4.0.3c |
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| linux | linux_kernel | 2.6.20.1 |
| openbsd | openbsd | * |
| digital | ultrix | * |
| netbsd | netbsd | 2.0.4 |
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | * |
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | - |
| sun | sunos | 4.1.4 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3c |
| sun | sunos | * |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.5.1 |
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 3.0 |
| sun | solaris | 2.5.1 |
| freebsd | freebsd | 2.2.4 |
| sun | sunos | 5.0 |
| sun | solaris | 2.6 |
| sun | sunos | 4.0 |
| sun | sunos | 5.5 |
| freebsd | freebsd | 2.2.8 |
| freebsd | freebsd | 2.2.5 |
| freebsd | freebsd | 2.2.3 |
| sun | solaris | 2.5 |
| freebsd | freebsd | 2.2.6 |
| freebsd | freebsd | 3.1 |
| sun | sunos | - |
| sun | sunos | 5.5.1 |
| freebsd | freebsd | 2.2.2 |
Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | solaris | 2.4 |
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.4 |
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solstice_adminsuite | 2.1 |
| sun | solstice_adminsuite | 2.2 |
Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solstice_adminsuite | 2.1 |
| sun | solstice_adminsuite | 2.2 |
Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solstice_adminsuite | 2.1 |
| sun | solstice_adminsuite | 2.2 |
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solstice_adminsuite | 2.1 |
| sun | solstice_adminsuite | 2.2 |
Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solstice_adminsuite | 2.1 |
| sun | solstice_adminsuite | 2.2 |
Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1 |
| sun | sunos | * |
| sun | sunos | 4.0.3 |
SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.4 |
Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.0.1 |
| sun | sunos | 4.0.2 |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.0.3c |
| sun | sunos | 4.0 |
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 3.3.1 |
| next | next | 2.0 |
| next | next | 2.1 |
| sun | sunos | 4.1psr_a |
| sgi | irix | 4.0 |
| sun | sunos | 4.0.3c |
| sun | sunos | 4.1.1 |
| cray | unicos | 6.0e |
| sun | sunos | 4.1 |
| cray | unicos | 6.1 |
| cray | unicos | 6.0 |
| sgi | irix | 3.3.2 |
| sun | sunos | 4.0.3 |
| sgi | irix | 3.3.3 |
| sgi | irix | 3.3 |
Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 3.5 |
| sun | sunos | 4.0.1 |
| sun | sunos | 4.0.2 |
| sun | sunos | 4.0.3 |
| sun | sunos | 4.0.3c |
| sun | sunos | 4.0 |
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3u1 |
| sun | sunos | 4.1.3c |
| sun | sunos | 4.1 |
| sun | sunos | 4.1psr_a |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | netbeans_developer | 3.0_beta |
| sun | forte | community_1.0_beta |
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3u1 |
| sun | sunos | 4.1.3c |
| sendmail | sendmail | 5.61 |
| sendmail | sendmail | 5.59 |
| sun | sunos | 4.1.4jl |
| sendmail | sendmail | 5.65 |
| sun | sunos | 4.1.4 |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3c |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | openwindows | 3.0 |
| sun | sunos | 4.1.3 |
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.0 |
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 4.1.3c |
| sun | sunos | 4.1.2 |
| sun | sunos | 4.1.1 |
| sun | sunos | 4.1.3 |
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.4 |
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
The recover program in Solstice Backup allows local users to restore sensitive files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solstice_backup | 5.1 |
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq | 1.0 |
| sun | cobalt_raq_2 | * |
The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| sun | sunos | 5.4 |
| redhat | linux | 5.2 |
| sun | solaris | 1.1.3 |
| redhat | linux | 4.1 |
| sun | sunos | 5.0 |
| redhat | linux | 6.0 |
| redhat | linux | 5.1 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| redhat | linux | 5.0 |
| redhat | linux | 2.1 |
| redhat | linux | 2.0 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| redhat | linux | 4.0 |
| sun | solaris | 1.1.4 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| redhat | linux | 6.1 |
| redhat | linux | 3.0.3 |
| sun | sunos | 5.2 |
| redhat | linux | 4.2 |
| sun | sunos | 5.1 |
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_isp_server | 2.0 |
StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 5.1 |
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 5.1 |
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | workshop | 5.0 |
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 5.1 |
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| qualcomm | qpopper | 3.0 |
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| qualcomm | qpopper | 2.53 |
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| qualcomm | qpopper | 2.52 |
| qualcomm | qpopper | 2.53 |
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
| sun | sunos | 5.4 |
| sun | solaris | 5.6 |
| sun | solaris | 2.5.1 |
| sun | solaris | 1.1.3 |
| sun | sunos | 5.0 |
| sun | solaris | 5.5.1 |
| sun | solaris | 2.6 |
| sun | solaris | 5.5 |
| sun | sunos | 5.5 |
| sun | sunos | 4.1.3 |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sun | solaris | 5.4 |
| sun | sunos | 5.6 |
| sun | solaris | 1.1.4 |
| sun | sunos | 4.1.4 |
| sun | solaris | 2.4 |
| sun | sunos | 5.7 |
| sun | sunos | 5.2 |
| sun | sunos | 5.8 |
| sun | sunos | 5.1 |
| sun | sunos | 5.5.1 |
The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | 2.0 |
| sun | java_system_web_server | 1.1.3 |
The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_answerbook2 | 1.4 |
| sun | solaris_answerbook2 | 1.4.2 |
| sun | solaris_answerbook2 | 1.3 |
| sun | solaris_answerbook2 | 1.4.1 |
The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_answerbook2 | 1.4 |
| sun | solaris_answerbook2 | 1.4.2 |
| sun | solaris_answerbook2 | 1.3 |
| sun | solaris_answerbook2 | 1.4.1 |
The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | 1.1.2 |
| sun | java_system_web_server | 2.0 |
| sun | java_system_web_server | 1.1_beta |
| sun | java_system_web_server | 1.1.3 |
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| turbolinux | turbolinux | 6.0.1 |
| sgi | irix | 6.4 |
| redhat | linux | 6.2 |
| slackware | slackware_linux | 7.1 |
| redhat | linux | 5.2 |
| debian | debian_linux | 2.0 |
| ibm | aix | 4.1.2 |
| ibm | aix | 4.3.1 |
| sun | sunos | 5.0 |
| sun | solaris | 2.6 |
| conectiva | linux | 4.1 |
| redhat | linux | 5.0 |
| conectiva | linux | 4.0es |
| turbolinux | turbolinux | 6.0.3 |
| debian | debian_linux | 2.1 |
| suse | suse_linux | 6.2 |
| suse | suse_linux | 6.4 |
| ibm | aix | 4.1.1 |
| suse | suse_linux | 6.3 |
| sun | sunos | 5.3 |
| sgi | irix | 6.5 |
| trustix | secure_linux | 1.0 |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.2 |
| ibm | aix | 4.1 |
| ibm | aix | 4.0 |
| sgi | irix | 6.5.3f |
| caldera | openlinux | * |
| turbolinux | turbolinux | 6.0.2 |
| turbolinux | turbolinux | 6.0.4 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.1 |
| conectiva | linux | 4.2 |
| ibm | aix | 3.2.5 |
| sun | sunos | 5.1 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.4 |
| sgi | irix | 6.5.8 |
| redhat | linux | 6.0 |
| conectiva | linux | 5.1 |
| ibm | aix | 4.1.5 |
| turbolinux | turbolinux | 6.0 |
| redhat | linux | 5.1 |
| sun | sunos | 5.5 |
| trustix | secure_linux | 1.1 |
| ibm | aix | 4.1.4 |
| slackware | slackware_linux | 7.0 |
| ibm | aix | 4.2.1 |
| sgi | irix | 6.5.7 |
| mandrakesoft | mandrake_linux | 7.1 |
| immunix | immunix | 6.2 |
| ibm | aix | 3.2.4 |
| ibm | aix | 4.2 |
| mandrakesoft | mandrake_linux | 7.0 |
| debian | debian_linux | 2.3 |
| suse | suse_linux | 6.1 |
| ibm | aix | 3.2 |
| debian | debian_linux | 2.2 |
| sgi | irix | 6.5.2m |
| redhat | linux | 6.1 |
| sgi | irix | 6.5.6 |
| conectiva | linux | 4.0 |
| sgi | irix | 6.5.3m |
| ibm | aix | 4.3 |
| sun | sunos | 5.2 |
| caldera | openlinux_eserver | 2.3 |
| sgi | irix | 6.3 |
| suse | suse_linux | 7.0 |
| conectiva | linux | 5.0 |
| ibm | aix | 4.1.3 |
| ibm | aix | 4.3.2 |
| caldera | openlinux_ebuilder | 3.0 |
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| lbl | lbl_traceroute | 1.4a5 |
| sun | sunos | 5.5.1 |
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | hotjava_browser | 3.0 |
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netscape | directory_server | 4.12 |
| sun | iplanet_certificate_management_system | 4.2 |
Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netscape | directory_server | 4.12 |
| sun | iplanet_certificate_management_system | 4.2 |
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.2.1 |
| sun | jdk | 1.2.2 |
| sun | jdk | * |
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 5.2 |
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cluster | 2.0 |
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cluster | 2.0 |
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | 5.4 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | * |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | chilisoft | * |
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sun_ftp | build_9 |
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.0 |
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | javaserver_web_dev_kit | 1.0.1 |
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
| sun | solaris | 2.6 |
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.3 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 8.0 |
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netbsd | netbsd | 1.5.1 |
| openbsd | openbsd | 2.4 |
| ibm | aix | 4.3.1 |
| sun | sunos | 5.0 |
| sun | solaris | 2.6 |
| netkit | linux_netkit | 0.12 |
| netbsd | netbsd | 1.4.1 |
| netbsd | netbsd | 1.2.1 |
| sun | sunos | 5.3 |
| freebsd | freebsd | 2.1 |
| sgi | irix | 6.5 |
| mit | kerberos_5 | 1.2.1 |
| freebsd | freebsd | 3.5 |
| freebsd | freebsd | 4.3 |
| openbsd | openbsd | 2.8 |
| freebsd | freebsd | 3.5.1 |
| freebsd | freebsd | 4.2 |
| freebsd | freebsd | 3.0 |
| freebsd | freebsd | 2.2.7 |
| freebsd | freebsd | 2.2 |
| freebsd | freebsd | 4.1.1 |
| netkit | linux_netkit | 0.10 |
| ibm | aix | 5.1 |
| freebsd | freebsd | 2.1.7 |
| openbsd | openbsd | 2.2 |
| netbsd | netbsd | 1.4 |
| openbsd | openbsd | 2.7 |
| openbsd | openbsd | 2.0 |
| freebsd | freebsd | 2.1.5 |
| mit | kerberos_5 | 1.1 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| netbsd | netbsd | 1.0 |
| freebsd | freebsd | 2.1.7.1 |
| sun | sunos | 5.1 |
| freebsd | freebsd | 3.4 |
| sun | sunos | 5.5.1 |
| netbsd | netbsd | 1.3.2 |
| mit | kerberos_5 | 1.1.1 |
| netbsd | netbsd | 1.4.2 |
| mit | kerberos_5 | 1.2 |
| netbsd | netbsd | 1.3.1 |
| freebsd | freebsd | 3.3 |
| sun | sunos | 5.4 |
| freebsd | freebsd | 2.2.1 |
| mit | kerberos | 1.0 |
| openbsd | openbsd | 2.5 |
| freebsd | freebsd | 2.2.4 |
| openbsd | openbsd | 2.3 |
| sun | sunos | 5.5 |
| freebsd | freebsd | 2.2.5 |
| freebsd | freebsd | 2.2.3 |
| netkit | linux_netkit | 0.11 |
| ibm | aix | 4.3.3 |
| freebsd | freebsd | 2.1.6 |
| freebsd | freebsd | 2.0.5 |
| freebsd | freebsd | 2.0.1 |
| freebsd | freebsd | 2.1.0 |
| freebsd | freebsd | 4.0 |
| freebsd | freebsd | 4.1 |
| netbsd | netbsd | 1.3.3 |
| openbsd | openbsd | 2.1 |
| debian | debian_linux | 2.2 |
| netbsd | netbsd | 1.5 |
| netbsd | netbsd | 1.2 |
| netbsd | netbsd | 1.1 |
| freebsd | freebsd | 2.2.8 |
| openbsd | openbsd | 2.6 |
| freebsd | freebsd | 2.0 |
| freebsd | freebsd | 2.2.6 |
| freebsd | freebsd | 3.1 |
| freebsd | freebsd | 2.1.6.1 |
| netbsd | netbsd | 1.3 |
| netbsd | netbsd | 1.4.3 |
| ibm | aix | 4.3 |
| sun | sunos | 5.2 |
| freebsd | freebsd | 3.2 |
| mit | kerberos_5 | 1.2.2 |
| ibm | aix | 4.3.2 |
| freebsd | freebsd | 2.2.2 |
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | * |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | iplanet_web_server | 4.1 |
| hp | virtualvault | 4.0 |
Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | chilisoft | 3.6 |
| sun | chilisoft | 3.5.2 |
Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | chilisoft | * |
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | chilisoft | * |
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunvts | 4.0 |
| sun | sunvts | 4.2 |
| sun | sunvts | 4.1 |
| sun | sunvts | 4.3 |
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 3.3.1 |
| sun | sunos | 5.4 |
| hp | hp-ux | 10.24 |
| sco | openserver | 5.0.1 |
| sgi | irix | 3.2 |
| sun | solaris | 2.5.1 |
| ibm | aix | 4.3.1 |
| sun | sunos | 5.0 |
| hp | hp-ux | 10.20 |
| sco | openserver | 5.0.6a |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| sco | openserver | 5.0 |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| ibm | aix | 4.3.3 |
| sun | sunos | - |
| sun | sunos | 5.3 |
| sco | openserver | 5.0.2 |
| hp | hp-ux | 10.10 |
| sco | openserver | 5.0.6 |
| sun | solaris | 2.4 |
| ibm | aix | 5.1 |
| hp | hp-ux | 10.00 |
| ibm | aix | 4.3 |
| sgi | irix | 3.3.2 |
| sun | sunos | 5.7 |
| sun | sunos | 5.2 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sco | openserver | 5.0.5 |
| sun | sunos | 5.1 |
| hp | hp-ux | 11.0.4 |
| sgi | irix | 3.3.3 |
| sun | sunos | 5.5.1 |
| sco | openserver | 5.0.4 |
| sgi | irix | 3.3 |
| ibm | aix | 4.3.2 |
| sco | openserver | 5.0.3 |
ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | netdynamics | 4.1 |
| sun | netdynamics | 5.0 |
| sun | netdynamics | 4.1.3 |
| sun | netdynamics | 4.1.2 |
| sun | netdynamics | 4.0 |
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.3.0 |
| sun | java_plug-in | 1.4 |
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netbsd | netbsd | 1.5.1 |
| netbsd | netbsd | 1.5 |
| openbsd | openbsd | 2.9 |
| microsoft | windows_nt | 4.0 |
| microsoft | windows_2000 | * |
| hp | vvos | 11.04 |
| linux | linux_kernel | 2.4.4 |
| linux | linux_kernel | 2.4.2 |
| linux | linux_kernel | 2.4.1 |
| hp | hp-ux | 11.11 |
| linux | linux_kernel | 2.4.5 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| linux | linux_kernel | 2.4.3 |
| linux | linux_kernel | 2.4.0 |
| hp | hp-ux | 11.0.4 |
| sun | sunos | 5.5.1 |
| freebsd | freebsd | 4.3 |
| openbsd | openbsd | 2.8 |
iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | iplanet_directory_server | * |
Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | iplanet_directory_server | * |
Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | iplanet_directory_server | * |
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.4 |
| sun | sunos | 5.6 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | management+center | 2.0 |
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sdk | 1.3.0 |
| sun | jdk | 1.2.2_07 |
| sun | sdk | 1.1.3 |
| sun | jre | 1.2.2_007 |
| sun | jdk | 1.2.2_07a |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jre | 1.2.2 |
| sun | jre | 1.2.2_005 |
| sun | jre | 1.2.2_006 |
| sun | jre | 1.2.2_004 |
| apple | mac_os_runtime_for_java | 2.2.4 |
| sun | jre | 1.2.2_003 |
| sun | jre | 1.2.2_07 |
The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | 5.6 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | * |
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sdk | 1.3_02 |
| microsoft | virtual_machine | 3802 |
| sun | jdk | 1.1.8 |
| sun | sdk | 1.2.2_010 |
| sun | jre | 1.1.8 |
| sun | sdk | 1.1.8_007 |
| sun | jre | 1.3.0 |
| sun | jre | 1.2.2 |
| sun | sdk | 1.2.2_10 |
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | java_jre-jdk | 1.3 |
| microsoft | virtual_machine | 3802 |
| sun | jre | 1.1.8 |
| sun | sdk | 1.3_05 |
| hp | java_jre-jdk | 1.2.2 |
| sun | sdk | 1.3.1_01 |
| sun | sdk | 1.2.2_10 |
| sun | sdk | 1.3.1_01a |
| sun | jdk | 1.1.8 |
| sun | sdk | 1.2.2_010 |
| sun | jre | 1.3.0 |
| sun | jre | 1.2.2 |
| sun | jre | 1.3.1 |
| hp | java_jre-jdk | 1.1.8 |
Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 8.0 |
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| sun | cobalt_raq_4 | * |
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| sun | cobalt_raq_4 | * |
service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| sun | cobalt_raq_4 | * |
Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_answerbook2 | 1.4 |
| sun | solaris_answerbook2 | 1.4.2 |
| sun | solaris_answerbook2 | 1.4.3 |
| sun | solaris_answerbook2 | 1.4.1 |
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_application_server | 6.5 |
| sun | one_application_server | 6.0 |
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_2000 | - |
| microsoft | windows_nt | 4.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| openbsd | openbsd | 3.1 |
| freebsd | freebsd | * |
| microsoft | windows_xp | - |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_3i | * |
| sun | cobalt_raq_2 | * |
| sun | cobalt_raq_4 | * |
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openbsd | openbsd | 2.1 |
| sun | solaris | 2.5.1 |
| freebsd | freebsd | 4.5 |
| openbsd | openbsd | 2.3 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| openbsd | openbsd | 2.2 |
| freebsd | freebsd | 4.4 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| openbsd | openbsd | 2.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | sunos | 5.5.1 |
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| hp | hp-ux | 10.24 |
| sgi | irix | 6.5.8 |
| hp | hp-ux | 10.20 |
| caldera | openunix | 8.0 |
| sun | solaris | 2.6 |
| caldera | unixware | 7.1_.0 |
| sgi | irix | 6.0 |
| sgi | irix | 6.1 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| ibm | aix | 4.3.3 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7 |
| compaq | tru64 | 5.1a |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.5 |
| compaq | tru64 | 5.1 |
| caldera | unixware | 7.1.1 |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.2 |
| caldera | unixware | 7 |
| xi_graphics | dextop | 2.1 |
| hp | hp-ux | 10.10 |
| sgi | irix | 6.5.9 |
| ibm | aix | 5.1 |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.6 |
| sgi | irix | 6.0.1 |
| compaq | tru64 | 5.0a |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.3 |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.5.14 |
| sgi | irix | 6.5.15 |
| compaq | tru64 | 4.0f |
| sun | sunos | 5.5.1 |
| sgi | irix | 6.5.11 |
| sgi | irix | 5.2 |
| sgi | irix | 6.5.16 |
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| hp | hp-ux | 10.24 |
| sun | solaris | 9.0 |
| sgi | irix | 6.5.8 |
| hp | hp-ux | 10.20 |
| caldera | openunix | 8.0 |
| sun | solaris | 2.6 |
| sgi | irix | 6.0 |
| sgi | irix | 6.1 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| ibm | aix | 4.3.3 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7 |
| compaq | tru64 | 5.1a |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.5 |
| compaq | tru64 | 5.1 |
| caldera | unixware | 7.1.0 |
| caldera | unixware | 7.1.1 |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.2 |
| xi_graphics | dextop | 2.1 |
| hp | hp-ux | 10.10 |
| sgi | irix | 6.5.9 |
| ibm | aix | 5.1 |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.6 |
| sgi | irix | 6.0.1 |
| caldera | unixware | 7.0 |
| compaq | tru64 | 5.0a |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.3 |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.5.14 |
| sgi | irix | 6.5.15 |
| compaq | tru64 | 4.0f |
| sun | sunos | 5.5.1 |
| sgi | irix | 6.5.11 |
| sgi | irix | 5.2 |
| sgi | irix | 6.5.16 |
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| hp | hp-ux | 10.24 |
| xi_graphics | dextop | 2.1 |
| hp | hp-ux | 10.10 |
| sun | solaris | 9.0 |
| hp | hp-ux | 10.20 |
| caldera | openunix | 8.0 |
| sun | solaris | 2.6 |
| ibm | aix | 5.1 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| ibm | aix | 4.3.3 |
| caldera | unixware | 7.0 |
| compaq | tru64 | 5.1a |
| compaq | tru64 | 5.0a |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| compaq | tru64 | 5.1 |
| compaq | tru64 | 4.0f |
| sun | sunos | 5.5.1 |
| caldera | unixware | 7.1.0 |
| caldera | unixware | 7.1.1 |
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.6 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | 5.6 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| caldera | openunix | 8.0 |
| caldera | unixware | 7.1.1 |
Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| caldera | openunix | 8.0 |
| caldera | unixware | 7.1.1 |
SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sun_pci_ii_driver | 2.3 |
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | i-runbook | 2.5.2 |
none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | i-runbook | 2.5.2 |
Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | iplanet_web_server | 4.1 |
| sun | one_application_server | 6.0 |
| sun | one_web_server | 6.0 |
| netscape | enterprise_server | 3.6 |
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| caldera | openlinux | 2.2 |
| caldera | openlinux | 2.3 |
| caldera | openlinux | 2.4 |
| sun | solaris | 9.0 |
| sco | openserver | 5.0.6 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sco | openserver | 5.0.5 |
| sco | openserver | 5.0.6a |
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| hp | hp-ux | 10.24 |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sgi | irix | 6.5.8 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| xfree86_project | x11r6 | 3.3.3 |
| hp | hp-ux | 11.04 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| sun | sunos | - |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7 |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.5 |
| xfree86_project | x11r6 | 3.3.2 |
| xfree86_project | x11r6 | 3.3.4 |
| sgi | irix | 6.5.3 |
| hp | hp-ux | 10.10 |
| xfree86_project | x11r6 | 3.3.5 |
| sgi | irix | 6.5.9 |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.6 |
| xfree86_project | x11r6 | 3.3 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.5.1 |
| sun | sunos | 5.5.1 |
| sgi | irix | 6.5.11 |
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| sgi | irix | 6.5.19 |
| sgi | irix | 6.5.18f |
| sun | solaris | 9.0 |
| sgi | irix | 6.5.22 |
| sgi | irix | 6.5.8 |
| sgi | irix | 6.5.18 |
| sco | open_unix | 8.0 |
| sgi | irix | 6.5.21m |
| sun | solaris | 8.0 |
| sgi | irix | 6.5.18m |
| redhat | enterprise_linux | 2.1 |
| sgi | irix | 6.5.17 |
| sun | linux | 5.0.7 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7 |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.17m |
| sgi | irix | 6.5.19f |
| sgi | irix | 6.5.5 |
| sgi | irix | 6.5.20m |
| sco | unixware | 7.1.2 |
| safe.pm | safe.pm | 2.0_6 |
| sgi | irix | 6.5.17f |
| sgi | irix | 6.5.3 |
| safe.pm | safe.pm | 2.0_7 |
| sco | unixware | 7.1.3 |
| redhat | linux_advanced_workstation | 2.1 |
| sgi | irix | 6.5.9 |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.6 |
| sgi | irix | 6.5.21f |
| sgi | irix | 6.5.20f |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.5.19m |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.5.14 |
| sgi | irix | 6.5.15 |
| sgi | irix | 6.5.11 |
| sgi | irix | 6.5.16 |
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-120,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| netbsd | netbsd | 1.5.1 |
| oracle | solaris | 8 |
| oracle | solaris | 2.6 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| oracle | solaris | 7.0 |
| netbsd | netbsd | 1.5.2 |
| hp | hp-ux | 11.11 |
| sun | sunos | - |
| hp | alphaserver_sc | * |
| windriver | bsdos | 5.0 |
| windriver | bsdos | 4.3.1 |
| sendmail | sendmail | * |
| gentoo | linux | 1.4 |
| netbsd | netbsd | 1.5 |
| hp | hp-ux | 10.10 |
| netbsd | netbsd | 1.6 |
| oracle | solaris | 9 |
| windriver | bsdos | 4.2 |
| windriver | platform_sa | 1.0 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| netbsd | netbsd | 1.5.3 |
| hp | hp-ux | 11.0.4 |
Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| gnu | wget | 1.7.1 |
| gnu | wget | 1.8.1 |
| sun | cobalt_raq_xtr | * |
| gnu | wget | 1.5.3 |
| gnu | wget | 1.7 |
| gnu | wget | 1.8 |
| gnu | wget | 1.8.2 |
| gnu | wget | 1.6 |
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ncftp_software | ncftp | 3.0.1 |
| ncftp_software | ncftp | 3.0.3 |
| ncftp_software | ncftp | 3.0.0 |
| ncftp_software | ncftp | 3.1.2 |
| sun | solaris | 2.6 |
| ncftp_software | ncftp | 3.0.4 |
| ncftp_software | ncftp | 3.1.1 |
| sun | solaris | 7.0 |
| ncftp_software | ncftp | 3.0.2 |
| sun | sunos | - |
| openbsd | openbsd | 3.0 |
| sun | sunos | 5.7 |
| ncftp_software | ncftp | 3.1.4 |
| ncftp_software | ncftp | 3.1.0 |
| ncftp_software | ncftp | 3.1.3 |
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cobalt_raq_4 | * |
Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| astaware | searchdisc | 3.1 |
| sun | sunone_starter_kit | 2.0 |
Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| sgi | irix | 6.5.19 |
| sgi | irix | 6.5.6m |
| sgi | irix | 6.5.6f |
| sun | solaris | 2.6 |
| sgi | irix | 6.5.15f |
| sgi | irix | 6.5.2f |
| sgi | irix | 6.5.18m |
| sgi | irix | 6.5.8f |
| sun | solaris | 7.0 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7m |
| sgi | irix | 6.5.17m |
| sgi | irix | 6.5.16m |
| sgi | irix | 6.5.17f |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.5.10m |
| sgi | irix | 6.5.3f |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.4m |
| sgi | irix | 6.5.9m |
| sgi | irix | 6.5.14f |
| sun | sunos | 5.7 |
| sgi | irix | 6.5.5m |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.5.14 |
| sun | sunos | 5.5.1 |
| sgi | irix | 6.5.11m |
| sgi | irix | 6.5.11f |
| sgi | irix | 6.5.9f |
| sgi | irix | 6.5.15m |
| sgi | irix | 6.5.18f |
| sgi | irix | 6.5.13m |
| sun | solaris | 2.5.1 |
| sgi | irix | 6.5.8 |
| sgi | irix | 6.5.18 |
| sgi | irix | 6.5.14m |
| sgi | irix | 6.5.17 |
| sun | sunos | - |
| sgi | irix | 6.5.7 |
| sgi | irix | 6.5.10f |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5.5f |
| sgi | irix | 6.5.5 |
| sgi | irix | 6.5.7f |
| sgi | irix | 6.5.8m |
| sgi | irix | 6.5.2m |
| sgi | irix | 6.5.12m |
| sgi | irix | 6.5.9 |
| sgi | irix | 6.5.6 |
| sgi | irix | 6.5.13f |
| sgi | irix | 6.5.3m |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.5.4f |
| sgi | irix | 6.5.15 |
| sgi | irix | 6.5.11 |
| sgi | irix | 6.5.12f |
| sgi | irix | 6.5.16f |
| sgi | irix | 6.5.16 |
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | openwindows | 3.6.2 |
| sun | openwindows | 3.6 |
| sun | openwindows | 3.6.1 |
Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_web_start | 1.0 |
| sun | java_web_start | 1.0.1_01 |
| sun | java_web_start | 1.0.1 |
Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ray_server_software | 1.3 |
java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.2.2 |
| sun | jre | 1.3.1 |
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,CWE-281,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_pc_netlink | * |
Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,CWE-362,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | patchpro | 2.0 |
Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_answerbook2 | 1.4 |
| sun | solaris_answerbook2 | 1.4.2 |
| sun | solaris_answerbook2 | 1.3 |
| sun | solaris_answerbook2 | 1.2 |
| sun | solaris_answerbook2 | 1.4.1 |
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.19 |
| openbsd | openbsd | 2.4 |
| sgi | irix | 6.5.6f |
| cray | unicos | 7.0 |
| sun | solaris | 2.6 |
| gnu | glibc | 2.2.5 |
| sgi | irix | 6.5.15f |
| sgi | irix | 6.5.18m |
| hp | hp-ux | 11.04 |
| openafs | openafs | 1.0.1 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7m |
| mit | kerberos_5 | 1.2.7 |
| openafs | openafs | 1.2.1 |
| sgi | irix | 6.5.16m |
| openafs | openafs | 1.2.4 |
| cray | unicos | 9.2.4 |
| sgi | irix | 6.5.3 |
| freebsd | freebsd | 4.2 |
| sgi | irix | 6.5.10m |
| openafs | openafs | 1.2.3 |
| freebsd | freebsd | 4.6.2 |
| freebsd | freebsd | 5.0 |
| cray | unicos | 9.0 |
| mit | kerberos_5 | 1.2.3 |
| openbsd | openbsd | 2.7 |
| sgi | irix | 6.5.9m |
| openafs | openafs | 1.3 |
| openbsd | openbsd | 2.0 |
| sgi | irix | 6.5.14f |
| openafs | openafs | 1.0.2 |
| sgi | irix | 6.5.5m |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.5.14 |
| gnu | glibc | 2.2 |
| sun | sunos | 5.5.1 |
| mit | kerberos_5 | 1.2 |
| sgi | irix | 6.5.18f |
| gnu | glibc | 2.1.1 |
| openbsd | openbsd | 2.5 |
| sun | solaris | 9.0 |
| openbsd | openbsd | 2.3 |
| gnu | glibc | 2.1 |
| cray | unicos | 6.0e |
| hp | hp-ux_series_800 | 10.20 |
| sun | sunos | - |
| sgi | irix | 6.5.7 |
| sgi | irix | 6.5.10f |
| sgi | irix | 6.5.5 |
| gnu | glibc | 2.1.3 |
| openafs | openafs | 1.0.4a |
| freebsd | freebsd | 4.0 |
| sgi | irix | 6.5.7f |
| sgi | irix | 6.5.8m |
| openbsd | openbsd | 2.1 |
| openafs | openafs | 1.3.1 |
| openafs | openafs | 1.0.4 |
| openbsd | openbsd | 3.1 |
| ibm | aix | 5.2 |
| cray | unicos | 8.0 |
| openbsd | openbsd | 2.6 |
| sgi | irix | 6.5.6 |
| openafs | openafs | 1.1.1a |
| openafs | openafs | 1.2 |
| sgi | irix | 6.5.13f |
| sgi | irix | 6.5.3m |
| openafs | openafs | 1.0.3 |
| openafs | openafs | 1.1 |
| openafs | openafs | 1.1.1 |
| sgi | irix | 6.5.4f |
| sgi | irix | 6.5.15 |
| sgi | irix | 6.5.11 |
| openafs | openafs | 1.3.2 |
| sgi | irix | 6.5.16f |
| sgi | irix | 6.5.16 |
| sgi | irix | 6.5.4 |
| sgi | irix | 6.5.6m |
| hp | hp-ux | 10.24 |
| mit | kerberos_5 | 1.2.4 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| gnu | glibc | 2.3.1 |
| sgi | irix | 6.5.2f |
| sgi | irix | 6.5.8f |
| freebsd | freebsd | 4.4 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| cray | unicos | 6.1 |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.17m |
| cray | unicos | 6.0 |
| openafs | openafs | 1.0 |
| freebsd | freebsd | 4.7 |
| gnu | glibc | 2.3 |
| mit | kerberos_5 | 1.2.1 |
| openafs | openafs | 1.2.2b |
| sgi | irix | 6.5.17f |
| freebsd | freebsd | 4.3 |
| openbsd | openbsd | 2.8 |
| hp | hp-ux | 11.20 |
| openbsd | openbsd | 2.9 |
| gnu | glibc | 2.2.2 |
| freebsd | freebsd | 4.5 |
| cray | unicos | 9.2 |
| freebsd | freebsd | 4.1.1 |
| sgi | irix | 6.5.3f |
| ibm | aix | 5.1 |
| sgi | irix | 6.5.2 |
| openbsd | openbsd | 2.2 |
| sgi | irix | 6.5.4m |
| mit | kerberos_5 | 1.2.6 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| openafs | openafs | 1.2.6 |
| gnu | glibc | 2.3.2 |
| openafs | openafs | 1.2.5 |
| sgi | irix | 6.5.11m |
| sgi | irix | 6.5.11f |
| sgi | irix | 6.5.9f |
| sgi | irix | 6.5.15m |
| mit | kerberos_5 | 1.2.5 |
| openafs | openafs | 1.2.2 |
| sgi | irix | 6.5.13m |
| cray | unicos | 9.0.2.5 |
| sun | solaris | 2.5.1 |
| sgi | irix | 6.5.8 |
| sgi | irix | 6.5.18 |
| sgi | irix | 6.5.14m |
| sun | solaris | 8.0 |
| sgi | irix | 6.5.20 |
| sgi | irix | 6.5.17 |
| ibm | aix | 4.3.3 |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5.5f |
| openbsd | openbsd | 3.0 |
| gnu | glibc | 2.2.1 |
| freebsd | freebsd | 4.1 |
| openbsd | openbsd | 3.2 |
| hp | hp-ux_series_700 | 10.20 |
| sgi | irix | 6.5.2m |
| gnu | glibc | 2.2.4 |
| sgi | irix | 6.5.12m |
| cray | unicos | 8.3 |
| sgi | irix | 6.5.9 |
| gnu | glibc | 2.2.3 |
| gnu | glibc | 2.1.2 |
| openafs | openafs | 1.2.2a |
| freebsd | freebsd | 4.6 |
| sgi | irix | 6.5.12 |
| mit | kerberos_5 | 1.2.2 |
| sgi | irix | 6.5.12f |
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mit | kerberos_5 | 1.2.4 |
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| mit | kerberos_5 | 1.2.3 |
| sun | enterprise_authentication_mechanism | 1.0 |
| sun | solaris | 8.0 |
| mit | kerberos_5 | 1.2.1 |
| mit | kerberos_5 | 1.2.2 |
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sgi | irix | 6.5.4 |
| sgi | irix | 5.3 |
| sgi | irix | 6.4 |
| sgi | irix | 6.5.6m |
| sgi | irix | 5.1.1 |
| hp | hp-ux | 10.24 |
| sgi | irix | 6.5.6f |
| ibm | aix | 4.3.1 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| sun | solaris | 2.6 |
| sgi | irix | 6.5.15f |
| sgi | irix | 6.5.2f |
| sgi | irix | 6.5.18m |
| sgi | irix | 6.5.8f |
| sgi | irix | 6.1 |
| hp | hp-ux | 11.04 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| sgi | irix | 6.5.10 |
| sgi | irix | 6.5.7m |
| sgi | irix | 6.5 |
| sgi | irix | 6.5.17m |
| sgi | irix | 6.5.16m |
| sgi | irix | 6.5.17f |
| sgi | irix | 6.5.3 |
| sgi | irix | 6.2 |
| hp | hp-ux | 11.20 |
| sgi | irix | 6.5.10m |
| sgi | irix | 6.5.3f |
| ibm | aix | 5.1 |
| sgi | irix | 6.5.2 |
| sgi | irix | 6.5.4m |
| sgi | irix | 6.5.9m |
| sgi | irix | 6.5.14f |
| sgi | irix | 5.1 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sgi | irix | 6.5.5m |
| sgi | irix | 6.5.1 |
| sgi | irix | 6.5.14 |
| sun | sunos | 5.5.1 |
| sgi | irix | 5.2 |
| sgi | irix | 6.5.11m |
| sgi | irix | 6.5.11f |
| sgi | irix | 6.5.9f |
| sgi | irix | 6.5.15m |
| sgi | irix | 6.5.18f |
| sgi | irix | 6.5.13m |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sgi | irix | 6.5.8 |
| sgi | irix | 6.5.18 |
| sgi | irix | 6.5.14m |
| sun | solaris | 8.0 |
| sgi | irix | 6.0 |
| sgi | irix | 6.5.17 |
| ibm | aix | 4.3.3 |
| sun | sunos | - |
| hp | hp-ux | 10.34 |
| sgi | irix | 6.5.7 |
| sgi | irix | 6.5.10f |
| sgi | irix | 6.5.13 |
| sgi | irix | 6.5.5f |
| sgi | irix | 5.0 |
| sgi | irix | 6.5.5 |
| sgi | irix | 6.5.7f |
| hp | hp-ux | 10.30 |
| sgi | irix | 6.5.8m |
| sgi | irix | 6.5.2m |
| sgi | irix | 6.5.12m |
| ibm | aix | 5.2 |
| sgi | irix | 5.0.1 |
| sgi | irix | 6.5.9 |
| sgi | irix | 6.5.6 |
| sgi | irix | 6.0.1 |
| sgi | irix | 6.5.13f |
| sgi | irix | 6.5.3m |
| ibm | aix | 4.3 |
| sgi | irix | 6.5.12 |
| sgi | irix | 6.3 |
| sgi | irix | 6.5.4f |
| sgi | irix | 6.5.15 |
| sgi | irix | 6.5.11 |
| sgi | irix | 6.5.12f |
| ibm | aix | 4.3.2 |
| hp | hp-ux | 10.26 |
| sgi | irix | 6.5.16f |
| sgi | irix | 6.5.16 |
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sendmail | sendmail_switch | 2.2.4 |
| compaq | tru64 | 5.1_pk3_bl17 |
| sendmail | sendmail | 8.11.2 |
| sendmail | sendmail | 8.9.1 |
| hp | hp-ux | 10.08 |
| sun | solaris | 2.6 |
| sendmail | sendmail | 8.9.2 |
| compaq | tru64 | 4.0g_pk3_bl17 |
| sendmail | sendmail | 2.6 |
| sendmail | sendmail | 8.12.8 |
| sendmail | sendmail_switch | 2.2.5 |
| sendmail | sendmail | 8.9.3 |
| sendmail | sendmail_switch | 3.0 |
| compaq | tru64 | 5.1b |
| sendmail | sendmail | 8.11.3 |
| sun | solaris | 2.4 |
| sendmail | sendmail | 8.12.3 |
| sendmail | sendmail_switch | 2.2.1 |
| hp | hp-ux | 10.16 |
| sendmail | sendmail_switch | 3.0.2 |
| compaq | tru64 | 5.1_pk6_bl20 |
| compaq | tru64 | 4.0b |
| sendmail | sendmail | 8.12 |
| sun | sunos | 5.5.1 |
| sendmail | sendmail | 8.11.0 |
| sun | sunos | 5.4 |
| sun | solaris | 9.0 |
| compaq | tru64 | 5.1b_pk1_bl1 |
| hp | hp-ux | 10.01 |
| sun | sunos | 5.5 |
| hp | hp-ux_series_800 | 10.20 |
| sun | solaris | 2.5 |
| sendmail | sendmail | 3.0 |
| sun | sunos | - |
| hp | hp-ux | 10.34 |
| compaq | tru64 | 5.1a |
| compaq | tru64 | 5.1a_pk1_bl1 |
| sendmail | sendmail | 3.0.3 |
| sendmail | sendmail | 8.12.4 |
| hp | hp-ux | 10.30 |
| hp | hp-ux | 10.10 |
| sendmail | sendmail | 8.12.2 |
| compaq | tru64 | 4.0d_pk9_bl17 |
| hp | hp-ux | 10.09 |
| sendmail | sendmail | 8.12.6 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| sendmail | sendmail_switch | 2.2.3 |
| hp | hp-ux | 11.0.4 |
| hp | hp-ux | 10.26 |
| compaq | tru64 | 5.0_pk4_bl17 |
| sendmail | sendmail | 3.0.1 |
| sendmail | sendmail | 2.6.2 |
| hp | hp-ux | 10.24 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| compaq | tru64 | 5.1_pk4_bl18 |
| compaq | tru64 | 5.0f |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| sendmail | sendmail_switch | 2.1.2 |
| compaq | tru64 | 5.1_pk5_bl19 |
| sendmail | sendmail_switch | 2.1.3 |
| hp | hp-ux | 11.20 |
| compaq | tru64 | 5.0a_pk3_bl17 |
| sendmail | sendmail | 8.11.1 |
| sendmail | sendmail | 8.11.6 |
| sendmail | sendmail_switch | 2.1.4 |
| compaq | tru64 | 5.1a_pk3_bl3 |
| sendmail | sendmail | 8.10 |
| compaq | tru64 | 5.0a |
| sendmail | sendmail | 8.11.4 |
| sendmail | sendmail | 8.12.7 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sendmail | sendmail_switch | 2.2 |
| compaq | tru64 | 4.0d |
| compaq | tru64 | 4.0f |
| compaq | tru64 | 5.0_pk4_bl18 |
| compaq | tru64 | 4.0f_pk7_bl18 |
| sendmail | sendmail_switch | 3.0.1 |
| compaq | tru64 | 5.0 |
| sun | solaris | 2.5.1 |
| sendmail | sendmail | 8.9.0 |
| sendmail | sendmail_switch | 2.1.5 |
| sendmail | sendmail | 8.12.5 |
| sun | solaris | 8.0 |
| sendmail | sendmail_switch | 2.1.1 |
| sendmail | sendmail | 3.0.2 |
| hp | sis | * |
| compaq | tru64 | 5.1 |
| compaq | tru64 | 4.0f_pk6_bl17 |
| sendmail | sendmail | 8.11.5 |
| sendmail | sendmail | 8.10.1 |
| hp | hp-ux_series_700 | 10.20 |
| sendmail | sendmail_switch | 2.2.2 |
| sendmail | sendmail_switch | 2.1 |
| sendmail | sendmail | 8.12.0 |
| hp | hp-ux | 10.00 |
| sendmail | sendmail | 8.10.2 |
| sendmail | sendmail_switch | 3.0.3 |
| sendmail | sendmail | 8.12.1 |
| sendmail | sendmail | 2.6.1 |
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| samba | samba | 2.2.4 |
| hp | hp-ux | 10.24 |
| compaq | tru64 | 5.1_pk3_bl17 |
| hp | cifs-9000_server | a.01.08 |
| hp | cifs-9000_server | a.01.08.01 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| compaq | tru64 | 5.1_pk4_bl18 |
| compaq | tru64 | 5.0f |
| sun | solaris | 2.6 |
| hp | cifs-9000_server | a.01.09.01 |
| samba | samba | 2.2.7 |
| samba | samba | 2.2.6 |
| hp | hp-ux | 11.04 |
| samba-tng | samba-tng | 0.3.1 |
| samba | samba | 2.0.5 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| samba | samba | 2.0.10 |
| samba | samba | 2.2.0a |
| compaq | tru64 | 5.1_pk5_bl19 |
| samba | samba | 2.2.8 |
| compaq | tru64 | 4.0g_pk3_bl17 |
| samba | samba | 2.0.8 |
| samba-tng | samba-tng | 0.3 |
| samba | samba | 2.0.9 |
| samba | samba | 2.0.4 |
| samba | samba | 2.0.7 |
| samba | samba | 2.2.1a |
| hp | hp-ux | 11.20 |
| compaq | tru64 | 5.1b |
| samba | samba | 2.2.7a |
| compaq | tru64 | 5.0a_pk3_bl17 |
| compaq | tru64 | 5.1a_pk3_bl3 |
| hp | cifs-9000_server | a.01.05 |
| compaq | tru64 | 5.1_pk6_bl20 |
| samba | samba | 2.0.6 |
| compaq | tru64 | 5.0a |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| samba | samba | 2.2.3a |
| compaq | tru64 | 4.0d |
| samba | samba | 2.2.3 |
| compaq | tru64 | 4.0b |
| compaq | tru64 | 4.0f |
| compaq | tru64 | 5.0_pk4_bl18 |
| sun | sunos | 5.5.1 |
| hp | cifs-9000_server | a.01.07 |
| compaq | tru64 | 4.0f_pk7_bl18 |
| compaq | tru64 | 5.0 |
| samba | samba | 2.0.0 |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| compaq | tru64 | 5.1b_pk1_bl1 |
| sun | solaris | 8.0 |
| hp | hp-ux | 10.01 |
| sun | sunos | - |
| compaq | tru64 | 5.1a |
| hp | cifs-9000_server | a.01.06 |
| compaq | tru64 | 5.1a_pk1_bl1 |
| samba | samba | 2.2.2 |
| compaq | tru64 | 5.1 |
| samba | samba | 2.0.3 |
| compaq | tru64 | 4.0f_pk6_bl17 |
| hp | cifs-9000_server | a.01.09 |
| samba | samba | 2.0.2 |
| samba | samba | 2.2.5 |
| compaq | tru64 | 4.0d_pk9_bl17 |
| hp | cifs-9000_server | a.01.09.02 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| samba | samba | 2.0.1 |
| compaq | tru64 | 5.0_pk4_bl17 |
| samba | samba | 2.2.0 |
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| samba | samba | 2.2.4 |
| hp | hp-ux | 10.24 |
| compaq | tru64 | 5.1_pk3_bl17 |
| hp | cifs-9000_server | a.01.08 |
| hp | cifs-9000_server | a.01.08.01 |
| hp | hp-ux | 10.20 |
| hp | hp-ux | 11.22 |
| compaq | tru64 | 5.1_pk4_bl18 |
| compaq | tru64 | 5.0f |
| sun | solaris | 2.6 |
| hp | cifs-9000_server | a.01.09.01 |
| samba | samba | 2.2.7 |
| samba | samba | 2.2.6 |
| hp | hp-ux | 11.04 |
| samba-tng | samba-tng | 0.3.1 |
| samba | samba | 2.0.5 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| samba | samba | 2.0.10 |
| samba | samba | 2.2.0a |
| compaq | tru64 | 5.1_pk5_bl19 |
| samba | samba | 2.2.8 |
| compaq | tru64 | 4.0g_pk3_bl17 |
| samba | samba | 2.0.8 |
| samba-tng | samba-tng | 0.3 |
| samba | samba | 2.0.9 |
| samba | samba | 2.0.4 |
| samba | samba | 2.0.7 |
| apple | mac_os_x | 10.2.2 |
| samba | samba | 2.2.1a |
| hp | hp-ux | 11.20 |
| compaq | tru64 | 5.1b |
| samba | samba | 2.2.7a |
| compaq | tru64 | 5.0a_pk3_bl17 |
| compaq | tru64 | 5.1a_pk3_bl3 |
| hp | cifs-9000_server | a.01.05 |
| compaq | tru64 | 5.1_pk6_bl20 |
| apple | mac_os_x | 10.2.4 |
| samba | samba | 2.0.6 |
| compaq | tru64 | 5.0a |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| samba | samba | 2.2.3a |
| apple | mac_os_x | 10.2 |
| compaq | tru64 | 4.0d |
| compaq | tru64 | 4.0b |
| compaq | tru64 | 4.0f |
| compaq | tru64 | 5.0_pk4_bl18 |
| sun | sunos | 5.5.1 |
| hp | cifs-9000_server | a.01.07 |
| apple | mac_os_x | 10.2.3 |
| compaq | tru64 | 4.0f_pk7_bl18 |
| compaq | tru64 | 5.0 |
| samba | samba | 2.0.0 |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| compaq | tru64 | 5.1b_pk1_bl1 |
| sun | solaris | 8.0 |
| hp | hp-ux | 10.01 |
| apple | mac_os_x | 10.2.1 |
| sun | sunos | - |
| compaq | tru64 | 5.1a |
| hp | cifs-9000_server | a.01.06 |
| compaq | tru64 | 5.1a_pk1_bl1 |
| compaq | tru64 | 5.1 |
| samba | samba | 2.0.3 |
| compaq | tru64 | 4.0f_pk6_bl17 |
| hp | cifs-9000_server | a.01.09 |
| samba | samba | 2.0.2 |
| samba | samba | 2.2.5 |
| compaq | tru64 | 4.0d_pk9_bl17 |
| hp | cifs-9000_server | a.01.09.02 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| samba | samba | 2.0.1 |
| compaq | tru64 | 5.0_pk4_bl17 |
| samba | samba | 2.2.0 |
Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_application_server | 7.0 |
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_application_server | 7.0 |
The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_application_server | 7.0 |
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-193,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | wu_ftpd | 2.6.1-16 |
| openbsd | openbsd | * |
| sun | solaris | 9.0 |
| wuftpd | wu-ftpd | * |
| freebsd | freebsd | * |
| netbsd | netbsd | * |
| apple | mac_os_x_server | 10.2.6 |
| apple | mac_os_x | 10.2.6 |
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_directory_server | 5.0_sp2 |
| sun | iplanet_directory_server | 5.0 |
| sun | iplanet_directory_server | 5.1 |
| sun | one_directory_server | 5.0 |
| sun | one_directory_server | 5.1 |
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sendmail | sendmail_switch | 2.2.4 |
| compaq | tru64 | 5.1_pk3_bl17 |
| sendmail | sendmail | 8.11.2 |
| sendmail | sendmail | 8.8.8 |
| sendmail | sendmail | 8.9.1 |
| sun | solaris | 2.6 |
| sendmail | sendmail | 8.9.2 |
| sgi | irix | 6.5.18m |
| compaq | tru64 | 4.0g_pk3_bl17 |
| sendmail | sendmail | 2.6 |
| sendmail | sendmail | 8.12.8 |
| sendmail | sendmail_switch | 2.2.5 |
| gentoo | linux | 1.4 |
| sendmail | sendmail | 8.9.3 |
| sendmail | sendmail_switch | 3.0 |
| freebsd | freebsd | 3.0 |
| compaq | tru64 | 5.1b |
| sendmail | sendmail | 8.11.3 |
| freebsd | freebsd | 5.0 |
| sendmail | sendmail | 8.12.3 |
| sendmail | sendmail_switch | 2.2.1 |
| apple | mac_os_x_server | 10.2.2 |
| sendmail | sendmail_switch | 3.0.2 |
| compaq | tru64 | 5.1_pk6_bl20 |
| sendmail | sendmail | 8.12 |
| sendmail | advanced_message_server | 1.3 |
| turbolinux | turbolinux_workstation | 7.0 |
| sendmail | advanced_message_server | 1.2 |
| sendmail | sendmail | 8.11.0 |
| sgi | irix | 6.5.18f |
| sun | solaris | 9.0 |
| compaq | tru64 | 5.1b_pk1_bl1 |
| sgi | irix | 6.5.21m |
| sendmail | sendmail | 8.12.9 |
| freebsd | freebsd | 4.8 |
| netbsd | netbsd | 1.5.2 |
| sendmail | sendmail | 3.0 |
| sun | sunos | - |
| compaq | tru64 | 5.1a |
| compaq | tru64 | 5.1a_pk1_bl1 |
| sendmail | sendmail | 3.0.3 |
| sgi | irix | 6.5.19f |
| sendmail | sendmail_pro | 8.9.2 |
| sendmail | sendmail_pro | 8.9.3 |
| turbolinux | turbolinux_server | 8.0 |
| sendmail | sendmail | 8.12.4 |
| freebsd | freebsd | 4.0 |
| freebsd | freebsd | 4.9 |
| turbolinux | turbolinux_server | 6.5 |
| sendmail | sendmail | 8.12.2 |
| ibm | aix | 5.2 |
| compaq | tru64 | 4.0g_pk4_bl22 |
| sendmail | sendmail | 8.12.6 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| turbolinux | turbolinux_server | 7.0 |
| apple | mac_os_x_server | 10.2.4 |
| netbsd | netbsd | 1.4.3 |
| apple | mac_os_x | 10.2.5 |
| sgi | irix | 6.5.20f |
| sendmail | sendmail_switch | 2.2.3 |
| netbsd | netbsd | 1.5.3 |
| apple | mac_os_x_server | 10.2.6 |
| sgi | irix | 6.5.15 |
| hp | hp-ux | 11.0.4 |
| apple | mac_os_x_server | 10.2 |
| compaq | tru64 | 5.1a_pk5_bl23 |
| sgi | irix | 6.5.16 |
| sendmail | sendmail | 3.0.1 |
| netbsd | netbsd | 1.5.1 |
| sendmail | sendmail | 2.6.2 |
| compaq | tru64 | 5.1a_pk4_bl21 |
| gentoo | linux | 0.5 |
| hp | hp-ux | 11.22 |
| compaq | tru64 | 5.1_pk4_bl18 |
| turbolinux | turbolinux_workstation | 8.0 |
| freebsd | freebsd | 4.4 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| sendmail | sendmail_switch | 2.1.2 |
| compaq | tru64 | 5.1_pk5_bl19 |
| sgi | irix | 6.5.17m |
| apple | mac_os_x_server | 10.2.1 |
| freebsd | freebsd | 4.7 |
| sgi | irix | 6.5.20m |
| sendmail | sendmail_switch | 2.1.3 |
| sgi | irix | 6.5.17f |
| freebsd | freebsd | 4.3 |
| apple | mac_os_x | 10.2.2 |
| apple | mac_os_x_server | 10.2.5 |
| sendmail | sendmail | 8.11.1 |
| freebsd | freebsd | 4.5 |
| sendmail | sendmail | 8.11.6 |
| sendmail | sendmail_switch | 2.1.4 |
| ibm | aix | 5.1 |
| compaq | tru64 | 5.1a_pk3_bl3 |
| apple | mac_os_x | 10.2.4 |
| sendmail | sendmail | 8.10 |
| sendmail | sendmail | 8.11.4 |
| sendmail | sendmail | 8.12.7 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| sendmail | sendmail_switch | 2.2 |
| apple | mac_os_x | 10.2 |
| netbsd | netbsd | 1.6.1 |
| apple | mac_os_x | 10.2.6 |
| compaq | tru64 | 4.0f |
| apple | mac_os_x | 10.2.3 |
| compaq | tru64 | 4.0f_pk7_bl18 |
| freebsd | freebsd | 5.1 |
| sendmail | sendmail_switch | 3.0.1 |
| compaq | tru64 | 5.1b_pk2_bl22 |
| sendmail | sendmail | 8.9.0 |
| sendmail | sendmail_switch | 2.1.5 |
| sendmail | sendmail | 8.12.5 |
| sun | solaris | 8.0 |
| sendmail | sendmail_switch | 2.1.1 |
| apple | mac_os_x | 10.2.1 |
| compaq | tru64 | 4.0f_pk8_bl22 |
| sendmail | sendmail | 3.0.2 |
| ibm | aix | 4.3.3 |
| turbolinux | turbolinux_workstation | 6.0 |
| compaq | tru64 | 5.1 |
| gentoo | linux | 1.2 |
| compaq | tru64 | 4.0f_pk6_bl17 |
| sendmail | sendmail | 8.11.5 |
| gentoo | linux | 1.1a |
| sendmail | sendmail | 8.10.1 |
| sendmail | sendmail_switch | 2.2.2 |
| netbsd | netbsd | 1.5 |
| sendmail | sendmail_switch | 2.1 |
| turbolinux | turbolinux_server | 6.1 |
| turbolinux | turbolinux_advanced_server | 6.0 |
| netbsd | netbsd | 1.6 |
| sendmail | sendmail | 8.12.0 |
| sendmail | sendmail | 8.10.2 |
| sgi | irix | 6.5.21f |
| apple | mac_os_x_server | 10.2.3 |
| gentoo | linux | 0.7 |
| sendmail | sendmail_switch | 3.0.3 |
| freebsd | freebsd | 4.6 |
| sendmail | sendmail | 8.12.1 |
| sgi | irix | 6.5.19m |
| sendmail | sendmail | 2.6.1 |
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | * |
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| compaq | tru64 | 5.1_pk3_bl17 |
| compaq | tru64 | 5.1a_pk4_bl21 |
| compaq | tru64 | 5.1_pk4_bl18 |
| ibm | aix | 5.1l |
| isc | bind | 8.3.2 |
| isc | bind | 8.3.4 |
| freebsd | freebsd | 4.4 |
| sun | solaris | 7.0 |
| hp | hp-ux | 11.11 |
| compaq | tru64 | 4.0g |
| compaq | tru64 | 5.1_pk5_bl19 |
| netbsd | netbsd | current |
| compaq | tru64 | 4.0g_pk3_bl17 |
| freebsd | freebsd | 4.7 |
| isc | bind | 8.2.4 |
| compaq | tru64 | 5.1b |
| nixu | namesurfer | suite_3.0.1 |
| freebsd | freebsd | 4.6.2 |
| freebsd | freebsd | 4.5 |
| isc | bind | 8.4.1 |
| freebsd | freebsd | 5.0 |
| isc | bind | 8.2.5 |
| isc | bind | 8.2.7 |
| compaq | tru64 | 5.1a_pk3_bl3 |
| compaq | tru64 | 5.1_pk6_bl20 |
| nixu | namesurfer | standard_3.0.1 |
| sun | sunos | 5.7 |
| hp | hp-ux | 11.00 |
| sun | sunos | 5.8 |
| isc | bind | 8.3.0 |
| netbsd | netbsd | 1.6.1 |
| compaq | tru64 | 4.0f |
| compaq | tru64 | 4.0f_pk7_bl18 |
| compaq | tru64 | 5.1b_pk2_bl22 |
| isc | bind | 8.4 |
| sun | solaris | 9.0 |
| isc | bind | 8.3.6 |
| compaq | tru64 | 5.1b_pk1_bl1 |
| sun | solaris | 8.0 |
| isc | bind | 8.2.3 |
| freebsd | freebsd | 4.8 |
| compaq | tru64 | 4.0f_pk8_bl22 |
| compaq | tru64 | 5.1a |
| compaq | tru64 | 5.1a_pk1_bl1 |
| compaq | tru64 | 5.1 |
| compaq | tru64 | 4.0f_pk6_bl17 |
| isc | bind | 8.2.6 |
| isc | bind | 8.3.3 |
| freebsd | freebsd | 4.9 |
| isc | bind | 8.3.5 |
| netbsd | netbsd | 1.6 |
| compaq | tru64 | 4.0g_pk4_bl22 |
| compaq | tru64 | 5.1a_pk2_bl2 |
| freebsd | freebsd | 4.6 |
| isc | bind | 8.3.1 |
| sco | unixware | 7.1.1 |
| compaq | tru64 | 5.1a_pk5_bl23 |
The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sun_fire | b1600 |
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | sunos | 5.5.1 |
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | solaris | 2.6 |
Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
| sun | sunos | 5.5 |
Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5.1 |
Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.2.2_10 |
| sun | jre | 1.4.0_01 |
| sun | jdk | 1.3.0_05 |
| sun | jre | 1.4 |
| sun | jdk | 1.3.1_01 |
| sun | jre | 1.2.2_012 |
| sun | jdk | 1.3 |
| sun | jdk | 1.4 |
| sun | jdk | 1.2.2 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.2.2_12 |
| sun | jdk | 1.3.0_02 |
| sun | jre | 1.2.2 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_01a |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_03 |
| sun | jdk | 1.4.0_01 |
| sun | jdk | 1.2.2_11 |
| sun | jre | 1.2.2_003 |
| sun | jre | 1.2.2_011 |
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | management+center | 3.0_revenue_release |
| sun | management+center | 2.1.1 |
| sun | management+center | 3.0 |
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_directory_server | 5.0 |
| sun | one_directory_server | 5.1 |
| sun | one_directory_server | 4.16 |
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 6.0 |
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | 1.4.2 |
| sun | java | 1.4.1 |
| sun | java | 1.3.1 |
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_02 |
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jre | * |
| sun | jsse | 1.0.3 |
| sun | java_web_start | * |
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_10 |
| sun | jre | 1.5.0 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_plug-in | 1.4.2_01 |
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_plug-in | 1.4.2 |
| sun | java_plug-in | 1.4 |
| sun | java_plug-in | 1.4.2_02 |
| sun | java_plug-in | 1.4.2_01 |
Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cluster | 2.2 |
| sun | cluster | 3.2 |
| sun | cluster | 3.0 |
| sun | cluster | 3.1 |
Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | change_manager | 1.0 |
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 4.1 |
| sun | one_web_server | 6.0 |
| sun | one_web_server | * |
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 4.1 |
| sun | one_web_server | 6.0 |
| sun | one_web_server | * |
Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 6.0 |
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cluster | 2.2 |
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 4.1 |
| sun | one_web_server | 6.0 |
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 6.0 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | pix_firewall_software | 6.1(5) |
| 4d | webstar | 5.2.1 |
| openssl | openssl | 0.9.6d |
| openssl | openssl | 0.9.6j |
| avaya | sg203 | 4.31.29 |
| avaya | sg203 | 4.4 |
| cisco | pix_firewall_software | 6.1(1) |
| redhat | linux | 8.0 |
| 4d | webstar | 4.0 |
| cisco | okena_stormwatch | 3.2 |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| avaya | vsu | 7500_r2.0.1 |
| cisco | gss_4480_global_site_selector | * |
| cisco | pix_firewall_software | 6.0(2) |
| stonesoft | stonegate | 2.2.4 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| redhat | enterprise_linux_desktop | 3.0 |
| cisco | pix_firewall | 6.2.2_.111 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| avaya | sg208 | 4.4 |
| cisco | pix_firewall_software | 6.3(3.102) |
| avaya | vsu | 5x |
| cisco | threat_response | * |
| avaya | s8500 | r2.0.0 |
| neoteris | instant_virtual_extranet | 3.3 |
| cisco | pix_firewall_software | 6.2 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| cisco | access_registrar | * |
| securecomputing | sidewinder | 5.2.0.03 |
| stonesoft | stonebeat_webcluster | 2.5 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| dell | bsafe_ssl-j | 3.1 |
| cisco | webns | 6.10_b4 |
| sgi | propack | 2.3 |
| cisco | ios | 12.1(11b)e14 |
| sco | openserver | 5.0.7 |
| avaya | s8500 | r2.0.1 |
| cisco | pix_firewall_software | 6.0(4.101) |
| avaya | vsu | 5000_r2.0.1 |
| novell | edirectory | 8.5 |
| tarantella | tarantella_enterprise | 3.30 |
| vmware | gsx_server | 3.0_build_7592 |
| redhat | enterprise_linux | 3.0 |
| cisco | pix_firewall_software | 6.0 |
| vmware | gsx_server | 2.5.1_build_5336 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| freebsd | freebsd | 4.8 |
| stonesoft | stonegate | 2.0.9 |
| cisco | webns | 7.2_0.0.03 |
| novell | edirectory | 8.7 |
| securecomputing | sidewinder | 5.2.0.04 |
| stonesoft | stonegate | 1.6.2 |
| cisco | css_secure_content_accelerator | 2.0 |
| openssl | openssl | 0.9.7a |
| cisco | ios | 12.1(11b)e12 |
| freebsd | freebsd | 4.9 |
| 4d | webstar | 5.2.3 |
| cisco | css11000_content_services_switch | * |
| avaya | s8700 | r2.0.0 |
| avaya | intuity_audix | s3400 |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| bluecoat | proxysg | * |
| redhat | openssl | 0.9.6b-3 |
| stonesoft | stonegate | 1.7 |
| 4d | webstar | 5.3 |
| openssl | openssl | 0.9.6e |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| cisco | content_services_switch_11500 | * |
| cisco | ios | 12.1(19)e1 |
| cisco | ios | 12.2(14)sy1 |
| cisco | webns | 7.10 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| 4d | webstar | 5.2.2 |
| stonesoft | servercluster | 2.5.2 |
| hp | hp-ux | 11.11 |
| stonesoft | stonegate | 2.0.5 |
| avaya | sg208 | * |
| neoteris | instant_virtual_extranet | 3.2 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| neoteris | instant_virtual_extranet | 3.0 |
| stonesoft | stonegate | 2.2.1 |
| cisco | webns | 7.1_0.1.02 |
| neoteris | instant_virtual_extranet | 3.1 |
| avaya | converged_communications_server | 2.0 |
| checkpoint | provider-1 | 4.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| cisco | pix_firewall_software | 6.0(4) |
| avaya | sg200 | 4.4 |
| cisco | pix_firewall_software | 6.0(3) |
| cisco | ios | 12.1(13)e9 |
| cisco | ios | 12.1(11b)e |
| cisco | pix_firewall_software | 6.3(1) |
| hp | wbem | a.02.00.00 |
| novell | edirectory | 8.7.1 |
| cisco | pix_firewall_software | 6.3 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| securecomputing | sidewinder | 5.2 |
| cisco | css_secure_content_accelerator | 1.0 |
| avaya | vsu | 2000_r2.0.1 |
| openssl | openssl | 0.9.7 |
| cisco | ios | 12.2za |
| stonesoft | stonegate_vpn_client | 1.7 |
| freebsd | freebsd | 5.2 |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| openssl | openssl | 0.9.6k |
| cisco | firewall_services_module | * |
| novell | edirectory | 8.5.27 |
| cisco | mds_9000 | * |
| openssl | openssl | 0.9.6f |
| openbsd | openbsd | 3.4 |
| avaya | vsu | 100_r2.0.1 |
| avaya | vsu | 10000_r2.0.1 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | call_manager | * |
| cisco | gss_4490_global_site_selector | * |
| checkpoint | firewall-1 | 2.0 |
| cisco | ios | 12.2(14)sy |
| checkpoint | firewall-1 | next_generation_fp2 |
| sco | openserver | 5.0.6 |
| 4d | webstar | 5.2 |
| redhat | openssl | 0.9.7a-2 |
| stonesoft | stonegate | 1.7.1 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| stonesoft | stonegate | 1.7.2 |
| stonesoft | stonegate | 2.0.4 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| vmware | gsx_server | 2.0.1_build_2129 |
| avaya | sg200 | 4.31.29 |
| cisco | ios | 12.1(11)e |
| checkpoint | firewall-1 | next_generation_fp1 |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | * |
| sgi | propack | 2.4 |
| openssl | openssl | 0.9.7c |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | pix_firewall_software | 6.2(3) |
| stonesoft | stonebeat_fullcluster | 2.0 |
| vmware | gsx_server | 2.0 |
| redhat | openssl | 0.9.6-15 |
| avaya | sg5 | 4.4 |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| hp | hp-ux | 11.23 |
| cisco | pix_firewall_software | 6.2(2) |
| cisco | pix_firewall_software | 6.3(3.109) |
| stonesoft | stonegate | 2.0.8 |
| tarantella | tarantella_enterprise | 3.40 |
| cisco | pix_firewall_software | 6.2(3.100) |
| openssl | openssl | 0.9.6c |
| cisco | firewall_services_module | 1.1.2 |
| securecomputing | sidewinder | 5.2.0.02 |
| stonesoft | stonegate | 2.0.6 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg5 | 4.3 |
| novell | edirectory | 8.5.12a |
| cisco | firewall_services_module | 1.1_(3.005) |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| avaya | vsu | 500 |
| avaya | s8300 | r2.0.0 |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| vmware | gsx_server | 2.5.1 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| hp | apache-based_web_server | 2.0.43.00 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| avaya | s8300 | r2.0.1 |
| stonesoft | stonegate | 2.2 |
| sun | crypto_accelerator_4000 | 1.0 |
| novell | edirectory | 8.6.2 |
| checkpoint | vpn-1 | next_generation_fp2 |
| avaya | sg5 | 4.2 |
| stonesoft | stonegate | 1.5.17 |
| redhat | linux | 7.2 |
| stonesoft | servercluster | 2.5 |
| checkpoint | firewall-1 | next_generation_fp0 |
| dell | bsafe_ssl-j | 3.0 |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| avaya | intuity_audix | 5.1.46 |
| cisco | webns | 7.1_0.2.06 |
| hp | wbem | a.01.05.08 |
| novell | imanager | 2.0 |
| avaya | intuity_audix | s3210 |
| checkpoint | vpn-1 | next_generation_fp0 |
| freebsd | freebsd | 5.2.1 |
| cisco | firewall_services_module | 1.1.3 |
| cisco | webns | 7.10_.0.06s |
| novell | imanager | 1.5 |
| 4d | webstar | 5.2.4 |
| avaya | vsu | 5 |
| avaya | s8700 | r2.0.1 |
| hp | apache-based_web_server | 2.0.43.04 |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| sgi | propack | 3.0 |
| hp | wbem | a.02.00.01 |
| cisco | pix_firewall_software | 6.0(1) |
| checkpoint | vpn-1 | next_generation_fp1 |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| hp | aaa_server | * |
| stonesoft | stonegate | 1.6.3 |
| stonesoft | stonebeat_webcluster | 2.0 |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.6h |
| cisco | ciscoworks_common_services | 2.2 |
| dell | bsafe_ssl-j | 3.0.1 |
| apple | mac_os_x | 10.3.3 |
| openssl | openssl | 0.9.6i |
| freebsd | freebsd | 5.1 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| cisco | pix_firewall_software | 6.1(4) |
| stonesoft | stonegate | 2.0.1 |
| cisco | ios | 12.2sy |
| stonesoft | stonegate | 1.5.18 |
| avaya | intuity_audix | * |
| securecomputing | sidewinder | 5.2.1 |
| cisco | application_and_content_networking_software | * |
| apple | mac_os_x_server | 10.3.3 |
| 4d | webstar | 5.3.1 |
| securecomputing | sidewinder | 5.2.0.01 |
| cisco | webns | 6.10 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.6g |
| cisco | firewall_services_module | 2.1_(0.208) |
| novell | edirectory | 8.0 |
| tarantella | tarantella_enterprise | 3.20 |
| cisco | pix_firewall_software | 6.1 |
| redhat | linux | 7.3 |
| openbsd | openbsd | 3.3 |
| stonesoft | stonegate | 2.0.7 |
| cisco | secure_content_accelerator | 10000 |
| cisco | pix_firewall_software | 6.1(3) |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| stonesoft | stonegate | 2.1 |
| openssl | openssl | 0.9.7b |
| hp | hp-ux | 8.05 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| cisco | pix_firewall_software | 6.3(2) |
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | pix_firewall_software | 6.1(5) |
| 4d | webstar | 5.2.1 |
| openssl | openssl | 0.9.6d |
| openssl | openssl | 0.9.6j |
| avaya | sg203 | 4.31.29 |
| avaya | sg203 | 4.4 |
| cisco | pix_firewall_software | 6.1(1) |
| redhat | linux | 8.0 |
| 4d | webstar | 4.0 |
| cisco | okena_stormwatch | 3.2 |
| lite | speed_technologies_litespeed_web_server | 1.3.1 |
| avaya | vsu | 7500_r2.0.1 |
| cisco | gss_4480_global_site_selector | * |
| cisco | pix_firewall_software | 6.0(2) |
| stonesoft | stonegate | 2.2.4 |
| stonesoft | stonebeat_securitycluster | 2.5 |
| redhat | enterprise_linux_desktop | 3.0 |
| cisco | pix_firewall | 6.2.2_.111 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc1 |
| avaya | sg208 | 4.4 |
| cisco | pix_firewall_software | 6.3(3.102) |
| avaya | vsu | 5x |
| cisco | threat_response | * |
| avaya | s8500 | r2.0.0 |
| neoteris | instant_virtual_extranet | 3.3 |
| cisco | pix_firewall_software | 6.2 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc1 |
| cisco | access_registrar | * |
| securecomputing | sidewinder | 5.2.0.03 |
| stonesoft | stonebeat_webcluster | 2.5 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| dell | bsafe_ssl-j | 3.1 |
| cisco | webns | 6.10_b4 |
| sgi | propack | 2.3 |
| cisco | ios | 12.1(11b)e14 |
| sco | openserver | 5.0.7 |
| avaya | s8500 | r2.0.1 |
| cisco | pix_firewall_software | 6.0(4.101) |
| avaya | vsu | 5000_r2.0.1 |
| novell | edirectory | 8.5 |
| tarantella | tarantella_enterprise | 3.30 |
| vmware | gsx_server | 3.0_build_7592 |
| redhat | enterprise_linux | 3.0 |
| cisco | pix_firewall_software | 6.0 |
| vmware | gsx_server | 2.5.1_build_5336 |
| lite | speed_technologies_litespeed_web_server | 1.2.1 |
| freebsd | freebsd | 4.8 |
| stonesoft | stonegate | 2.0.9 |
| cisco | webns | 7.2_0.0.03 |
| novell | edirectory | 8.7 |
| securecomputing | sidewinder | 5.2.0.04 |
| stonesoft | stonegate | 1.6.2 |
| cisco | css_secure_content_accelerator | 2.0 |
| openssl | openssl | 0.9.7a |
| cisco | ios | 12.1(11b)e12 |
| freebsd | freebsd | 4.9 |
| 4d | webstar | 5.2.3 |
| cisco | css11000_content_services_switch | * |
| avaya | s8700 | r2.0.0 |
| avaya | intuity_audix | s3400 |
| stonesoft | stonegate_vpn_client | 2.0.9 |
| bluecoat | proxysg | * |
| redhat | openssl | 0.9.6b-3 |
| stonesoft | stonegate | 1.7 |
| 4d | webstar | 5.3 |
| openssl | openssl | 0.9.6e |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| cisco | content_services_switch_11500 | * |
| cisco | ios | 12.1(19)e1 |
| cisco | ios | 12.2(14)sy1 |
| cisco | webns | 7.10 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| lite | speed_technologies_litespeed_web_server | 1.0.2 |
| 4d | webstar | 5.2.2 |
| stonesoft | servercluster | 2.5.2 |
| hp | hp-ux | 11.11 |
| stonesoft | stonegate | 2.0.5 |
| avaya | sg208 | * |
| neoteris | instant_virtual_extranet | 3.2 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| neoteris | instant_virtual_extranet | 3.0 |
| stonesoft | stonegate | 2.2.1 |
| cisco | webns | 7.1_0.1.02 |
| neoteris | instant_virtual_extranet | 3.1 |
| avaya | converged_communications_server | 2.0 |
| checkpoint | provider-1 | 4.1 |
| lite | speed_technologies_litespeed_web_server | 1.3_rc2 |
| cisco | pix_firewall_software | 6.0(4) |
| avaya | sg200 | 4.4 |
| cisco | pix_firewall_software | 6.0(3) |
| cisco | ios | 12.1(13)e9 |
| cisco | ios | 12.1(11b)e |
| cisco | pix_firewall_software | 6.3(1) |
| hp | wbem | a.02.00.00 |
| novell | edirectory | 8.7.1 |
| cisco | pix_firewall_software | 6.3 |
| lite | speed_technologies_litespeed_web_server | 1.2_rc2 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| securecomputing | sidewinder | 5.2 |
| cisco | css_secure_content_accelerator | 1.0 |
| avaya | vsu | 2000_r2.0.1 |
| openssl | openssl | 0.9.7 |
| cisco | ios | 12.2za |
| stonesoft | stonegate_vpn_client | 1.7 |
| freebsd | freebsd | 5.2 |
| lite | speed_technologies_litespeed_web_server | 1.2.2 |
| openssl | openssl | 0.9.6k |
| cisco | firewall_services_module | * |
| novell | edirectory | 8.5.27 |
| cisco | mds_9000 | * |
| openssl | openssl | 0.9.6f |
| openbsd | openbsd | 3.4 |
| avaya | vsu | 100_r2.0.1 |
| avaya | vsu | 10000_r2.0.1 |
| stonesoft | stonegate_vpn_client | 2.0 |
| cisco | call_manager | * |
| cisco | gss_4490_global_site_selector | * |
| checkpoint | firewall-1 | 2.0 |
| cisco | ios | 12.2(14)sy |
| checkpoint | firewall-1 | next_generation_fp2 |
| sco | openserver | 5.0.6 |
| 4d | webstar | 5.2 |
| redhat | openssl | 0.9.7a-2 |
| stonesoft | stonegate | 1.7.1 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| stonesoft | stonegate | 1.7.2 |
| stonesoft | stonegate | 2.0.4 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| vmware | gsx_server | 2.0.1_build_2129 |
| avaya | sg200 | 4.31.29 |
| cisco | ios | 12.1(11)e |
| checkpoint | firewall-1 | next_generation_fp1 |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | * |
| sgi | propack | 2.4 |
| openssl | openssl | 0.9.7c |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | pix_firewall_software | 6.2(3) |
| stonesoft | stonebeat_fullcluster | 2.0 |
| vmware | gsx_server | 2.0 |
| redhat | openssl | 0.9.6-15 |
| avaya | sg5 | 4.4 |
| stonesoft | stonegate_vpn_client | 2.0.7 |
| hp | hp-ux | 11.23 |
| cisco | pix_firewall_software | 6.2(2) |
| cisco | pix_firewall_software | 6.3(3.109) |
| stonesoft | stonegate | 2.0.8 |
| tarantella | tarantella_enterprise | 3.40 |
| cisco | pix_firewall_software | 6.2(3.100) |
| openssl | openssl | 0.9.6c |
| cisco | firewall_services_module | 1.1.2 |
| securecomputing | sidewinder | 5.2.0.02 |
| stonesoft | stonegate | 2.0.6 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg5 | 4.3 |
| novell | edirectory | 8.5.12a |
| cisco | firewall_services_module | 1.1_(3.005) |
| lite | speed_technologies_litespeed_web_server | 1.0.1 |
| avaya | vsu | 500 |
| avaya | s8300 | r2.0.0 |
| stonesoft | stonegate_vpn_client | 2.0.8 |
| vmware | gsx_server | 2.5.1 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| hp | apache-based_web_server | 2.0.43.00 |
| stonesoft | stonegate_vpn_client | 1.7.2 |
| avaya | s8300 | r2.0.1 |
| stonesoft | stonegate | 2.2 |
| sun | crypto_accelerator_4000 | 1.0 |
| novell | edirectory | 8.6.2 |
| avaya | sg5 | 4.2 |
| stonesoft | stonegate | 1.5.17 |
| redhat | linux | 7.2 |
| stonesoft | servercluster | 2.5 |
| checkpoint | firewall-1 | next_generation_fp0 |
| dell | bsafe_ssl-j | 3.0 |
| lite | speed_technologies_litespeed_web_server | 1.1 |
| avaya | intuity_audix | 5.1.46 |
| cisco | webns | 7.1_0.2.06 |
| hp | wbem | a.01.05.08 |
| novell | imanager | 2.0 |
| avaya | intuity_audix | s3210 |
| checkpoint | vpn-1 | next_generation_fp0 |
| freebsd | freebsd | 5.2.1 |
| cisco | firewall_services_module | 1.1.3 |
| cisco | webns | 7.10_.0.06s |
| novell | imanager | 1.5 |
| 4d | webstar | 5.2.4 |
| avaya | vsu | 5 |
| avaya | s8700 | r2.0.1 |
| hp | apache-based_web_server | 2.0.43.04 |
| lite | speed_technologies_litespeed_web_server | 1.0.3 |
| sgi | propack | 3.0 |
| hp | wbem | a.02.00.01 |
| cisco | pix_firewall_software | 6.0(1) |
| checkpoint | vpn-1 | next_generation_fp1 |
| lite | speed_technologies_litespeed_web_server | 1.1.1 |
| hp | aaa_server | * |
| stonesoft | stonegate | 1.6.3 |
| stonesoft | stonebeat_webcluster | 2.0 |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.6h |
| cisco | ciscoworks_common_services | 2.2 |
| dell | bsafe_ssl-j | 3.0.1 |
| apple | mac_os_x | 10.3.3 |
| openssl | openssl | 0.9.6i |
| freebsd | freebsd | 5.1 |
| lite | speed_technologies_litespeed_web_server | 1.3 |
| cisco | pix_firewall_software | 6.1(4) |
| stonesoft | stonegate | 2.0.1 |
| cisco | ios | 12.2sy |
| stonesoft | stonegate | 1.5.18 |
| avaya | intuity_audix | * |
| securecomputing | sidewinder | 5.2.1 |
| checkpoint | vpn-1 | next_generation |
| cisco | application_and_content_networking_software | * |
| apple | mac_os_x_server | 10.3.3 |
| 4d | webstar | 5.3.1 |
| securecomputing | sidewinder | 5.2.0.01 |
| cisco | webns | 6.10 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.6g |
| cisco | firewall_services_module | 2.1_(0.208) |
| novell | edirectory | 8.0 |
| tarantella | tarantella_enterprise | 3.20 |
| cisco | pix_firewall_software | 6.1 |
| redhat | linux | 7.3 |
| openbsd | openbsd | 3.3 |
| stonesoft | stonegate | 2.0.7 |
| cisco | secure_content_accelerator | 10000 |
| cisco | pix_firewall_software | 6.1(3) |
| lite | speed_technologies_litespeed_web_server | 1.3_rc3 |
| stonesoft | stonegate | 2.1 |
| openssl | openssl | 0.9.7b |
| hp | hp-ux | 8.05 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| cisco | pix_firewall_software | 6.3(2) |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | pix_firewall_software | 6.1(5) |
| 4d | webstar | 5.2.1 |
| openssl | openssl | 0.9.6d |
| forcepoint | stonegate | 2.1 |
| openssl | openssl | 0.9.6j |
| avaya | sg203 | 4.31.29 |
| avaya | sg203 | 4.4 |
| forcepoint | stonegate | 2.0.6 |
| cisco | pix_firewall_software | 6.1(1) |
| redhat | linux | 8.0 |
| 4d | webstar | 4.0 |
| cisco | okena_stormwatch | 3.2 |
| avaya | vsu | 7500_r2.0.1 |
| cisco | gss_4480_global_site_selector | * |
| cisco | pix_firewall_software | 6.0(2) |
| stonesoft | stonebeat_securitycluster | 2.5 |
| redhat | enterprise_linux_desktop | 3.0 |
| cisco | pix_firewall | 6.2.2_.111 |
| avaya | sg208 | 4.4 |
| cisco | pix_firewall_software | 6.3(3.102) |
| avaya | vsu | 5x |
| cisco | threat_response | * |
| avaya | s8500 | r2.0.0 |
| neoteris | instant_virtual_extranet | 3.3 |
| cisco | pix_firewall_software | 6.2 |
| forcepoint | stonegate | 2.2.1 |
| cisco | access_registrar | * |
| securecomputing | sidewinder | 5.2.0.03 |
| stonesoft | stonebeat_webcluster | 2.5 |
| stonesoft | stonebeat_fullcluster | 3.0 |
| dell | bsafe_ssl-j | 3.1 |
| cisco | webns | 6.10_b4 |
| forcepoint | stonegate | 1.5.17 |
| forcepoint | stonegate | 1.6.2 |
| sgi | propack | 2.3 |
| cisco | ios | 12.1(11b)e14 |
| sco | openserver | 5.0.7 |
| avaya | s8500 | r2.0.1 |
| cisco | pix_firewall_software | 6.0(4.101) |
| avaya | vsu | 5000_r2.0.1 |
| novell | edirectory | 8.5 |
| tarantella | tarantella_enterprise | 3.30 |
| vmware | gsx_server | 3.0_build_7592 |
| redhat | enterprise_linux | 3.0 |
| cisco | pix_firewall_software | 6.0 |
| vmware | gsx_server | 2.5.1_build_5336 |
| freebsd | freebsd | 4.8 |
| litespeedtech | litespeed_web_server | 1.0.1 |
| cisco | webns | 7.2_0.0.03 |
| novell | edirectory | 8.7 |
| securecomputing | sidewinder | 5.2.0.04 |
| cisco | css_secure_content_accelerator | 2.0 |
| openssl | openssl | 0.9.7a |
| cisco | ios | 12.1(11b)e12 |
| freebsd | freebsd | 4.9 |
| forcepoint | stonegate | 1.6.3 |
| 4d | webstar | 5.2.3 |
| cisco | css11000_content_services_switch | * |
| avaya | s8700 | r2.0.0 |
| avaya | intuity_audix | s3400 |
| bluecoat | proxysg | * |
| redhat | openssl | 0.9.6b-3 |
| 4d | webstar | 5.3 |
| openssl | openssl | 0.9.6e |
| stonesoft | stonebeat_fullcluster | 1_3.0 |
| cisco | content_services_switch_11500 | * |
| cisco | ios | 12.1(19)e1 |
| cisco | ios | 12.2(14)sy1 |
| forcepoint | stonegate | 2.0.4 |
| forcepoint | stonegate | 2.2.4 |
| cisco | webns | 7.10 |
| checkpoint | vpn-1 | vsx_ng_with_application_intelligence |
| 4d | webstar | 5.2.2 |
| stonesoft | servercluster | 2.5.2 |
| hp | hp-ux | 11.11 |
| avaya | sg208 | * |
| neoteris | instant_virtual_extranet | 3.2 |
| symantec | clientless_vpn_gateway_4400 | 5.0 |
| neoteris | instant_virtual_extranet | 3.0 |
| cisco | webns | 7.1_0.1.02 |
| neoteris | instant_virtual_extranet | 3.1 |
| avaya | converged_communications_server | 2.0 |
| checkpoint | provider-1 | 4.1 |
| cisco | pix_firewall_software | 6.0(4) |
| avaya | sg200 | 4.4 |
| cisco | pix_firewall_software | 6.0(3) |
| cisco | ios | 12.1(13)e9 |
| cisco | ios | 12.1(11b)e |
| cisco | pix_firewall_software | 6.3(1) |
| forcepoint | stonegate | 2.2 |
| hp | wbem | a.02.00.00 |
| novell | edirectory | 8.7.1 |
| cisco | pix_firewall_software | 6.3 |
| stonesoft | stonebeat_fullcluster | 2.5 |
| securecomputing | sidewinder | 5.2 |
| cisco | css_secure_content_accelerator | 1.0 |
| avaya | vsu | 2000_r2.0.1 |
| openssl | openssl | 0.9.7 |
| cisco | ios | 12.2za |
| forcepoint | stonegate | 2.0.1 |
| freebsd | freebsd | 5.2 |
| openssl | openssl | 0.9.6k |
| cisco | firewall_services_module | * |
| novell | edirectory | 8.5.27 |
| cisco | mds_9000 | * |
| openssl | openssl | 0.9.6f |
| openbsd | openbsd | 3.4 |
| avaya | vsu | 100_r2.0.1 |
| avaya | vsu | 10000_r2.0.1 |
| cisco | call_manager | * |
| cisco | gss_4490_global_site_selector | * |
| checkpoint | firewall-1 | 2.0 |
| cisco | ios | 12.2(14)sy |
| checkpoint | firewall-1 | next_generation_fp2 |
| sco | openserver | 5.0.6 |
| 4d | webstar | 5.2 |
| redhat | openssl | 0.9.7a-2 |
| cisco | ciscoworks_common_management_foundation | 2.1 |
| neoteris | instant_virtual_extranet | 3.3.1 |
| forcepoint | stonegate | 1.7.2 |
| vmware | gsx_server | 2.0.1_build_2129 |
| avaya | sg200 | 4.31.29 |
| forcepoint | stonegate | 1.7 |
| cisco | ios | 12.1(11)e |
| checkpoint | firewall-1 | next_generation_fp1 |
| cisco | pix_firewall_software | 6.1(2) |
| checkpoint | firewall-1 | * |
| sgi | propack | 2.4 |
| openssl | openssl | 0.9.7c |
| cisco | pix_firewall_software | 6.2(1) |
| cisco | pix_firewall_software | 6.2(3) |
| stonesoft | stonebeat_fullcluster | 2.0 |
| vmware | gsx_server | 2.0 |
| redhat | openssl | 0.9.6-15 |
| avaya | sg5 | 4.4 |
| hp | hp-ux | 11.23 |
| cisco | pix_firewall_software | 6.2(2) |
| cisco | pix_firewall_software | 6.3(3.109) |
| tarantella | tarantella_enterprise | 3.40 |
| cisco | pix_firewall_software | 6.2(3.100) |
| openssl | openssl | 0.9.6c |
| cisco | firewall_services_module | 1.1.2 |
| securecomputing | sidewinder | 5.2.0.02 |
| securecomputing | sidewinder | 5.2.1.02 |
| avaya | sg5 | 4.3 |
| novell | edirectory | 8.5.12a |
| cisco | firewall_services_module | 1.1_(3.005) |
| avaya | vsu | 500 |
| avaya | s8300 | r2.0.0 |
| vmware | gsx_server | 2.5.1 |
| bluecoat | cacheos_ca_sa | 4.1.10 |
| stonesoft | stonebeat_fullcluster | 1_2.0 |
| hp | apache-based_web_server | 2.0.43.00 |
| avaya | s8300 | r2.0.1 |
| sun | crypto_accelerator_4000 | 1.0 |
| novell | edirectory | 8.6.2 |
| checkpoint | vpn-1 | next_generation_fp2 |
| avaya | sg5 | 4.2 |
| redhat | linux | 7.2 |
| stonesoft | servercluster | 2.5 |
| checkpoint | firewall-1 | next_generation_fp0 |
| dell | bsafe_ssl-j | 3.0 |
| avaya | intuity_audix | 5.1.46 |
| cisco | webns | 7.1_0.2.06 |
| hp | wbem | a.01.05.08 |
| novell | imanager | 2.0 |
| avaya | intuity_audix | s3210 |
| checkpoint | vpn-1 | next_generation_fp0 |
| freebsd | freebsd | 5.2.1 |
| cisco | firewall_services_module | 1.1.3 |
| forcepoint | stonegate | 2.0.5 |
| forcepoint | stonegate | 2.0.9 |
| cisco | webns | 7.10_.0.06s |
| novell | imanager | 1.5 |
| forcepoint | stonegate | 1.7.1 |
| 4d | webstar | 5.2.4 |
| avaya | vsu | 5 |
| forcepoint | stonegate | 1.5.18 |
| avaya | s8700 | r2.0.1 |
| hp | apache-based_web_server | 2.0.43.04 |
| sgi | propack | 3.0 |
| hp | wbem | a.02.00.01 |
| cisco | pix_firewall_software | 6.0(1) |
| checkpoint | vpn-1 | next_generation_fp1 |
| hp | aaa_server | * |
| stonesoft | stonebeat_webcluster | 2.0 |
| hp | hp-ux | 11.00 |
| openssl | openssl | 0.9.6h |
| cisco | ciscoworks_common_services | 2.2 |
| dell | bsafe_ssl-j | 3.0.1 |
| apple | mac_os_x | 10.3.3 |
| openssl | openssl | 0.9.6i |
| forcepoint | stonegate | 2.0.7 |
| freebsd | freebsd | 5.1 |
| cisco | pix_firewall_software | 6.1(4) |
| cisco | ios | 12.2sy |
| avaya | intuity_audix | * |
| securecomputing | sidewinder | 5.2.1 |
| cisco | application_and_content_networking_software | * |
| apple | mac_os_x_server | 10.3.3 |
| 4d | webstar | 5.3.1 |
| securecomputing | sidewinder | 5.2.0.01 |
| cisco | webns | 6.10 |
| stonesoft | stonebeat_securitycluster | 2.0 |
| openssl | openssl | 0.9.6g |
| cisco | firewall_services_module | 2.1_(0.208) |
| novell | edirectory | 8.0 |
| tarantella | tarantella_enterprise | 3.20 |
| forcepoint | stonegate | 2.0.8 |
| cisco | pix_firewall_software | 6.1 |
| redhat | linux | 7.3 |
| openbsd | openbsd | 3.3 |
| cisco | secure_content_accelerator | 10000 |
| cisco | pix_firewall_software | 6.1(3) |
| openssl | openssl | 0.9.7b |
| hp | hp-ux | 8.05 |
| bluecoat | cacheos_ca_sa | 4.1.12 |
| cisco | pix_firewall_software | 6.3(2) |
Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 2.6.0 |
| mandrakesoft | mandrake_linux | 9.1 |
| sun | solaris | 9.0 |
| suse | suse_email_server | 3 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 7 |
| suse | suse_linux_office_server | * |
| sun | sunos | 5.9 |
| suse | suse_linux_database_server | * |
| suse | suse_email_server | 3.1 |
| mandrakesoft | mandrake_multi_network_firewall | 8.2 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| sun | sunos | 5.8 |
| suse | suse_linux | 8 |
| mandrakesoft | mandrake_linux | 9.2 |
| gentoo | linux | * |
| suse | suse_linux_firewall | * |
| suse | suse_linux_connectivity_server | * |
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mit | kerberos_5 | 1.2 |
| mit | kerberos_5 | 1.2.5 |
| mit | kerberos | 1.0 |
| mit | kerberos_5 | 1.2.4 |
| sun | seam | 1.0 |
| sun | solaris | 9.0 |
| sgi | propack | 2.4 |
| mit | kerberos_5 | 1.3 |
| sun | solaris | 8.0 |
| mit | kerberos_5 | 1.0.6 |
| mit | kerberos_5 | 1.2.7 |
| sun | seam | 1.0.2 |
| tinysofa | tinysofa_enterprise_server | 1.0 |
| sgi | propack | 3.0 |
| mit | kerberos_5 | 1.2.1 |
| mit | kerberos | 1.0.8 |
| mit | kerberos_5 | 1.0 |
| mit | kerberos | 1.2.2.beta1 |
| mit | kerberos_5 | 1.2.3 |
| tinysofa | tinysofa_enterprise_server | 1.0_u1 |
| sun | seam | 1.0.1 |
| mit | kerberos_5 | 1.2.6 |
| mit | kerberos_5 | 1.1 |
| sun | sunos | 5.8 |
| mit | kerberos_5 | 1.2.2 |
| mit | kerberos_5 | 1.3.3 |
| mit | kerberos_5 | 1.1.1 |
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_3 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.4.2_03 |
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ray_server_software | 1.3 |
| sun | ray_server_software | 2.0 |
Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_calendar_server | 6.2 |
Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | windows_98 | * |
| microsoft | windows_98se | * |
| microsoft | windows_xp | * |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| microsoft | windows_2000 | * |
| sun | sunos | 5.8 |
| microsoft | windows_me | * |
| sun | solaris | 10.0 |
| microsoft | windows_2003_server | r2 |
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 10.0 |
Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avaya | call_management_system_server | 9.0 |
| avaya | call_management_system_server | 12.0 |
| sun | dtmail | * |
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
| avaya | call_management_system_server | 11.0 |
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| conectiva | linux | 10.0 |
| trustix | secure_linux | 2.0 |
| sun | java_desktop_system | 2.0 |
| linuxprinting.org | foomatic-filters | 3.0.2 |
| linuxprinting.org | foomatic-filters | 3.0 |
| linuxprinting.org | foomatic-filters | 3.0.1 |
| trustix | secure_linux | 2.1 |
| sun | java_desktop_system | 2003 |
| conectiva | linux | 9.0 |
| linuxprinting.org | foomatic-filters | 3.1 |
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enlightenment | imlib | 1.9.4 |
| suse | suse_linux | 9.0 |
| enlightenment | imlib2 | 1.0 |
| enlightenment | imlib2 | 1.0.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.10 |
| suse | suse_linux | 8.1 |
| turbolinux | turbolinux_workstation | 8.0 |
| enlightenment | imlib | 1.9.14 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.13 |
| redhat | enterprise_linux | 2.1 |
| enlightenment | imlib | 1.9.8 |
| imagemagick | imagemagick | 5.4.3 |
| enlightenment | imlib | 1.9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| enlightenment | imlib | 1.9.9 |
| conectiva | linux | 9.0 |
| enlightenment | imlib | 1.9 |
| imagemagick | imagemagick | 6.0.2 |
| enlightenment | imlib | 1.9.11 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| redhat | linux_advanced_workstation | 2.1 |
| imagemagick | imagemagick | 5.4.7 |
| enlightenment | imlib | 1.9.6 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 9.2 |
| enlightenment | imlib2 | 1.0.3 |
| imagemagick | imagemagick | 5.4.4.5 |
| enlightenment | imlib | 1.9.7 |
| mandrakesoft | mandrake_linux | 9.2 |
| enlightenment | imlib | 1.9.12 |
| turbolinux | turbolinux_workstation | 7.0 |
| conectiva | linux | 10.0 |
| enlightenment | imlib2 | 1.0.4 |
| redhat | enterprise_linux | 3.0 |
| enlightenment | imlib | 1.9.3 |
| imagemagick | imagemagick | 5.3.3 |
| redhat | fedora_core | core_2.0 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.5 |
| enlightenment | imlib2 | 1.0.5 |
| sun | java_desktop_system | 2.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux_server | 8.0 |
| imagemagick | imagemagick | 5.4.8 |
| enlightenment | imlib | 1.9.1 |
| sun | java_desktop_system | 2003 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| enlightenment | imlib2 | 1.0.2 |
| enlightenment | imlib2 | 1.1 |
| enlightenment | imlib2 | 1.1.1 |
| turbolinux | turbolinux_server | 7.0 |
| redhat | fedora_core | core_3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enlightenment | imlib | 1.9.4 |
| suse | suse_linux | 9.0 |
| enlightenment | imlib2 | 1.0 |
| enlightenment | imlib2 | 1.0.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.10 |
| suse | suse_linux | 8.1 |
| turbolinux | turbolinux_workstation | 8.0 |
| enlightenment | imlib | 1.9.14 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.13 |
| redhat | enterprise_linux | 2.1 |
| enlightenment | imlib | 1.9.8 |
| imagemagick | imagemagick | 5.4.3 |
| enlightenment | imlib | 1.9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| enlightenment | imlib | 1.9.9 |
| conectiva | linux | 9.0 |
| enlightenment | imlib | 1.9 |
| imagemagick | imagemagick | 6.0.2 |
| enlightenment | imlib | 1.9.11 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| redhat | linux_advanced_workstation | 2.1 |
| imagemagick | imagemagick | 5.4.7 |
| enlightenment | imlib | 1.9.6 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 9.2 |
| enlightenment | imlib2 | 1.0.3 |
| imagemagick | imagemagick | 5.4.4.5 |
| enlightenment | imlib | 1.9.7 |
| mandrakesoft | mandrake_linux | 9.2 |
| enlightenment | imlib | 1.9.12 |
| turbolinux | turbolinux_workstation | 7.0 |
| conectiva | linux | 10.0 |
| enlightenment | imlib2 | 1.0.4 |
| redhat | enterprise_linux | 3.0 |
| enlightenment | imlib | 1.9.3 |
| imagemagick | imagemagick | 5.3.3 |
| redhat | fedora_core | core_2.0 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.5 |
| enlightenment | imlib2 | 1.0.5 |
| sun | java_desktop_system | 2.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| turbolinux | turbolinux_desktop | 10.0 |
| turbolinux | turbolinux_server | 8.0 |
| imagemagick | imagemagick | 5.4.8 |
| enlightenment | imlib | 1.9.1 |
| sun | java_desktop_system | 2003 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| enlightenment | imlib2 | 1.0.2 |
| enlightenment | imlib2 | 1.1 |
| enlightenment | imlib2 | 1.1.1 |
| turbolinux | turbolinux_server | 7.0 |
| redhat | fedora_core | core_3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| mozilla | network_security_services | 3.2 |
| netscape | enterprise_server | 3.0 |
| mozilla | network_security_services | 3.4.2 |
| hp | hp-ux | 11.11 |
| netscape | enterprise_server | 2.0.1c |
| mozilla | network_security_services | 3.7 |
| netscape | enterprise_server | 3.6 |
| hp | hp-ux | 11.23 |
| mozilla | network_security_services | 3.3.2 |
| sun | java_system_application_server | 7.0 |
| netscape | enterprise_server | 3.0.1 |
| netscape | directory_server | 3.1 |
| netscape | enterprise_server | 3.0.7a |
| mozilla | network_security_services | 3.4 |
| netscape | certificate_server | 1.0 |
| mozilla | network_security_services | 3.7.2 |
| mozilla | network_security_services | 3.8 |
| sun | java_enterprise_system | 2004q2 |
| sun | one_web_server | 6.0 |
| hp | hp-ux | 11.00 |
| netscape | enterprise_server | 3.5.1 |
| netscape | directory_server | 3.12 |
| netscape | enterprise_server | 4.0 |
| mozilla | network_security_services | 3.9 |
| sun | one_web_server | 6.1 |
| sun | java_system_application_server | 7.1 |
| mozilla | network_security_services | 3.6.1 |
| mozilla | network_security_services | 3.3 |
| mozilla | network_security_services | 3.3.1 |
| mozilla | network_security_services | 3.7.3 |
| mozilla | network_security_services | 3.7.5 |
| netscape | directory_server | 1.3 |
| mozilla | network_security_services | 3.5 |
| sun | one_web_server | 4.1 |
| mozilla | network_security_services | 3.4.1 |
| netscape | enterprise_server | 3.3 |
| netscape | enterprise_server | 4.1 |
| netscape | enterprise_server | 2.0a |
| netscape | enterprise_server | 3.4 |
| netscape | directory_server | 4.11 |
| mozilla | network_security_services | 3.6 |
| mozilla | network_security_services | 3.7.1 |
| netscape | certificate_server | 4.2 |
| netscape | enterprise_server | 3.2 |
| netscape | enterprise_server | 3.0l |
| netscape | personalization_engine | * |
| netscape | enterprise_server | 4.1.1 |
| netscape | directory_server | 4.1 |
| netscape | directory_server | 4.13 |
| netscape | enterprise_server | 5.0 |
| mozilla | network_security_services | 3.7.7 |
| netscape | enterprise_server | 3.5 |
| sun | one_application_server | 6.0 |
| netscape | enterprise_server | 3.0.1b |
| netscape | enterprise_server | 2.0 |
| sun | java_enterprise_system | 2003q4 |
| netscape | enterprise_server | 3.1 |
| mozilla | network_security_services | 3.2.1 |
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| enlightenment | imlib | 1.9.4 |
| suse | suse_linux | 9.0 |
| enlightenment | imlib2 | 1.0 |
| enlightenment | imlib2 | 1.0.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 8.0 |
| enlightenment | imlib | 1.9.10 |
| suse | suse_linux | 8.1 |
| enlightenment | imlib | 1.9.14 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 9.1 |
| enlightenment | imlib | 1.9.13 |
| redhat | enterprise_linux | 2.1 |
| enlightenment | imlib | 1.9.8 |
| imagemagick | imagemagick | 5.4.3 |
| enlightenment | imlib | 1.9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| enlightenment | imlib | 1.9.9 |
| conectiva | linux | 9.0 |
| turbolinux | turbolinux | workstation_7.0 |
| turbolinux | turbolinux | desktop_10.0 |
| enlightenment | imlib | 1.9 |
| imagemagick | imagemagick | 6.0.2 |
| enlightenment | imlib | 1.9.11 |
| imagemagick | imagemagick | 5.5.7 |
| imagemagick | imagemagick | 5.4.8.2.1.1.0 |
| redhat | linux_advanced_workstation | 2.1 |
| turbolinux | turbolinux | server_8.0 |
| imagemagick | imagemagick | 5.4.7 |
| enlightenment | imlib | 1.9.6 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 9.2 |
| turbolinux | turbolinux | server_7.0 |
| enlightenment | imlib2 | 1.0.3 |
| imagemagick | imagemagick | 5.4.4.5 |
| enlightenment | imlib | 1.9.7 |
| mandrakesoft | mandrake_linux | 9.2 |
| enlightenment | imlib | 1.9.12 |
| conectiva | linux | 10.0 |
| enlightenment | imlib2 | 1.0.4 |
| redhat | enterprise_linux | 3.0 |
| enlightenment | imlib | 1.9.3 |
| imagemagick | imagemagick | 5.3.3 |
| redhat | fedora_core | core_2.0 |
| ubuntu | ubuntu_linux | 4.1 |
| enlightenment | imlib | 1.9.5 |
| enlightenment | imlib2 | 1.0.5 |
| sun | java_desktop_system | 2.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| imagemagick | imagemagick | 5.4.8 |
| enlightenment | imlib | 1.9.1 |
| sun | java_desktop_system | 2003 |
| imagemagick | imagemagick | 5.5.3.2.1.2.0 |
| enlightenment | imlib2 | 1.0.2 |
| enlightenment | imlib2 | 1.1 |
| enlightenment | imlib2 | 1.1.1 |
| redhat | fedora_core | core_3.0 |
| imagemagick | imagemagick | 5.5.6.0_2003-04-09 |
| turbolinux | turbolinux | workstation_8.0 |
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_01 |
| sun | jdk | 1.4.2_05 |
| hp | hp-ux | 11.22 |
| sun | jdk | 1.3.1_01 |
| hp | hp-ux | 11.11 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.1_06 |
| sun | jre | 1.4.0_03 |
| hp | hp-ux | 11.23 |
| gentoo | linux | * |
| sun | jre | 1.3.1_07 |
| symantec | gateway_security_5400 | 2.0.1 |
| sun | jre | 1.4.1_01 |
| sun | jdk | 1.3.1_02 |
| sun | jdk | 1.4.1_02 |
| sun | jre | 1.4 |
| sun | jre | 1.4.1_02 |
| sun | jre | 1.4.1_07 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2 |
| hp | java_sdk-rte | 1.4 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | jdk | 1.3.1_04 |
| hp | hp-ux | 11.00 |
| sun | jre | 1.3.1_09 |
| hp | java_sdk-rte | 1.3 |
| symantec | gateway_security_5400 | 2.0 |
| conectiva | linux | 10.0 |
| sun | jdk | 1.4.1 |
| sun | jdk | 1.4.1_01 |
| sun | jdk | 1.4.2 |
| symantec | enterprise_firewall | 8.0 |
| sun | jdk | 1.4.2_04 |
| sun | jdk | 1.4 |
| sun | jre | 1.4.0_02 |
| sun | jre | 1.4.1 |
| sun | jre | 1.3.1_05 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_03 |
| sun | jdk | 1.4.0_01 |
| sun | jdk | 1.4.1_03 |
| sun | jdk | 1.4.0_02 |
| sun | jdk | 1.4.2_03 |
| sun | jre | 1.4.0_01 |
| sun | jre | 1.4.0_04 |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jdk | 1.4.0_03 |
| sun | jre | 1.3.1_02 |
| sun | jdk | 1.4.0_4 |
| sun | jdk | 1.4.2_02 |
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 1.3.22 |
| openbsd | openbsd | current |
| hp | virtualvault | 4.6 |
| sun | solaris | 9.0 |
| avaya | communication_manager | 2.0 |
| hp | virtualvault | 4.7 |
| apache | http_server | 1.3.1 |
| avaya | communication_manager | 2.0.1 |
| sun | solaris | 8.0 |
| apache | http_server | 1.3.12 |
| hp | virtualvault | 4.5 |
| openbsd | openbsd | 3.5 |
| apache | http_server | 1.3.3 |
| ibm | http_server | 1.3.19 |
| openbsd | openbsd | 3.4 |
| apache | http_server | 1.3.9 |
| avaya | mn100 | * |
| apache | http_server | 1.3.18 |
| apache | http_server | 1.3.20 |
| apache | http_server | 1.3.28 |
| avaya | modular_messaging_message_storage_server | 1.1 |
| apache | http_server | 1.3.19 |
| avaya | modular_messaging_message_storage_server | 2.0 |
| avaya | network_routing | * |
| apache | http_server | 1.3.29 |
| sco | openserver | 5.0.6 |
| apache | http_server | 1.3.23 |
| apache | http_server | 1.3.25 |
| apache | http_server | 1.3.14 |
| apache | http_server | 1.3.6 |
| apache | http_server | 1.3 |
| avaya | intuity_audix_lx | * |
| apache | http_server | 1.3.7 |
| avaya | communication_manager | 1.1 |
| apache | http_server | 1.3.26 |
| apple | apache_mod_digest_apple | * |
| apache | http_server | 1.3.17 |
| sun | sunos | 5.8 |
| apache | http_server | 1.3.11 |
| sco | openserver | 5.0.7 |
| hp | webproxy | a.02.10 |
| apache | http_server | 1.3.27 |
| avaya | communication_manager | 1.3.1 |
| hp | webproxy | a.02.00 |
| apache | http_server | 1.3.4 |
| apache | http_server | 1.3.24 |
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 9.0 |
| suse | suse_linux | 8.2 |
| sun | java_desktop_system | 2.0 |
| suse | suse_linux | 8 |
| gnu | a2ps | 4.13 |
| suse | suse_linux | 8.1 |
| suse | suse_linux | 9.1 |
| sun | java_desktop_system | 2003 |
| gnu | a2ps | 4.13b |
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | solaris | * |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux | 10.1 |
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apple | mac_os_x_server | 10.3 |
| apple | mac_os_x_server | 10.3.7 |
| sco | unixware | 7.1.4 |
| apple | mac_os_x_server | 10.3.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| libtiff | libtiff | 3.4 |
| libtiff | libtiff | 3.5.4 |
| libtiff | libtiff | 3.7.0 |
| sun | solaris | 7.0 |
| avaya | interactive_response | 1.2.1 |
| f5 | icontrol_service_manager | 1.3 |
| apple | mac_os_x | 10.3 |
| libtiff | libtiff | 3.5.3 |
| gentoo | linux | * |
| avaya | mn100 | * |
| sgi | propack | 3.0 |
| sun | solaris | 10.0 |
| conectiva | linux | 9.0 |
| f5 | icontrol_service_manager | 1.3.5 |
| avaya | integrated_management | * |
| avaya | call_management_system_server | 9.0 |
| avaya | interactive_response | 1.3 |
| apple | mac_os_x | 10.3.5 |
| libtiff | libtiff | 3.5.7 |
| avaya | intuity_audix_lx | * |
| avaya | interactive_response | * |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| apple | mac_os_x | 10.3.6 |
| libtiff | libtiff | 3.6.1 |
| apple | mac_os_x_server | 10.3.9 |
| apple | mac_os_x | 10.3.3 |
| conectiva | linux | 10.0 |
| libtiff | libtiff | 3.5.1 |
| libtiff | libtiff | 3.5.2 |
| avaya | call_management_system_server | 12.0 |
| sun | solaris | 9.0 |
| apple | mac_os_x | 10.3.1 |
| apple | mac_os_x_server | 10.3.8 |
| sun | solaris | 8.0 |
| apple | mac_os_x | 10.3.8 |
| apple | mac_os_x | 10.3.7 |
| libtiff | libtiff | 3.6.0 |
| f5 | icontrol_service_manager | 1.3.4 |
| apple | mac_os_x_server | 10.3.3 |
| apple | mac_os_x_server | 10.3.5 |
| avaya | call_management_system_server | 11.0 |
| avaya | call_management_system_server | 8.0 |
| f5 | icontrol_service_manager | 1.3.6 |
| avaya | modular_messaging_message_storage_server | 1.1 |
| avaya | modular_messaging_message_storage_server | 2.0 |
| apple | mac_os_x_server | 10.3.4 |
| mandrakesoft | mandrake_linux | 10.1 |
| libtiff | libtiff | 3.5.5 |
| avaya | call_management_system_server | 13.0 |
| apple | mac_os_x_server | 10.3.2 |
| apple | mac_os_x | 10.3.4 |
| apple | mac_os_x | 10.3.9 |
| apple | mac_os_x_server | 10.3.6 |
| avaya | cvlan | * |
| apple | mac_os_x | 10.3.2 |
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | enterprise_storage_manager | 2.1 |
| sun | storedge_3510_fc_array | * |
| sun | storedge_3310_scsi_array | * |
The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_proxy_server | 3.6 |
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | solaris | * |
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2 |
| sun | jre | 1.5.0 |
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| macromedia | jrun | 4.0_build_61650 |
| sun | one_application_server | 7.0 |
| macromedia | coldfusion | 6.1 |
| macromedia | coldfusion | 6.0 |
| macromedia | jrun | 4.0 |
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | patch_manager | 113579-04 |
| sun | patch_manager | 114342-05 |
| sun | patch_manager | 113579-02 |
| sun | patch_manager | 113579-05 |
| sun | patch_manager | 114342-03 |
| sun | patch_manager | 114342-04 |
| sun | patch_manager | 113579-03 |
| sun | patch_manager | 114342-02 |
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_application_server | 7.0 |
| sun | java_system_web_server | 6.0 |
| sun | java_system_web_server | 6.1 |
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jsse | 1.0.3_02 |
| sun | jsse | 1.0.3 |
| sun | jsse | 1.0.3_01 |
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.1 |
| sun | jdk | 1.4.1_01 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_01 |
| sun | jdk | 1.4.2_05 |
| sun | jdk | 1.4.2_04 |
| sun | jdk | 1.4 |
| sun | jre | 1.4.0_02 |
| sun | jre | 1.4.1 |
| sun | jre | 1.4.0_03 |
| sun | jdk | 1.4.0_01 |
| sun | jdk | 1.4.1_03 |
| sun | jdk | 1.4.0_02 |
| sun | jdk | 1.4.2_03 |
| sun | jre | 1.4.1_01 |
| sun | jre | 1.4.0_01 |
| sun | jdk | 1.4.1_02 |
| sun | jre | 1.4 |
| sun | jre | 1.4.0_04 |
| sun | jre | 1.4.1_02 |
| sun | jre | 1.4.1_07 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.0_03 |
| sun | jdk | 1.4.0_4 |
| sun | jdk | 1.4.2_02 |
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sun_fire | 4810 |
| sun | sun_fire | 4800 |
| sun | sun_fire | 3800 |
| sun | sun_fire | 6800 |
| sun | sun_fire | v1280 |
| sun | netra_1280 | * |
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunforum | 3d_1.0 |
| sun | sunforum | 3.2 |
Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | storedge_qfs | * |
| sun | storeedge_performance_suite | 4.1 |
| sun | storedge_sam-qfs | * |
| sun | storeedge_performance_suite | 4.0 |
| sun | storeedge_utilization_suite | 4.0 |
| sun | storeedge_utilization_suite | 4.1 |
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_messaging_server | 6.1 |
| sun | iplanet_messaging_server | 5.2 |
Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_messaging_server | 6.1 |
| sun | iplanet_messaging_server | 5.2 |
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ubuntu | ubuntu_linux | 5.04 |
| sco | unixware | 7.1.4 |
| redhat | enterprise_linux_desktop | 4.0 |
| freebsd | freebsd | 5.3 |
| redhat | enterprise_linux | 2.1 |
| freebsd | freebsd | 4.4 |
| sun | solaris | 7.0 |
| freebsd | freebsd | 4.7 |
| redhat | enterprise_linux_desktop | 3.0 |
| sun | solaris | 10.0 |
| freebsd | freebsd | 3.5 |
| freebsd | freebsd | 4.3 |
| freebsd | freebsd | 3.5.1 |
| freebsd | freebsd | 4.2 |
| freebsd | freebsd | 3.0 |
| freebsd | freebsd | 2.2 |
| freebsd | freebsd | 4.6.2 |
| freebsd | freebsd | 4.5 |
| freebsd | freebsd | 5.0 |
| freebsd | freebsd | 4.1.1 |
| sco | unixware | 7.1.3 |
| freebsd | freebsd | 2.1.5 |
| sco | openserver | 5.0.7 |
| freebsd | freebsd | 2.1.7.1 |
| freebsd | freebsd | 3.4 |
| freebsd | freebsd | 4.10 |
| freebsd | freebsd | 5.1 |
| freebsd | freebsd | 3.3 |
| redhat | enterprise_linux | 3.0 |
| freebsd | freebsd | 5.2 |
| sun | solaris | 9.0 |
| freebsd | freebsd | 2.2.4 |
| ubuntu | ubuntu_linux | 4.1 |
| sun | solaris | 8.0 |
| freebsd | freebsd | 1.1.5.1 |
| freebsd | freebsd | 4.8 |
| freebsd | freebsd | 2.2.5 |
| freebsd | freebsd | 2.2.3 |
| freebsd | freebsd | 2.1.6 |
| freebsd | freebsd | 2.0.5 |
| freebsd | freebsd | 2.1.0 |
| freebsd | freebsd | 4.0 |
| freebsd | freebsd | 4.1 |
| freebsd | freebsd | 4.9 |
| freebsd | freebsd | 4.11 |
| sco | unixware | 7.1.3_up |
| freebsd | freebsd | 2.2.8 |
| freebsd | freebsd | 2.0 |
| freebsd | freebsd | 2.2.6 |
| redhat | fedora_core | core_3.0 |
| freebsd | freebsd | 3.1 |
| freebsd | freebsd | 2.1.6.1 |
| freebsd | freebsd | 4.6 |
| redhat | enterprise_linux | 4.0 |
| freebsd | freebsd | 3.2 |
| freebsd | freebsd | 5.2.1 |
| freebsd | freebsd | 5.4 |
| freebsd | freebsd | 2.2.2 |
The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sdk | 1.4.1 |
| sun | rte | 1.4.1 |
| compaq | tru64 | * |
| sun | rte | 1.4.2 |
| sun | sdk | 1.4.2 |
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| emc | legato_networker | 4.2.2 |
| emc | legato_networker | 6.1 |
| sun | storedge_enterprise_backup_software | 7.0 |
| emc | legato_networker | 7.13 |
| emc | legato_networker | 7.2 |
| sun | storedge_enterprise_backup_software | 7.2 |
| sun | storedge_enterprise_backup_software | 7.1 |
| emc | legato_networker | 6.0 |
| sun | solstice_backup | 6.0 |
| sun | solstice_backup | 6.1 |
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| emc | legato_networker | 4.2.2 |
| emc | legato_networker | 6.1 |
| sun | storedge_enterprise_backup_software | 7.0 |
| emc | legato_networker | 7.13 |
| emc | legato_networker | 7.2 |
| sun | storedge_enterprise_backup_software | 7.2 |
| sun | storedge_enterprise_backup_software | 7.1 |
| emc | legato_networker | 6.0 |
| sun | solstice_backup | 6.0 |
| sun | solstice_backup | 6.1 |
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| emc | legato_networker | 4.2.2 |
| emc | legato_networker | 6.1 |
| sun | storedge_enterprise_backup_software | 7.0 |
| emc | legato_networker | 7.13 |
| emc | legato_networker | 7.2 |
| sun | storedge_enterprise_backup_software | 7.2 |
| sun | storedge_enterprise_backup_software | 7.1 |
| emc | legato_networker | 6.0 |
| sun | solstice_backup | 6.0 |
| sun | solstice_backup | 6.1 |
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2se | 1.4.2_01 |
| sun | j2se | 1.4.2_04 |
| sun | j2se | 1.4.2_05 |
| sun | j2se | 1.4.2 |
| sun | j2se | 1.4.2_03 |
| sun | j2se | 1.4.2_02 |
| sun | j2se | 1.4.2_06 |
Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.2 |
| sun | jdk | 1.5.0 |
| sun | jdk | 1.2.0 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0 |
| sun | jre | 1.4 |
| sun | jdk | 1.4.0 |
| sun | jre | 1.1 |
| sun | jdk | 1.1.0 |
| sun | jre | 1.5.0 |
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| mit | kerberos_5 | 1.3.4 |
| microsoft | telnet_client | 5.1.2600.2180 |
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_answerbook2 | 1.4 |
| sun | solaris_answerbook2 | 1.4.2 |
| sun | solaris_answerbook2 | 1.3 |
| sun | solaris_answerbook2 | 1.4.4 |
| sun | solaris_answerbook2 | 1.4.3 |
| sun | solaris_answerbook2 | 1.2 |
| sun | solaris_answerbook2 | 1.4.1 |
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_answerbook2 | * |
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_application_server | 7.0 |
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2se | 1.4.2_01 |
| sun | j2se | 1.4.2_04 |
| sun | j2se | 1.4.2_05 |
| sun | j2se | 1.4.2 |
| sun | j2se | 1.4.2_03 |
| sun | j2se | 1.4.2_02 |
| sun | j2se | 1.4.2_06 |
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sdk | 1.5 |
| sun | sdk | 1.4.2 |
Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | javamail | 1.3.2 |
Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | 6.0 |
Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_proxy_server | 3.6 |
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | storedge_6130_arrays | * |
ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | javamail | 1.3 |
| sun | javamail | 1.2 |
| sun | javamail | 1.1.3 |
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache_tomcat | apache_tomcat | 5.0.16 |
| sun | javamail | 1.3 |
| sun | javamail | 1.3.2 |
| sun | javamail | 1.2 |
| sun | javamail | 1.1.3 |
Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | * |
| sun | java_system_web_server | 6.1 |
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2se | 5.0_update1 |
| sun | j2se | 5.0 |
Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2se | 1.4.2_01 |
| sun | j2se | 1.4.2_04 |
| sun | j2se | 1.4.2_05 |
| sun | j2se | 5.0_update1 |
| sun | j2se | 1.4.2 |
| sun | j2se | 1.4.2_03 |
| sun | j2se | 1.4.2_02 |
| sun | j2se | 1.4.2_06 |
| sun | j2se | 1.4.2_07 |
| sun | j2se | 5.0 |
Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_messaging_server | 6.2 |
| sun | iplanet_messaging_server | 5.2 |
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
| sun | solaris | 10.0 |
Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_web_server | 6.1 |
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | * |
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | 1.4.2 |
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | 1.3.1 |
Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | 1.4.2 |
Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 10.0 |
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_directory_server | 5.0_sp2 |
| sun | java_system_directory_server | 5.2 |
| sun | java_system_directory_proxy_server | 5.2 |
| sun | one_directory_server | 5.0 |
| sun | one_administration_server | 5.2 |
| sun | one_directory_server | 5.1 |
| sun | one_directory_server | 4.16 |
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 10.0 |
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_communications_express | 2004q2 |
| sun | java_system_communications_express | 2005q1 |
(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sdk | 1.4.2_08 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.5.0_05 |
| sun | sdk | 1.4.2_09 |
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | solaris | 10.0 |
Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | solaris | * |
Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_5 |
| sun | jdk | 1.5.0_03 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.1 |
| sun | jre | 1.3.0 |
| sun | jre | 1.3.1 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.5.0 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3_02 |
| sun | jdk | 1.4.2_01 |
| sun | jdk | 1.4.2_05 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.4.2_1 |
| sun | jdk | 1.3.1_08 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.1_06 |
| sun | jdk | 1.3.0_02 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.4.2_08 |
| sun | jdk | 1.3.1_02 |
| sun | jdk | 1.4.1_02 |
| sun | jre | 1.4.2_3 |
| sun | jdk | 1.3.1_05 |
| sun | jdk | 1.3 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.3_05 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.1 |
| sun | jdk | 1.3.0_05 |
| sun | jre | 1.4.2_5 |
| sun | jdk | 1.3.1_15 |
| sun | jdk | 1.4.1_01 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.4.2_04 |
| sun | jdk | 1.4 |
| sun | jre | 1.4.1 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.4.0_01 |
| sun | jdk | 1.4.1_03 |
| sun | jdk | 1.3.1_10 |
| sun | jdk | 1.4.0_02 |
| sun | jdk | 1.4.2_03 |
| sun | jdk | 1.3.1_13 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.5.0_03 |
| sun | jre | 1.4.2_2 |
| sun | jdk | 1.3.1_07 |
| sun | jdk | 1.4.0_03 |
| sun | jdk | 1.4.0_4 |
| sun | jdk | 1.4.2_02 |
Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3_02 |
| sun | jdk | 1.4.2_01 |
| sun | jdk | 1.4.2_05 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.4.2_1 |
| sun | jdk | 1.3.1_08 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.1_06 |
| sun | jdk | 1.3.0_02 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.4.2_08 |
| sun | jdk | 1.3.1_02 |
| sun | jdk | 1.4.1_02 |
| sun | jre | 1.4.2_3 |
| sun | jdk | 1.3.1_05 |
| sun | jdk | 1.3 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.3_05 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.1 |
| sun | jdk | 1.3.0_05 |
| sun | jre | 1.4.2_5 |
| sun | jdk | 1.3.1_15 |
| sun | jdk | 1.4.1_01 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.4.2_04 |
| sun | jdk | 1.4 |
| sun | jre | 1.4.1 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.4.0_01 |
| sun | jdk | 1.4.1_03 |
| sun | jdk | 1.3.1_10 |
| sun | jdk | 1.4.0_02 |
| sun | jdk | 1.4.2_03 |
| sun | jdk | 1.3.1_13 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.5.0_03 |
| sun | jre | 1.4.2_2 |
| sun | jdk | 1.3.1_07 |
| sun | jdk | 1.4.0_03 |
| sun | jdk | 1.4.0_4 |
| sun | jdk | 1.4.2_02 |
Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_5 |
| sun | jdk | 1.5.0_03 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.1 |
| sun | jre | 1.3.0 |
| sun | jre | 1.3.1 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.5.0 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_communications_services_delegated_administrator | 6 |
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_application_server | 7.0 |
| sun | one_application_server | 7.0 |
| sun | java_system_application_server | 8.1 |
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | wbem_services | a.02.00.07 |
| sun | wbem_services | a.01.05.11 |
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris_pc_netlink | 2.0 |
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 2.5.1 |
| sun | solaris | 9.0 |
| sun | solaris | 2.6 |
| sun | solaris | 8.0 |
| sun | sunos | 5.5 |
| sun | solaris | 2.5 |
| sun | solaris | 7.0 |
| sun | sunos | - |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | sunos | 5.5.1 |
| sun | solaris | 10.0 |
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 7.0 |
| sun | solaris | 9.0 |
| sun | sunos | 5.7 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
| sun | solaris | 10.0 |
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_application_server | 8.1 |
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_application_server | 7.0 |
| sun | java_system_application_server | 6.0 |
Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_proxy_server | 3.6 |
The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_plug-in | 1.4.2_03 |
| sun | java_plug-in | 1.4.2_04 |
Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | storedge_6130_arrays | * |
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | solaris | 10.0 |
Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 10.0 |
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | grid_engine | 6.0 |
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_access_manager | 7.0 |
Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2se | * |
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | * |
| sun | jre | 5.0 |
| sun | sdk | * |
| sun | jdk | 5.0 |
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_2 |
| sun | jre | 1.4.2_5 |
| sun | sdk | 1.4.2_6 |
| sun | sdk | 1.4.2_9 |
| sun | jre | 1.4.2_3 |
| sun | sdk | 1.4.2_4 |
| sun | jre | 1.4.2_1 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | sdk | 1.4.2_8 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | * |
| sun | jre | * |
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | * |
| sun | jre | * |
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_directory_server | 5.2 |
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| x.org | x11r7 | 1.0 |
| x.org | x11r6 | 6.9 |
| mandrakesoft | mandrake_linux | 2006 |
| sun | solaris | 10.0 |
| suse | suse_linux | 10.0 |
| redhat | fedora_core | core_5.0 |
| x.org | x11r7 | 1.0.1 |
Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
| sun | solaris | 10.0 |
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 10.0 |
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | n1_grid_engine | 6.0 |
| sun | grid_engine | 5.3 |
Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | cluster | 3.1 |
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 10.0 |
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_studio_enterprise | 8 |
Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 7.0 |
| sun | staroffice | 8.0 |
| openoffice | openoffice | 1.1.5 |
| openoffice | openoffice | 2.0.1 |
| openoffice | openoffice | 2.0.2 |
| openoffice | openoffice | 1.1.1b |
| openoffice | openoffice | 2.0.0 |
| openoffice | openoffice | 1.1.4 |
| openoffice | openoffice | 2.0.2_rc3 |
| openoffice | openoffice | 2.0.3_rc5 |
| openoffice | openoffice | 2.0.2_rc4 |
| openoffice | openoffice | 2.0.3_rc4 |
| openoffice | openoffice | 1.1.1a |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 2.0.2_rc1 |
| openoffice | openoffice | 1.1.0 |
| openoffice | openoffice | 2.0.3_rc3 |
| openoffice | openoffice | 2.0.0_rc1 |
| openoffice | openoffice | 2.0.3_rc6 |
| openoffice | openoffice | 2.0.0_rc3 |
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 2.0.0_rc2 |
| openoffice | openoffice | 2.0.2_rc2 |
| openoffice | openoffice | 1.1.3 |
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 7.0 |
| sun | staroffice | 8.0 |
| openoffice | openoffice | 1.1.5 |
| openoffice | openoffice | 2.0.1 |
| sun | staroffice | 6.0 |
| openoffice | openoffice | 2.0.2 |
| openoffice | openoffice | 2.0.0 |
| openoffice | openoffice | 1.1.4 |
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 1.1.3 |
| openoffice | openoffice | 1.1.0 |
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.5.0 |
| sun | sdk | 1.5.0_6 |
| sun | jre | 1.5.0 |
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_application_server | * |
| sun | java_system_web_server | * |
| sun | one_application_server | 7.0 |
| sun | one_application_server | 6.0 |
| sun | one_web_server | 6.0 |
| sun | java_system_application_server | * |
| sun | java_system_web_server | 6.1 |
| sun | one_web_server | * |
Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_directory_server | 5.2 |
Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | n1_system_manager | 1.1 |
A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | storage_automated_diagnostic_environment | 2.4 |
Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | n1_grid_engine | 6.0 |
| sun | grid_engine | 5.3 |
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | staroffice | 7.0 |
| openoffice | openoffice | 2.0 |
| sun | staroffice | 8.0 |
| openoffice | openoffice | 2.0.1 |
| sun | staroffice | 6.0 |
| openoffice | openoffice | 2.0.2 |
| openoffice | openoffice | 2.0.0 |
| openoffice | openoffice | 1.1.4 |
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 1.1.3 |
| openoffice | openoffice | 1.1.0 |
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_directory_server | 5.2 |
| sun | java_enterprise_system | 2004q2 |
| sun | java_enterprise_system | 2003q4 |
| sun | java_enterprise_system | 2005q1 |
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_messaging_server | 5.2 |
| sun | iplanet_messaging_server | 5.2 |
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | one_application_server | * |
| sun | java_system_application_server | 8.1 |
| sun | java_system_application_server | * |
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | solaris | 9.0 |
| sun | sunos | 5.8 |
| sun | solaris | 8.0 |
| sun | solaris | 10.0 |
Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | solaris | 10.0 |
Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | 10.0 |
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-824,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_directory_server | 5.2 |
| sun | one_directory_server | 5.2 |
| sun | one_directory_server | 5.1 |
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-444,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_proxy_server | 4.0 |
| sun | java_system_application_server | 7.0 |
| sun | one_application_server | 7.0 |
| sun | java_system_application_server | 8.1 |
| sun | java_system_web_server | 6.0 |
| sun | java_system_web_proxy_server | - |
| sun | java_system_web_server | 6.1 |
| sun | java_system_web_proxy_server | 3.6 |
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-88,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| oracle | solaris | 11 |
| oracle | solaris | 10 |
Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | javamail | * |
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | opensolaris | build_snv_64 |
| sun | opensolaris | build_snv_39 |
| sun | opensolaris | build_snv_67 |
| sun | opensolaris | build_snv_59 |
| sun | opensolaris | build_snv_47 |
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | openjdk | * |
| gimp | gimp | * |
| mozilla | firefox | 3.1 |
| littlecms | little_cms | * |
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | openjdk | * |
| gimp | gimp | * |
| mozilla | firefox | 3.1 |
| littlecms | little_cms | * |
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | openjdk | * |
| gimp | gimp | * |
| mozilla | firefox | 3.1 |
| littlecms | little_cms | * |
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | openjdk | 6 |
| littlecms | lcms | 1.18 |
Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | openjdk | 1.6.0.0 |
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 6 |
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 6 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| xmlsoft | libxml2 | 2.5.10 |
| fedoraproject | fedora | 11 |
| redhat | enterprise_linux | 3.0 |
| vmware | vma | 4.0 |
| xmlsoft | libxml2 | 2.6.27 |
| vmware | esxi | 3.5 |
| vmware | esx | 4.0 |
| fedoraproject | fedora | 10 |
| canonical | ubuntu_linux | 9.04 |
| suse | linux_enterprise | 10.0 |
| chrome | * | |
| vmware | esx | 3.5 |
| apple | iphone_os | * |
| xmlsoft | libxml2 | 2.6.26 |
| vmware | vcenter_server | 4.0 |
| apple | mac_os_x | * |
| redhat | enterprise_linux | 5.0 |
| vmware | esx | 3.0.3 |
| vmware | esxi | 4.0 |
| apple | safari | * |
| suse | linux_enterprise | 11.0 |
| canonical | ubuntu_linux | 8.04 |
| opensuse | opensuse | * |
| apple | mac_os_x_server | * |
| debian | debian_linux | 4.0 |
| xmlsoft | libxml | 1.8.17 |
| sun | openoffice.org | * |
| suse | linux_enterprise_server | 9 |
| canonical | ubuntu_linux | 8.10 |
| redhat | enterprise_linux | 4.0 |
| xmlsoft | libxml2 | 2.6.32 |
| canonical | ubuntu_linux | 6.06 |
| xmlsoft | libxml2 | 2.6.16 |
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2ee | * |
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | j2ee | * |
| broadcom | siteminder | * |
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | virtualbox | 3.0.4 |
| sun | virtualbox | 3.0.0 |
| sun | virtualbox | 3.0.6 |
| sun | virtualbox | 3.0.2 |
Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_104 |
| sun | opensolaris | snv_63 |
| sun | opensolaris | snv_91 |
| sun | opensolaris | snv_96 |
| sun | opensolaris | snv_109 |
| sun | opensolaris | snv_49 |
| sun | opensolaris | snv_87 |
| sun | opensolaris | snv_55 |
| sun | opensolaris | snv_64 |
| sun | opensolaris | snv_94 |
| sun | opensolaris | snv_98 |
| sun | opensolaris | snv_75 |
| sun | opensolaris | snv_106 |
| sun | opensolaris | snv_108 |
| sun | opensolaris | snv_78 |
| sun | opensolaris | snv_61 |
| sun | opensolaris | snv_115 |
| sun | opensolaris | snv_85 |
| sun | opensolaris | snv_90 |
| sun | opensolaris | snv_86 |
| sun | opensolaris | snv_99 |
| sun | opensolaris | snv_116 |
| sun | opensolaris | snv_117 |
| sun | opensolaris | snv_82 |
| sun | opensolaris | snv_66 |
| sun | opensolaris | snv_51 |
| sun | opensolaris | snv_88 |
| sun | opensolaris | snv_105 |
| sun | opensolaris | snv_54 |
| sun | opensolaris | snv_52 |
| sun | opensolaris | snv_114 |
| sun | opensolaris | snv_68 |
| sun | opensolaris | snv_93 |
| sun | opensolaris | snv_58 |
| sun | opensolaris | snv_74 |
| sun | opensolaris | snv_110 |
| sun | opensolaris | snv_92 |
| sun | opensolaris | snv_60 |
| sun | opensolaris | snv_97 |
| sun | opensolaris | snv_95 |
| sun | opensolaris | snv_76 |
| sun | opensolaris | snv_81 |
| sun | opensolaris | snv_84 |
| sun | opensolaris | snv_69 |
| sun | opensolaris | snv_70 |
| sun | opensolaris | snv_73 |
| sun | opensolaris | snv_113 |
| sun | opensolaris | snv_65 |
| sun | opensolaris | snv_62 |
| sun | opensolaris | snv_77 |
| sun | opensolaris | snv_79 |
| sun | opensolaris | snv_102 |
| sun | opensolaris | snv_103 |
| sun | opensolaris | snv_107 |
| sun | solaris | 10 |
| sun | opensolaris | snv_112 |
| sun | opensolaris | snv_67 |
| sun | opensolaris | snv_101 |
| sun | opensolaris | snv_53 |
| sun | opensolaris | snv_80 |
| sun | opensolaris | snv_111 |
| sun | opensolaris | snv_56 |
| sun | opensolaris | snv_71 |
| sun | opensolaris | snv_83 |
| sun | opensolaris | snv_57 |
| sun | opensolaris | snv_50 |
| sun | opensolaris | snv_100 |
| sun | opensolaris | snv_59 |
| sun | opensolaris | snv_89 |
| sun | opensolaris | snv_72 |
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_application_server | 7.0 |
Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | 7.0 |
Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | 7.0 |
The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_web_server | 7.0 |
The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_104 |
| sun | opensolaris | snv_91 |
| sun | opensolaris | snv_96 |
| sun | opensolaris | snv_109 |
| sun | opensolaris | snv_87 |
| sun | opensolaris | snv_120 |
| sun | opensolaris | snv_94 |
| sun | opensolaris | snv_98 |
| sun | opensolaris | snv_123 |
| sun | opensolaris | snv_75 |
| sun | opensolaris | snv_106 |
| sun | opensolaris | snv_132 |
| sun | opensolaris | snv_108 |
| sun | opensolaris | snv_78 |
| sun | opensolaris | snv_115 |
| sun | opensolaris | snv_85 |
| sun | opensolaris | snv_90 |
| sun | opensolaris | snv_86 |
| sun | opensolaris | snv_99 |
| sun | opensolaris | snv_116 |
| sun | solaris | 10.0 |
| sun | opensolaris | snv_117 |
| sun | opensolaris | snv_82 |
| sun | opensolaris | snv_121 |
| sun | opensolaris | snv_88 |
| sun | opensolaris | snv_105 |
| sun | opensolaris | snv_128 |
| sun | opensolaris | snv_114 |
| sun | opensolaris | snv_127 |
| sun | opensolaris | snv_126 |
| sun | opensolaris | snv_93 |
| sun | opensolaris | snv_74 |
| sun | opensolaris | snv_110 |
| sun | opensolaris | snv_133 |
| sun | opensolaris | snv_92 |
| sun | opensolaris | snv_131 |
| sun | opensolaris | snv_97 |
| sun | opensolaris | snv_95 |
| sun | opensolaris | snv_76 |
| sun | opensolaris | snv_81 |
| sun | opensolaris | snv_84 |
| sun | opensolaris | snv_130 |
| sun | opensolaris | snv_69 |
| sun | opensolaris | snv_70 |
| sun | opensolaris | snv_73 |
| sun | opensolaris | snv_113 |
| sun | opensolaris | snv_125 |
| sun | opensolaris | snv_119 |
| sun | opensolaris | snv_77 |
| sun | opensolaris | snv_79 |
| sun | opensolaris | snv_102 |
| sun | opensolaris | snv_124 |
| sun | opensolaris | snv_103 |
| sun | opensolaris | snv_107 |
| sun | opensolaris | snv_112 |
| sun | opensolaris | snv_101 |
| sun | opensolaris | snv_129 |
| sun | opensolaris | snv_80 |
| sun | opensolaris | snv_111 |
| sun | opensolaris | snv_122 |
| sun | opensolaris | snv_71 |
| sun | opensolaris | snv_118 |
| sun | opensolaris | snv_83 |
| sun | opensolaris | snv_100 |
| sun | opensolaris | snv_89 |
| sun | opensolaris | snv_72 |
The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_104 |
| sun | opensolaris | snv_91 |
| sun | opensolaris | snv_96 |
| sun | opensolaris | snv_109 |
| sun | opensolaris | snv_87 |
| sun | opensolaris | snv_120 |
| sun | opensolaris | snv_94 |
| sun | opensolaris | snv_98 |
| sun | opensolaris | snv_123 |
| sun | opensolaris | snv_106 |
| sun | opensolaris | snv_108 |
| sun | opensolaris | snv_78 |
| sun | opensolaris | snv_115 |
| sun | opensolaris | snv_85 |
| sun | opensolaris | snv_90 |
| sun | opensolaris | snv_86 |
| sun | opensolaris | snv_99 |
| sun | opensolaris | snv_116 |
| sun | opensolaris | snv_117 |
| sun | opensolaris | snv_82 |
| sun | opensolaris | snv_121 |
| sun | opensolaris | snv_88 |
| sun | opensolaris | snv_105 |
| sun | opensolaris | snv_128 |
| sun | opensolaris | snv_114 |
| sun | opensolaris | snv_127 |
| sun | opensolaris | snv_126 |
| sun | opensolaris | snv_93 |
| sun | opensolaris | snv_110 |
| sun | opensolaris | snv_92 |
| sun | opensolaris | snv_131 |
| sun | opensolaris | snv_97 |
| sun | opensolaris | snv_95 |
| sun | opensolaris | snv_81 |
| sun | opensolaris | snv_84 |
| sun | opensolaris | snv_130 |
| sun | opensolaris | snv_113 |
| sun | opensolaris | snv_125 |
| sun | opensolaris | snv_119 |
| sun | opensolaris | snv_77 |
| sun | opensolaris | snv_79 |
| sun | opensolaris | snv_102 |
| sun | opensolaris | snv_124 |
| sun | opensolaris | snv_103 |
| sun | opensolaris | snv_107 |
| sun | opensolaris | snv_112 |
| sun | opensolaris | snv_101 |
| sun | opensolaris | snv_129 |
| sun | opensolaris | snv_80 |
| sun | opensolaris | snv_111 |
| sun | opensolaris | snv_122 |
| sun | opensolaris | snv_118 |
| sun | opensolaris | snv_83 |
| sun | opensolaris | snv_100 |
| sun | opensolaris | snv_89 |
The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_104 |
| sun | opensolaris | snv_91 |
| sun | opensolaris | snv_96 |
| sun | opensolaris | snv_109 |
| sun | opensolaris | snv_130 |
| sun | opensolaris | snv_120 |
| sun | opensolaris | snv_113 |
| sun | opensolaris | snv_125 |
| sun | opensolaris | snv_94 |
| sun | opensolaris | snv_98 |
| sun | opensolaris | snv_119 |
| sun | opensolaris | snv_123 |
| sun | opensolaris | snv_106 |
| sun | opensolaris | snv_102 |
| sun | opensolaris | snv_108 |
| sun | opensolaris | snv_115 |
| sun | opensolaris | snv_124 |
| sun | opensolaris | snv_103 |
| sun | opensolaris | snv_99 |
| sun | opensolaris | snv_107 |
| sun | opensolaris | snv_116 |
| sun | opensolaris | snv_117 |
| sun | opensolaris | snv_112 |
| sun | opensolaris | snv_121 |
| sun | opensolaris | snv_105 |
| sun | opensolaris | snv_128 |
| sun | opensolaris | snv_114 |
| sun | opensolaris | snv_127 |
| sun | opensolaris | snv_101 |
| sun | opensolaris | snv_129 |
| sun | opensolaris | snv_126 |
| sun | opensolaris | snv_93 |
| sun | opensolaris | snv_111 |
| sun | opensolaris | snv_122 |
| sun | opensolaris | snv_118 |
| sun | opensolaris | snv_110 |
| sun | opensolaris | snv_92 |
| sun | opensolaris | snv_131 |
| sun | opensolaris | snv_100 |
| sun | opensolaris | snv_97 |
| sun | opensolaris | snv_95 |
Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_directory_server | 6.0 |
| sun | java_system_directory_server | 6.1 |
| sun | java_system_directory_server | 5.2 |
| sun | java_system_directory_server | 7.0 |
| sun | java_system_directory_server | 6.3.1 |
| sun | java_system_directory_server | 6.3 |
| sun | java_system_directory_server | 6.2 |
Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.3.1_27 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.3.1_27 |
| sun | jre | 1.4.2_25 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.3.1_05 |
| sun | sdk | 1.3.1_06 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jdk | 1.3.1_05 |
| sun | sdk | 1.3.1_07 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.3.1_22 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | jdk | 1.3.1_03 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | jdk | 1.3.1_25 |
| sun | sdk | 1.3.0_05 |
| sun | sdk | 1.3.1_04 |
| sun | jdk | 1.3.1_20 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java | 6 |
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
CVSS 2.0
Severity: LOW
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | solaris | * |
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_communications_express | * |
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.3.1_11 |
| sun | jdk | 1.3.1_22 |
| sun | jdk | 1.3.0 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.3.1_08 |
| sun | jdk | 1.3.1_01 |
| sun | jdk | 1.3.1_09 |
| sun | jre | 1.3.1_26 |
| sun | sdk | 1.3.1_18 |
| sun | jdk | 1.3.1_08 |
| sun | jdk | 1.3.1_19 |
| sun | jdk | 1.3.1_06 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.3.1_05 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | sdk | 1.3.1_06 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jdk | 1.3.1_14 |
| sun | jdk | 1.3.1_02 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.3.1_05 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.3.1_07 |
| sun | sdk | 1.4.2_15 |
| sun | jre | 1.3.1 |
| sun | jdk | 1.3.1_01a |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | jdk | 1.3.1 |
| sun | sdk | 1.4.2_5 |
| sun | sdk | 1.3.1_10 |
| sun | sdk | 1.3.0_04 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.3.1_21 |
| sun | sdk | * |
| sun | sdk | 1.3.1_01a |
| sun | jre | 1.3.1_05 |
| sun | jre | 1.3.1_16 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | jre | 1.3.1_03 |
| sun | sdk | 1.4.2_26 |
| sun | sdk | 1.3.1_12 |
| sun | sdk | 1.3.1_19 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.3.1_14 |
| sun | sdk | 1.3.0_03 |
| sun | sdk | 1.3.1_21 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.3.1_13 |
| sun | jre | 1.3.1_19 |
| sun | sdk | 1.3.1_15 |
| sun | sdk | 1.3.1 |
| sun | sdk | 1.3.1_20 |
| sun | jre | 1.3.1_10 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.3.1_22 |
| sun | jre | 1.3.1_27 |
| sun | jdk | * |
| sun | jre | 1.3.1_06 |
| sun | jdk | 1.3.1_07 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | sdk | 1.4.2_12 |
| sun | jre | 1.3.1_2 |
| sun | jre | 1.3.1_24 |
| sun | sdk | 1.3.0 |
| sun | jre | 1.3.1_18 |
| sun | sdk | 1.3.1_09 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.3.1_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.3.0 |
| sun | jdk | 1.3.0_02 |
| sun | jdk | 1.3.1_17 |
| sun | jre | * |
| sun | jdk | 1.3.1_16 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.3.1_07 |
| sun | jre | 1.3.1_12 |
| sun | sdk | 1.4.2_1 |
| sun | sdk | 1.3.1_23 |
| sun | jdk | 1.3.1_26 |
| sun | sdk | 1.3.0_02 |
| sun | jre | 1.4.2_21 |
| sun | sdk | 1.3.1_27 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.3.1_22 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.3.1_02 |
| sun | jre | 1.3.1_04 |
| sun | jdk | 1.3.1_04 |
| sun | jre | 1.3.1_14 |
| sun | jre | 1.3.1_11 |
| sun | jre | 1.5.0 |
| sun | jre | 1.3.1_09 |
| sun | jre | 1.3.1_17 |
| sun | sdk | 1.3.1_08 |
| sun | sdk | 1.3.1_24 |
| sun | jdk | 1.3.1_23 |
| sun | sdk | 1.3.1_17 |
| sun | sdk | 1.4.2_24 |
| sun | jdk | 1.3.0_05 |
| sun | jdk | 1.3.1_18 |
| sun | sdk | 1.3.1_25 |
| sun | jdk | 1.3.1_15 |
| sun | sdk | 1.3.1_16 |
| sun | sdk | 1.3.1_11 |
| sun | sdk | 1.3.1_01 |
| sun | jdk | 1.3.1_12 |
| sun | jdk | 1.3.0_04 |
| sun | sdk | 1.4.2_17 |
| sun | jdk | 1.3.1_03 |
| sun | jdk | 1.3.1_27 |
| sun | jre | 1.3.1_25 |
| sun | jre | 1.3.1_15 |
| sun | jre | 1.3.1_13 |
| sun | jdk | 1.3.1_10 |
| sun | sdk | 1.3.1_26 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.3.1_13 |
| sun | sdk | 1.3.0_01 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.3.1_03 |
| sun | jdk | 1.3.1_24 |
| sun | jdk | 1.3.0_01 |
| sun | jre | 1.3.1_21 |
| sun | jre | 1.3.1_20 |
| sun | sdk | 1.4.2_7 |
| sun | jdk | 1.3.1_25 |
| sun | jre | 1.4.2_24 |
| sun | sdk | 1.3.0_05 |
| sun | jre | 1.4.2_14 |
| sun | sdk | 1.3.1_04 |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.3.1_20 |
| sun | sdk | 1.4.2_02 |
| sun | jdk | 1.3.0_03 |
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_portal_server | 7.2 |
| sun | java_system_portal_server | 7.1 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | opensso | 7 |
| sun | java_system_access_manager | * |
| oracle | opensso | 7.1 |
| oracle | opensso | 8 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | java_system_communications_express | 6.3 |
| sun | java_system_communications_express | 6.2 |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | sdk | 1.4.2_6 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | sdk | 1.4.2_13 |
| sun | jre | 1.4.2_17 |
| sun | sdk | 1.4.2_3 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | sdk | 1.4.2_25 |
| sun | jre | 1.4.2_4 |
| sun | sdk | 1.4.2 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | sdk | 1.4.2_1 |
| sun | jre | 1.4.2_11 |
| sun | sdk | 1.4.2_21 |
| sun | sdk | 1.4.2_18 |
| sun | sdk | 1.4.2_27 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | sdk | 1.4.2_20 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | sdk | 1.4.2_14 |
| sun | sdk | 1.4.2_15 |
| sun | sdk | 1.4.2_16 |
| sun | jre | 1.4.2_26 |
| sun | sdk | 1.4.2_5 |
| sun | jre | 1.5.0 |
| sun | sdk | 1.4.2_24 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | sdk | * |
| sun | sdk | 1.4.2_17 |
| sun | sdk | 1.4.2_23 |
| sun | sdk | 1.4.2_22 |
| sun | sdk | 1.4.2_26 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | sdk | 1.4.2_11 |
| sun | sdk | 1.4.2_9 |
| sun | sdk | 1.4.2_10 |
| sun | sdk | 1.4.2_4 |
| sun | sdk | 1.4.2_7 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | sdk | 1.4.2_8 |
| sun | jre | 1.4.2_10 |
| sun | sdk | 1.4.2_19 |
| sun | jre | 1.4.2_18 |
| sun | sdk | 1.4.2_12 |
| sun | sdk | 1.4.2_02 |
| sun | sdk | 1.4.2_28 |
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
CVSS 2.0
Severity: LOW
Problem Type: CWE-255,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| redhat | icedtea-web | 1.0 |
| redhat | icedtea-web | 1.0.1 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | glassfish_server | 2.1 |
| oracle | glassfish_server | 2.1.1 |
| oracle | glassfish_server | 3.0.1 |
| sun | java_system_application_server | 9.1 |
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_17 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2311.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | solaris | 10.0 |
oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| libreoffice | libreoffice | 3.3.1 |
| libreoffice | libreoffice | 3.3.2 |
| libreoffice | libreoffice | 3.3.4 |
| libreoffice | libreoffice | 3.3.0 |
| libreoffice | libreoffice | 3.4.0 |
| sun | openoffice.org | 3.3.0 |
| libreoffice | libreoffice | 3.3.3 |
| libreoffice | libreoffice | 3.4.1 |
| libreoffice | libreoffice | * |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jdk | 1.7.0 |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| oracle | jrockit | r28.0.0 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| oracle | jrockit | r28.0.2 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| oracle | jrockit | r28.0.1 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| oracle | jrockit | * |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| oracle | jrockit | r28.1.0 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| oracle | jrockit | r28.1.3 |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.7.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.7.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jdk | 1.7.0 |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| sun | jre | 1.7.0 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r28.0.2 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | * |
| sun | jdk | * |
| oracle | jrockit | r28.1.3 |
| sun | jre | * |
| sun | jdk | 1.7.0 |
| oracle | jrockit | r28.1.1 |
| oracle | jrockit | r28.0.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.7.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| sun | jre | 1.7.0 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r28.0.2 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | * |
| sun | jdk | * |
| oracle | jrockit | r28.1.3 |
| sun | jre | * |
| sun | jdk | 1.7.0 |
| oracle | jrockit | r28.1.1 |
| oracle | jrockit | r28.0.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jdk | 1.7.0 |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.7.0 |
| sun | jdk | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| oracle | jrockit | r28.0.0 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| oracle | jrockit | r28.0.2 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.7.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| oracle | jrockit | r28.0.1 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| oracle | jrockit | * |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.4.2_4 |
| oracle | jrockit | r28.1.0 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| oracle | jrockit | r28.1.3 |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| oracle | jrockit | r28.0.0 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| oracle | jrockit | r28.0.2 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.7.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| oracle | jrockit | r28.0.1 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| oracle | jrockit | * |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.4.2_4 |
| oracle | jrockit | r28.1.0 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| oracle | jrockit | r28.1.3 |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.7.0 |
| sun | jdk | * |
| sun | jre | * |
| sun | jdk | 1.7.0 |
| sun | jre | 1.6.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.7.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jdk | 1.4.2_9 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_21 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.7.0 |
| sun | jdk | 1.4.2_4 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_14 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| sun | jdk | 1.4.2_20 |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jre | 1.7.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| sun | jdk | 1.7.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jre | 1.4.2_31 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jre | 1.4.2_19 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_32 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_33 |
| sun | jre | 1.4.2_14 |
| oracle | jre | * |
| sun | jre | 1.4.2_10 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joyent | smartos | * |
| xen | xen | 4.0.3 |
| xen | xen | * |
| citrix | xenserver | 6.0 |
| microsoft | windows_xp | * |
| sun | sunos | * |
| xen | xen | 4.1.1 |
| xen | xen | 4.1.0 |
| microsoft | windows_7 | * |
| xen | xen | 4.0.2 |
| freebsd | freebsd | * |
| microsoft | windows_server_2008 | r2 |
| xen | xen | 4.0.0 |
| xen | xen | 4.0.1 |
| citrix | xenserver | * |
| netbsd | netbsd | * |
| xen | xen | 4.0.4 |
| microsoft | windows_server_2003 | * |
| illumos | illumos | * |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jre | * |
| oracle | jre | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jre | * |
| sun | jre | * |
| oracle | jre | 1.6.0 |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jre | 1.4.2_31 |
| oracle | javafx | 1.2.2 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jre | 1.4.2_19 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| oracle | javafx | 1.2 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| oracle | javafx | 2.0 |
| oracle | javafx | 1.3.0 |
| oracle | javafx | 1.3.1 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| oracle | javafx | 1.2.3 |
| sun | jre | 1.5.0 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jre | 1.4.2_32 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jre | 1.4.2_10 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| oracle | javafx | * |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jre | * |
| oracle | javafx | 1.2 |
| oracle | jre | 1.6.0 |
| oracle | javafx | * |
| sun | jre | 1.6.0 |
| oracle | javafx | 1.2.3 |
| oracle | javafx | 2.0 |
| oracle | javafx | 1.3.0 |
| oracle | javafx | 1.3.1 |
| oracle | javafx | 1.2.2 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jre | * |
| sun | jre | * |
| oracle | jre | 1.6.0 |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jre | 1.4.2_31 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jre | 1.4.2_19 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_32 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_33 |
| sun | jre | 1.4.2_14 |
| oracle | jre | * |
| sun | jre | 1.4.2_10 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jre | 1.4.2_31 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jre | 1.4.2_19 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_32 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_33 |
| sun | jre | 1.4.2_14 |
| oracle | jre | * |
| sun | jre | 1.4.2_10 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jre | 1.4.2_31 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jre | 1.4.2_19 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_32 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_33 |
| sun | jre | 1.4.2_14 |
| oracle | jre | * |
| sun | jre | 1.4.2_10 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jre | 1.4.2_31 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jre | 1.4.2_19 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jre | 1.4.2_32 |
| sun | jre | 1.4.2_28 |
| sun | jre | 1.4.2_4 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_8 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.6.0 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_33 |
| sun | jre | 1.4.2_14 |
| oracle | jre | * |
| sun | jre | 1.4.2_10 |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,CWE-843,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_software_development_kit | 11 |
| sun | jre | 1.6.0 |
| debian | debian_linux | 7.0 |
| oracle | jre | 1.7.0 |
| suse | linux_enterprise_server | 10 |
| debian | debian_linux | 6.0 |
| suse | linux_enterprise_java | 10 |
| suse | linux_enterprise_desktop | 10 |
| oracle | jre | 1.6.0 |
| suse | linux_enterprise_server | 11 |
| sun | jre | 1.5.0 |
| suse | linux_enterprise_java | 11 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | glassfish_server | 3.1.1 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 6 |
| oracle | fusion_middleware | 11.1 |
| sun | jre | 6 |
| oracle | fusion_middleware | 11.1.1.1.0 |
| oracle | fusion_middleware | 11.1.1 |
| oracle | fusion_middleware | 10.1 |
| oracle | fusion_middleware | 11.1.1.5.0 |
| oracle | fusion_middleware | 10.1.3.5.1 |
| oracle | fusion_middleware | 10.1.3.4.1 |
| oracle | fusion_middleware | 10.1.3.5 |
| oracle | fusion_middleware | 10.1.3.3.2 |
| oracle | fusion_middleware | 9.2.4 |
| oracle | fusion_middleware | 10.3.5 |
| oracle | fusion_middleware | 8.3.2.0 |
| oracle | fusion_middleware | 10.3.3 |
| oracle | fusion_middleware | 10.1.2.3 |
| oracle | fusion_middleware | 8.3.5.0 |
| oracle | fusion_middleware | 11.1.1.4.0 |
| oracle | fusion_middleware | 11.1.1.3.0 |
| oracle | fusion_middleware | 11.1.1.2.0 |
| oracle | fusion_middleware | 7.5.2 |
| oracle | fusion_middleware | * |
| oracle | fusion_middleware | 10.1.4.3 |
| sun | jre | 5.0 |
| oracle | fusion_middleware | 10.0.2 |
| sun | jdk | 5.0 |
| oracle | fusion_middleware | 10.3.4 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | * |
| oracle | jre | * |
| oracle | jdk | * |
| sun | jre | * |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | * |
| oracle | jre | * |
| oracle | jdk | * |
| sun | jre | * |
| oracle | javafx | * |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| oracle | jre | * |
| oracle | jdk | * |
| sun | jre | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | * |
| oracle | jre | * |
| oracle | jdk | * |
| sun | jre | * |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jdk | 1.4.2_24 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | * |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| sun | jdk | * |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | * |
| oracle | jre | * |
| oracle | jdk | * |
| sun | jre | * |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| sun | jdk | * |
| oracle | jre | * |
| oracle | jdk | * |
| sun | jre | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| xerox | freeflow_print_server | 8.0 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| xerox | freeflow_print_server | 8.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.0.3 |
| oracle | jre | 1.6.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| oracle | jre | 1.7.0 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.7.0 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.4.2_11 |
| sun | jdk | 1.4.2_35 |
| sun | jre | 1.4.2_22 |
| sun | jre | 1.4.2_27 |
| sun | jdk | 1.4.2_8 |
| sun | jre | 1.4.2_31 |
| sun | jdk | 1.4.2_3 |
| sun | jdk | 1.4.2_23 |
| sun | jre | 1.4.2_1 |
| sun | jre | 1.4.2_16 |
| sun | jdk | 1.4.2_1 |
| sun | jre | 1.4.2_35 |
| sun | jdk | 1.6.0 |
| sun | jre | 1.4.2_19 |
| sun | jdk | 1.4.2_6 |
| sun | jre | 1.4.2_17 |
| sun | jre | 1.4.2_6 |
| sun | jre | 1.4.2_13 |
| sun | jdk | 1.4.2_5 |
| oracle | jdk | 1.5.0 |
| sun | jdk | 1.4.2_10 |
| sun | jre | 1.4.2_4 |
| oracle | jre | 1.4.2_38 |
| sun | jdk | 1.4.2_31 |
| sun | jre | 1.4.2_7 |
| sun | jre | 1.4.2_25 |
| sun | jre | 1.4.2_11 |
| sun | jre | 1.4.2_34 |
| sun | jre | 1.4.2_3 |
| sun | jre | 1.4.2_20 |
| sun | jre | 1.4.2_21 |
| sun | jre | 1.4.2_36 |
| sun | jdk | 1.4.2_27 |
| sun | jre | 1.6.0 |
| sun | jdk | 1.4.2_19 |
| sun | jre | 1.4.2_15 |
| sun | jre | 1.4.2_9 |
| sun | jdk | 1.4.2_25 |
| sun | jdk | 1.5.0 |
| sun | jre | 1.4.2 |
| sun | jre | 1.4.2_33 |
| sun | jdk | 1.4.2_9 |
| oracle | jre | * |
| sun | jre | 1.4.2_26 |
| sun | jre | 1.4.2_30 |
| sun | jdk | 1.4.2_33 |
| sun | jdk | 1.4.2_16 |
| sun | jre | 1.5.0 |
| sun | jdk | 1.4.2_15 |
| sun | jre | 1.4.2_5 |
| sun | jre | 1.4.2_12 |
| sun | jdk | 1.4.2 |
| sun | jdk | 1.4.2_7 |
| sun | jdk | 1.4.2_2 |
| sun | jdk | 1.4.2_32 |
| sun | jdk | 1.4.2_17 |
| oracle | jre | 1.5.0 |
| sun | jre | 1.4.2_32 |
| sun | jdk | 1.4.2_12 |
| sun | jre | 1.4.2_28 |
| sun | jdk | 1.4.2_18 |
| sun | jdk | 1.4.2_22 |
| sun | jdk | 1.4.2_30 |
| sun | jre | 1.4.2_23 |
| sun | jre | 1.4.2_37 |
| sun | jdk | 1.4.2_4 |
| sun | jdk | 1.4.2_34 |
| sun | jre | 1.4.2_8 |
| sun | jdk | 1.4.2_13 |
| sun | jdk | 1.4.2_26 |
| sun | jdk | 1.4.2_37 |
| oracle | jdk | 1.6.0 |
| sun | jdk | 1.4.2_14 |
| sun | jdk | 1.4.2_36 |
| sun | jre | 1.4.2_29 |
| sun | jre | 1.4.2_24 |
| sun | jre | 1.4.2_2 |
| sun | jre | 1.4.2_14 |
| oracle | jdk | * |
| sun | jre | 1.4.2_10 |
| sun | jdk | 1.4.2_28 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.4.2_18 |
| sun | jdk | 1.4.2_29 |
| oracle | jdk | 1.4.2_38 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.2.7 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | javafx | 2.2.4 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2 |
| oracle | javafx | 2.2.7 |
| oracle | javafx | 2.0.3 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| oracle | javafx | 2.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jrockit | * |
| oracle | openjdk | 1.7.0 |
| oracle | jdk | 1.6.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,CWE-693,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | linux_enterprise_java | 10 |
| suse | linux_enterprise_software_development_kit | 11 |
| suse | linux_enterprise_desktop | 10 |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| sun | jre | 1.6.0 |
| suse | linux_enterprise_server | 11 |
| sun | jre | 1.5.0 |
| oracle | jre | 1.7.0 |
| suse | linux_enterprise_server | 10 |
| suse | linux_enterprise_java | 11 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5789, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | javafx | 2.2.4 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | javafx | 2.2 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | javafx | 2.0 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | javafx | 2.2.3 |
| oracle | javafx | 2.0.2 |
| oracle | javafx | 2.2.5 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | javafx | 2.1 |
| oracle | javafx | 2.2.7 |
| oracle | javafx | 2.0.3 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | javafx | * |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
| oracle | javafx | 2.2.21 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | jdk | 1.7.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jrockit | r28.0.0 |
| oracle | jrockit | r28.0.2 |
| oracle | jrockit | r28.2.5 |
| oracle | jrockit | r28.2.3 |
| oracle | jrockit | r27.7.3 |
| sun | jdk | 1.6.0 |
| oracle | jrockit | r27.7.4 |
| oracle | jrockit | r27.7.5 |
| oracle | jrockit | r28.1.5 |
| oracle | jrockit | r28.1.4 |
| oracle | jrockit | r27.7.2 |
| oracle | jre | 1.5.0 |
| oracle | jdk | 1.5.0 |
| oracle | jrockit | r28.2.2 |
| oracle | jrockit | r28.0.1 |
| oracle | jrockit | r28.1.0 |
| oracle | jrockit | r27.7.1 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| oracle | jrockit | * |
| sun | jdk | 1.5.0 |
| oracle | jrockit | r28.1.3 |
| oracle | jrockit | r28.2.6 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jrockit | r28.2.4 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
| oracle | jrockit | r28.1.1 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jre | 1.7.0 |
| sun | jdk | 1.6.0 |
| sun | jdk | 1.5.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.5.0 |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.5.0 |
| oracle | jdk | 1.7.0 |
| sun | jre | 1.5.0 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | jdk | 1.6.0 |
| oracle | jre | * |
| oracle | jdk | * |
| oracle | jre | 1.6.0 |
| oracle | jdk | 1.6.0 |
| sun | jre | 1.6.0 |
| oracle | jdk | 1.7.0 |
| oracle | jre | 1.7.0 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.9 |
| sun | sunos | 5.10 |
| oracle | sunos | 5.11.1 |
| sun | sunos | 5.8 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | sunos | 5.10 |
| sun | sunos | 5.11 |
Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | unified_computing_system | 2.1_1a |
| cisco | unified_computing_system | 2.1_1e |
| cisco | unified_computing_system | 2.0_1x |
| cisco | unified_computing_system | 1.4_1m |
| cisco | unified_computing_system | 2.2_2d |
| cisco | unified_computing_system | 1.4_4k |
| cisco | unified_computing_system | 2.2_1d |
| cisco | unified_computing_system | 2.2_2e |
| cisco | unified_computing_system | 1.4_1j |
| cisco | unified_computing_system | 1.4_4j |
| cisco | unified_computing_system | 1.4_3l |
| cisco | unified_computing_system | 2.0_1t |
| cisco | unified_computing_system | 2.1_1d |
| cisco | unified_computing_system | 1.4_3m |
| cisco | unified_computing_system | 2.2_1c |
| cisco | unified_computing_system | 2.0_2r |
| cisco | unified_computing_system | 1.4_4f |
| cisco | unified_computing_system | 1.4_4i |
| cisco | unified_computing_system | 2.2_1b |
| cisco | unified_computing_system | 1.4_3u |
| cisco | unified_computing_system | 1.4_1i |
| cisco | unified_computing_system | 2.0_5f |
| cisco | unified_computing_system | 2.1_3b |
| cisco | unified_computing_system | 2.1_3c |
| cisco | unified_computing_system | 1.5_base |
| cisco | unified_computing_system | 2.1_3d |
| cisco | unified_computing_system | 2.0_1q |
| cisco | unified_computing_system | 2.0_1s |
| cisco | unified_computing_system | 1.4_3y |
| cisco | unified_computing_system | 2.0_3a |
| zyxel | gs1900-10hp_firmware | * |
| cisco | unified_computing_system | 1.4_3i |
| cisco | unified_computing_system | 2.1_1f |
| cisco | unified_computing_system | 1.4_3q |
| netgear | jr6150_firmware | * |
| cisco | unified_computing_system | 2.0_5b |
| cisco | unified_computing_system | 2.0_3c |
| cisco | unified_computing_system | 2.2_1e |
| cisco | unified_computing_system | 1.4_4l |
| cisco | unified_computing_system | 1.6_base |
| cisco | unified_computing_system | 2.0_4d |
| cisco | unified_computing_system | 2.1_3e |
| cisco | unified_computing_system | 2.1_2a |
| cisco | unified_computing_system | 2.0_5d |
| sun | opensolaris | snv_124 |
| cisco | nx-os | base |
| cisco | unified_computing_system | 2.0_2m |
| cisco | unified_computing_system | 2.0_3b |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| cisco | unified_computing_system | 2.0_1w |
| cisco | unified_computing_system | 2.0_5a |
| cisco | unified_computing_system | 1.4_3s |
| cisco | unified_computing_system | 2.2_2c |
| zzinc | keymouse_firmware | 3.08 |
| cisco | unified_computing_system | 2.1_2d |
| cisco | unified_computing_system | 2.1_3f |
| cisco | unified_computing_system | 2.1_1b |
| cisco | unified_computing_system | 2.0_5e |
| cisco | unified_computing_system | 1.4_4g |
| cisco | unified_computing_system | 2.1_2c |
| cisco | unified_computing_system | 2.1_3a |
| cisco | unified_computing_system | 2.0_2q |
| cisco | unified_computing_system | 2.0_5c |
| cisco | unified_computing_system | 2.0_4a |
| cisco | unified_computing_system | 2.0_4b |
Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_124 |
| zzinc | keymouse_firmware | 3.08 |
| zyxel | gs1900-10hp_firmware | * |
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | rv_series_router_firmware | 1.0.1.9 |
| cisco | rv_series_router_firmware | 1.0.3.10 |
| cisco | rv_series_router_firmware | 1.0.4.14 |
| cisco | rv_series_router_firmware | 1.0.0.2 |
| cisco | rv_series_router_firmware | 1.0.5.8 |
| cisco | rv_series_router_firmware | 1.0.5.6 |
| cisco | rv_series_router_firmware | 1.0.6.6 |
| cisco | rv_series_router_firmware | 1.0.4.10 |
| sun | opensolaris | snv_124 |
| cisco | rv_series_router_firmware | 1.1.0.9 |
| cisco | rv_series_router_firmware | 1.0.0.30 |
| cisco | rv_series_router_firmware | 1.0.2.6 |
| cisco | rv_series_router_firmware | 1.2.0.2 |
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | prime_infrastructure | 1.4.2 |
| cisco | evolved_programmable_network_manager | 1.2.0 |
| cisco | prime_infrastructure | 2.2 |
| cisco | prime_infrastructure | 1.2.1 |
| cisco | prime_infrastructure | 1.4 |
| cisco | prime_infrastructure | 1.2.0.103 |
| cisco | prime_infrastructure | 2.1.0 |
| cisco | prime_infrastructure | 1.3 |
| cisco | prime_infrastructure | 1.4.1 |
| cisco | prime_infrastructure | 1.2 |
| sun | opensolaris | snv_124 |
| cisco | prime_infrastructure | 1.3.0.20 |
| cisco | prime_infrastructure | 2.0 |
| cisco | prime_infrastructure | 1.4.0.45 |
Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | prime_infrastructure | 1.4.2 |
| cisco | evolved_programmable_network_manager | 1.2.0 |
| cisco | prime_infrastructure | 2.2 |
| cisco | prime_infrastructure | 1.2.1 |
| cisco | prime_infrastructure | 1.4 |
| cisco | prime_infrastructure | 1.2.0.103 |
| cisco | prime_infrastructure | 2.1.0 |
| cisco | prime_infrastructure | 1.3 |
| cisco | prime_infrastructure | 1.4.1 |
| cisco | prime_infrastructure | 1.2 |
| sun | opensolaris | snv_124 |
| cisco | prime_infrastructure | 1.3.0.20 |
| cisco | prime_infrastructure | 2.0 |
| cisco | prime_infrastructure | 1.4.0.45 |
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| sun | opensolaris | snv_124 |
| zzinc | keymouse_firmware | 3.08 |
| cisco | nx-os | base |
| zyxel | gs1900-10hp_firmware | * |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_124 |
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_124 |
Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_124 |
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| sun | opensolaris | snv_124 |
| zzinc | keymouse_firmware | 3.08 |
| zyxel | gs1900-10hp_firmware | * |
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| sun | opensolaris | snv_124 |
| zzinc | keymouse_firmware | 3.08 |
| zyxel | gs1900-10hp_firmware | * |
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | opensolaris | snv_124 |
The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ios_xe | 3.9s_3.9.0as |
| cisco | ios_xe | 3.14s_3.14.0s |
| cisco | ios_xe | 3.3xo_3.3.1xo |
| cisco | ios_xe | 3.4s_3.4.6s |
| cisco | ios_xe | 3.10s_3.10.1s |
| cisco | ios_xe | 3.7e_3.7.2e |
| cisco | ios_xe | 3.9s_3.9.1as |
| cisco | ios_xe | 3.10s_3.10.1xbs |
| cisco | ios_xe | 3.11s_3.11.1s |
| cisco | ios_xe | 3.6s_3.6.1s |
| cisco | ios_xe | 3.10s_3.10.2s |
| cisco | ios_xe | 3.7s_3.7.0s |
| cisco | ios_xe | 3.15s_3.15.2s |
| cisco | ios_xe | 3.5s_3.5.2s |
| cisco | ios_xe | 3.7s_3.7.4as |
| cisco | ios_xe | 3.3s_3.3.2s |
| cisco | ios_xe | 3.4sg_3.4.2sg |
| cisco | ios_xe | 3.7s_3.7.6s |
| cisco | ios_xe | 3.10s_3.10.0s |
| cisco | ios_xe | 3.10s_3.10.5s |
| cisco | ios_xe | 3.10s_3.10.6s |
| cisco | ios_xe | 3.3sg_3.3.1sg |
| cisco | ios_xe | 3.7e_3.7.0e |
| cisco | ios_xe | 3.7s_3.7.2ts |
| cisco | ios_xe | 3.4sg_3.4.0sg |
| cisco | ios_xe | 3.16s_3.16.0cs |
| cisco | ios_xe | 3.4sg_3.4.1sg |
| cisco | ios_xe | 3.4sg_3.4.7sg |
| cisco | ios_xe | 3.6e_3.6.2ae |
| cisco | ios_xe | 3.7s_3.7.1s |
| cisco | ios_xe | 3.7s_3.7.2s |
| cisco | ios_xe | 3.4s_3.4.0as |
| cisco | ios_xe | 3.3xo_3.3.0xo |
| cisco | ios_xe | 3.3s_3.3.1s |
| cisco | ios_xe | 3.6e_3.6.2e |
| cisco | ios_xe | 3.6e_3.6.3e |
| cisco | ios_xe | 3.4sg_3.4.4sg |
| cisco | ios_xe | 3.4sg_3.4.5sg |
| cisco | ios_xe | 3.12s_3.12.0s |
| cisco | ios_xe | 3.12s_3.12.1s |
| cisco | ios_xe | 3.7e_3.7.3e |
| cisco | ios_xe | 3.6e_3.6.1e |
| cisco | ios_xe | 3.8s_3.8.2s |
| cisco | ios_xe | 3.13s_3.13.3s |
| cisco | ios_xe | 3.5e_3.5.1e |
| lenovo | thinkcentre_e75s_firmware | * |
| cisco | ios_xe | 3.11s_3.11.0s |
| cisco | ios_xe | 3.4sg_3.4.6sg |
| cisco | ios_xe | 3.3sg_3.3.2sg |
| cisco | ios_xe | 3.5e_3.5.2e |
| cisco | ios_xe | 3.9s_3.9.1s |
| cisco | ios_xe | 3.3xo_3.3.2xo |
| cisco | ios_xe | 3.14s_3.14.1s |
| zzinc | keymouse_firmware | 3.08 |
| cisco | ios_xe | 3.7s_3.7.3s |
| cisco | ios_xe | 3.6e_3.6.0e |
| cisco | ios_xe | 3.13s_3.13.1s |
| cisco | ios_xe | 3.14s_3.14.3s |
| cisco | ios_xe | 3.4s_3.4.3s |
| cisco | ios_xe | 3.8e_3.8.1e |
| cisco | ios_xe | 3.15s_3.15.1s |
| cisco | ios_xe | 3.3sg_3.3.0sg |
| cisco | ios_xe | 3.12s_3.12.3s |
| cisco | ios_xe | 3.7e_3.7.1e |
| cisco | ios_xe | 3.7s_3.7.5s |
| cisco | ios_xe | 3.13s_3.13.0s |
| cisco | ios_xe | 3.15s_3.15.0s |
| cisco | ios_xe | 3.6s_3.6.2s |
| cisco | ios_xe | 3.13s_3.13.0as |
| cisco | ios_xe | 3.4s_3.4.1s |
| cisco | ios_xe | 3.10s_3.10.3s |
| cisco | ios_xe | 3.15s_3.15.1cs |
| cisco | ios_xe | 3.17s_3.17.0s |
| cisco | ios_xe | 3.13s_3.13.2s |
| cisco | ios_xe | 3.5e_3.5.0e |
| cisco | ios_xe | 3.4s_3.4.4s |
| cisco | ios_xe | 3.4s_3.4.2s |
| cisco | ios_xe | 3.4s_3.4.5s |
| cisco | ios_xe | 3.12s_3.12.4s |
| cisco | ios_xe | 3.5s_3.5.1s |
| cisco | ios_xe | 3.16s_3.16.0s |
| cisco | ios_xe | 3.16s_3.16.1as |
| zyxel | gs1900-10hp_firmware | * |
| cisco | ios_xe | 3.4s_3.4.0s |
| cisco | ios_xe | 3.14s_3.14.2s |
| netgear | jr6150_firmware | * |
| cisco | ios_xe | 3.9s_3.9.0s |
| cisco | ios_xe | 3.13s_3.13.4s |
| cisco | ios_xe | 3.11s_3.11.3s |
| cisco | ios_xe | 3.11s_3.11.2s |
| cisco | ios_xe | 3.5s_3.5.0s |
| cisco | ios_xe | 3.3s_3.3.0s |
| cisco | ios_xe | 3.7s_3.7.7s |
| sun | opensolaris | snv_124 |
| cisco | ios_xe | 3.4sg_3.4.3sg |
| cisco | ios_xe | 3.12s_3.12.2s |
| cisco | ios_xe | 3.8e_3.8.0e |
| cisco | ios_xe | 3.16s_3.16.1s |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| cisco | ios_xe | 3.8s_3.8.0s |
| cisco | ios_xe | 3.9s_3.9.2s |
| cisco | ios_xe | 3.8s_3.8.1s |
| cisco | ios_xe | 3.10s_3.10.4s |
| cisco | ios_xe | 3.5e_3.5.3e |
| cisco | ios_xe | 3.11s_3.11.4s |
| cisco | ios_xe | 3.6s_3.6.0s |
| cisco | ios_xe | 3.7s_3.7.4s |
| cisco | ios_xe | 3.13s_3.13.2as |
Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ios_xe | 3.9s_3.9.0as |
| cisco | ios_xe | 3.12s_3.12.3s |
| cisco | ios_xe | 3.14s_3.14.0s |
| cisco | ios_xe | 3.3xo_3.3.1xo |
| cisco | ios_xe | 3.7e_3.7.1e |
| cisco | ios_xe | 3.10s_3.10.1s |
| cisco | ios_xe | 3.7e_3.7.2e |
| cisco | ios_xe | 3.9s_3.9.1as |
| cisco | ios_xe | 3.7s_3.7.5s |
| cisco | ios_xe | 3.10s_3.10.1xbs |
| cisco | ios_xe | 3.13s_3.13.0s |
| cisco | ios_xe | 3.15s_3.15.0s |
| cisco | ios_xe | 3.11s_3.11.1s |
| cisco | ios_xe | 3.6s_3.6.1s |
| cisco | ios_xe | 3.10s_3.10.2s |
| cisco | ios_xe | 3.6s_3.6.2s |
| cisco | ios_xe | 3.7s_3.7.0s |
| cisco | ios_xe | 3.15s_3.15.2s |
| cisco | ios_xe | 3.13s_3.13.0as |
| cisco | ios_xe | 3.5s_3.5.2s |
| cisco | ios_xe | 3.10s_3.10.3s |
| cisco | ios_xe | 3.15s_3.15.1cs |
| cisco | ios_xe | 3.7s_3.7.4as |
| cisco | ios_xe | 3.7s_3.7.6s |
| cisco | ios_xe | 3.13s_3.13.2s |
| cisco | ios_xe | 3.10s_3.10.0s |
| cisco | ios_xe | 3.10s_3.10.5s |
| cisco | ios_xe | 3.10s_3.10.6s |
| cisco | ios_xe | 3.5e_3.5.0e |
| cisco | ios_xe | 3.7e_3.7.0e |
| cisco | ios_xe | 3.7s_3.7.2ts |
| cisco | ios_xe | 3.16s_3.16.0cs |
| cisco | ios_xe | 3.6e_3.6.2ae |
| cisco | ios_xe | 3.12s_3.12.4s |
| cisco | ios_xe | 3.7s_3.7.1s |
| cisco | ios_xe | 3.7s_3.7.2s |
| cisco | ios_xe | 3.5s_3.5.1s |
| cisco | ios_xe | 3.3xo_3.3.0xo |
| cisco | ios_xe | 3.6e_3.6.2e |
| cisco | ios_xe | 3.16s_3.16.0s |
| cisco | ios_xe | 3.6e_3.6.3e |
| cisco | ios_xe | 3.16s_3.16.1as |
| zyxel | gs1900-10hp_firmware | * |
| cisco | ios_xe | 3.14s_3.14.2s |
| netgear | jr6150_firmware | * |
| cisco | ios_xe | 3.12s_3.12.0s |
| cisco | ios_xe | 3.12s_3.12.1s |
| cisco | ios_xe | 3.9s_3.9.0s |
| cisco | ios_xe | 3.13s_3.13.4s |
| cisco | ios_xe | 3.11s_3.11.3s |
| cisco | ios_xe | 3.11s_3.11.2s |
| cisco | ios_xe | 3.5s_3.5.0s |
| cisco | ios_xe | 3.6e_3.6.1e |
| cisco | ios_xe | 3.8s_3.8.2s |
| cisco | ios_xe | 3.13s_3.13.3s |
| cisco | ios_xe | 3.5e_3.5.1e |
| cisco | ios_xe | 3.7s_3.7.7s |
| cisco | ios_xe | 3.11s_3.11.0s |
| sun | opensolaris | snv_124 |
| cisco | ios_xe | 3.5e_3.5.2e |
| cisco | ios_xe | 3.9s_3.9.1s |
| cisco | ios_xe | 3.12s_3.12.2s |
| cisco | ios_xe | 3.8e_3.8.0e |
| cisco | ios_xe | 3.16s_3.16.1s |
| cisco | ios_xe | 3.3xo_3.3.2xo |
| cisco | ios_xe | 3.14s_3.14.1s |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| zzinc | keymouse_firmware | 3.08 |
| cisco | ios_xe | 3.8s_3.8.0s |
| cisco | ios_xe | 3.9s_3.9.2s |
| cisco | ios_xe | 3.8s_3.8.1s |
| cisco | ios_xe | 3.7s_3.7.3s |
| cisco | ios_xe | 3.6e_3.6.0e |
| cisco | ios_xe | 3.13s_3.13.1s |
| cisco | ios_xe | 3.14s_3.14.3s |
| cisco | ios_xe | 3.10s_3.10.4s |
| cisco | ios_xe | 3.5e_3.5.3e |
| cisco | ios_xe | 3.11s_3.11.4s |
| cisco | ios_xe | 3.6s_3.6.0s |
| cisco | ios_xe | 3.7s_3.7.4s |
| cisco | ios_xe | 3.15s_3.15.1s |
| cisco | ios_xe | 3.13s_3.13.2as |
The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ios_xe | 3.4sg_3.4.4sg |
| cisco | ios_xe | 3.2se_3.2.0se |
| cisco | ios_xe | 3.2se_3.2.3se |
| cisco | ios_xe | 3.3xo_3.3.1xo |
| netgear | jr6150_firmware | * |
| cisco | ios_xe | 3.4sg_3.4.5sg |
| cisco | ios_xe | 3.3se_3.3.5se |
| cisco | ios_xe | 3.7e_3.7.1e |
| cisco | ios_xe | 3.7e_3.7.2e |
| cisco | ios_xe | 3.6e_3.6.1e |
| cisco | ios_xe | 3.2se_3.2.2se |
| cisco | ios_xe | 3.5e_3.5.1e |
| sun | opensolaris | snv_124 |
| cisco | ios_xe | 3.4sg_3.4.6sg |
| cisco | ios_xe | 3.4sg_3.4.3sg |
| cisco | ios_xe | 3.5e_3.5.2e |
| cisco | ios_xe | 3.4sg_3.4.2sg |
| cisco | ios_xe | 3.2ja_3.2.0ja |
| cisco | ios_xe | 3.2se_3.2.1se |
| cisco | ios_xe | 3.3xo_3.3.2xo |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| cisco | ios_xe | 3.5e_3.5.0e |
| cisco | ios_xe | 3.7e_3.7.0e |
| intel | core_i5-9400f_firmware | - |
| zzinc | keymouse_firmware | 3.08 |
| cisco | ios_xe | 3.4sg_3.4.0sg |
| cisco | ios_xe | 3.4sg_3.4.1sg |
| cisco | ios_xe | 3.6e_3.6.0e |
| cisco | ios_xe | 3.3se_3.3.0se |
| cisco | ios_xe | 3.6e_3.6.2ae |
| cisco | ios_xe | 3.5e_3.5.3e |
| cisco | ios_xe | 3.3xo_3.3.0xo |
| cisco | ios_xe | 3.6e_3.6.2e |
| cisco | ios_xe | 3.3se_3.3.1se |
| cisco | ios_xe | 3.3se_3.3.2se |
| cisco | ios_xe | 3.3se_3.3.3se |
| zyxel | gs1900-10hp_firmware | * |
| cisco | ios_xe | 3.3se_3.3.4se |
Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| cisco | ios_xe | 3.9.0s |
| cisco | ios_xe | 3.9.1s |
| cisco | ios_xe | 3.9.1as |
| cisco | ios_xe | 3.9.2s |
| cisco | ios_xe | 3.8.0s |
| samsung | x14j_firmware | t-ms14jakucb-1102.5 |
| cisco | ios_xe | 3.8.1s |
| zzinc | keymouse_firmware | 3.08 |
| cisco | ios_xe | 3.10.2s |
| cisco | ios_xe | 3.10.0s |
| cisco | ios_xe | 3.10.1s |
| cisco | ios_xe | 3.11.0s |
| cisco | ios_xe | 3.8.2s |
| cisco | ios_xe | 3.10.1xbs |
| cisco | ios_xe | 3.9.0as |
| lenovo | thinkcentre_e75s_firmware | * |
| sun | opensolaris | snv_124 |
| zyxel | gs1900-10hp_firmware | * |
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| twcert@cert.org.tw | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ehrd | 9 |
| sun | ehrd | 8 |
Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
| twcert@cert.org.tw | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ehrd | 9.0 |
| sun | ehrd | 8.0 |
Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
| twcert@cert.org.tw | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ehrd | 9 |
| sun | ehrd | 8 |
Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| twcert@cert.org.tw | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ehrd | 9 |
| sun | ehrd | 8 |
Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-732,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ehrd | 9 |
| sun | ehrd | 8 |
Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| twcert@cert.org.tw | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-502,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sun | ehrd | 9 |
| sun | ehrd | 8 |