MidnightBSD

Advisories for sun

CVE-1999-0003 HIGH

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.4
sun sunos 5.4
hp hp-ux 10.03
ibm aix 4.1.2
sun sunos 5.0
ibm aix 4.1.5
sun solaris 2.6
hp hp-ux 10.01
sun sunos 5.5
sun sunos 4.1.3
sgi irix 6.0
sgi irix 6.1
ibm aix 4.1.4
ibm aix 4.2.1
sun sunos -
ibm aix 4.1.1
sun sunos 5.3
ibm aix 4.2
sgi irix 6.2
ibm aix 4.1
hp hp-ux 10.02
ibm aix 4.3
sun sunos 5.2
hp hp-ux 11.00
sgi irix 6.3
tritreal ted_cde 4.3
sun sunos 5.1
ibm aix 4.1.3
sun sunos 5.5.1
sgi irix 5.2
CVE-1999-0008 HIGH

Buffer overflow in NIS+, in Sun's rpc.nisd program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
hp hp-ux 10.34
sun sunos 5.3
hp hp-ux 11.00
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0009 HIGH

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 3.3.1
sgi irix 5.3
sco open_desktop 5.0
sgi irix 5.1.1
bsdi bsd_os 2.0.1
ibm aix 4.1.2
sco unixware 2.1
sgi irix 4.0.5h
sun solaris 2.6
redhat linux 5.0
sgi irix 6.1
bsdi bsd_os 2.1
data_general dg_ux 5.4_3.1
sgi irix 4.0.1t
ibm aix 4.1.1
netbsd netbsd 1.2.1
sun sunos 5.3
sgi irix 6.2
sgi irix 4.0.2
sgi irix 4.0.5d
ibm aix 4.1
sgi irix 4.0.1
sgi irix 4.0.4
sgi irix 4.0
sco unixware 7.0
sco open_desktop 3.0
data_general dg_ux 5.4_4.1
sgi irix 4.0.4b
sgi irix 4.0.5g
caldera openlinux 1.0
sgi irix 4.0.5f
sgi irix 5.1
sgi irix 4.0.5a
data_general dg_ux 5.4_4.11
netbsd netbsd 1.0
sgi irix 3.3.3
sun sunos 5.5.1
sgi irix 4.0.5e
sgi irix 5.2
netbsd netbsd 1.3.1
sun sunos 5.4
isc bind 4.9.6
sgi irix 3.2
sun solaris 2.5.1
redhat linux 4.1
ibm aix 4.1.5
sgi irix 4.0.5_ipr
isc bind 8.1
sun sunos 5.5
sgi irix 6.0
ibm aix 4.1.4
sun solaris 2.5
ibm aix 4.2.1
sun sunos -
sgi irix 5.0
ibm aix 4.2
sgi irix 4.0.4t
redhat linux 4.0
isc bind 8.1.1
bsdi bsd_os 2.0
sgi irix 4.0.5
netbsd netbsd 1.2
sgi irix 5.0.1
netbsd netbsd 1.1
nec asl_ux_4800 64
data_general dg_ux 5.4_3.0
sgi irix 4.0.3
sgi irix 4.0.5_iop
netbsd netbsd 1.3
ibm aix 4.3
sgi irix 3.3.2
redhat linux 4.2
sgi irix 6.3
ibm aix 4.1.3
sgi irix 3.3
CVE-1999-0010 MEDIUM

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
nec asl_ux_4800 13
netbsd netbsd 1.3.1
sun sunos 5.4
data_general dg_ux y2k_patchr4.12mu03
sco unixware 2.1
data_general dg_ux y2k_patchr4.20mu01
sun sunos 5.5
sco openserver 5.0
redhat linux 5.0
nec asl_ux_4800 11
sun sunos 5.3
data_general dg_ux y2k_patchr4.11mu05
ibm aix 4.2
data_general dg_ux y2k_patchr4.20mu03
sun sunos 5.6
ibm aix 4.1
sco unixware 7.0
isc bind 4.9
sco open_desktop 3.0
isc bind 8
sco unix 3.2v4
data_general dg_ux y2k_patchr4.20mu02
netbsd netbsd 1.3
ibm aix 4.3
redhat linux 4.2
sun sunos 5.5.1
CVE-1999-0011 HIGH

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-1067,

Products Affected

Vendor Product Version
nec asl_ux_4800 13
netbsd netbsd 1.3.1
sun sunos 5.4
data_general dg_ux y2k_patchr4.12mu03
sco unixware 2.1
data_general dg_ux y2k_patchr4.20mu01
sun sunos 5.5
sco openserver 5.0
redhat linux 5.0
nec asl_ux_4800 11
sun sunos 5.3
data_general dg_ux y2k_patchr4.11mu05
ibm aix 4.2
data_general dg_ux y2k_patchr4.20mu03
sun sunos 5.6
ibm aix 4.1
sco unixware 7.0
isc bind 4.9
sco open_desktop 3.0
isc bind 8
sco unix 3.2v4
data_general dg_ux y2k_patchr4.20mu02
netbsd netbsd 1.3
ibm aix 4.3
redhat linux 4.2
sun sunos 5.5.1
CVE-1999-0015 MEDIUM

Teardrop IP denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_nt 3.5.1
microsoft windows_95 0.0a
hp hp-ux 10.24
microsoft windows_nt 4.0
hp hp-ux 10.20
netbsd netbsd 1.2
hp hp-ux 10
sun sunos 4.1.4
hp hp-ux 9.04
netbsd netbsd 1.1
hp hp-ux 10.01
hp hp-ux 10.16
sun sunos 4.1.3u1
hp hp-ux 9.00
netbsd netbsd 1.2.1
hp hp-ux 9.07
hp hp-ux 9.05
hp hp-ux 11.00
hp hp-ux 9.01
netbsd netbsd 1.0
hp hp-ux 9.03
hp hp-ux 10.30
CVE-1999-0016 MEDIUM

Land IP denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft winsock 2.0
hp hp-ux 10.24
microsoft windows_nt 4.0
hp hp-ux 10.10
microsoft windows_95 *
hp hp-ux 10.20
sun sunos 4.1.4
hp hp-ux 9.04
netbsd netbsd 1.1
hp hp-ux 10.01
hp hp-ux 10.16
hp hp-ux 10.00
gnu inet 5.01
sun sunos 4.1.3u1
hp hp-ux 9.00
hp hp-ux 9.07
hp hp-ux 9.05
hp hp-ux 11.00
hp hp-ux 9.01
netbsd netbsd 1.0
hp hp-ux 9.03
hp hp-ux 10.30
cisco ios 7000
CVE-1999-0017 HIGH

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
caldera openlinux 1.2
freebsd freebsd 1.0
sco unixware 2.1
sun sunos 5.5
sun sunos 4.1.3u1
netbsd netbsd 1.2.1
sun sunos 5.3
ibm aix 4.2
freebsd freebsd 2.1.0
ibm aix 3.2
washington_university wu-ftpd 2.4
gnu inet 6.02
ibm aix 4.1
netbsd netbsd 1.2
sun sunos 4.1.4
netbsd netbsd 1.1
freebsd freebsd 1.2
sco open_desktop 3.0
freebsd freebsd 2.0
gnu inet 5.01
siemens reliant_unix *
freebsd freebsd 2.1.7
ibm aix 4.3
gnu inet 6.01
netbsd netbsd 1.0
sun sunos 5.5.1
freebsd freebsd 1.1
sco openserver 5.0.4
CVE-1999-0018 HIGH

Buffer overflow in statd allows root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
ibm aix 3.2
sgi irix 5.1.1
sun sunos 5.4
sun solaris 2.5.1
ibm aix 4.1
sgi irix 5.0.1
sun solaris 2.4
sun sunos 5.5
sun solaris 2.5
sgi irix 5.0
sgi irix 5.1
sun sunos 5.5.1
sgi irix 5.2
CVE-1999-0019 MEDIUM

Delete or create a file via rpc.statd, due to invalid information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm aix 3.2
sun sunos 5.4
data_general dg_ux 4.11
ibm aix 4.1
nighthawk powerux *
sun sunos 4.1.4
sun sunos 5.5
sco openserver 5.0
sun sunos 4.1.3
sco open_desktop 2
sgi irix 6.1
sco unixware 2
sun sunos 5.3
sco openserver 3.0
ncr mp-ras 2.03
nighthawk cx_ux *
sco open_desktop 3
ncr mp-ras 3.0
CVE-1999-0022 HIGH

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-125,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.4
sgi irix 5.1.1
sun sunos 5.4
ibm aix 4.1.2
sun sunos 5.0
ibm aix 4.1.5
sun sunos 4.1.2
sun sunos 4.1.1
bsdi bsd_os 1.1
sgi irix 6.0
sun solaris 4.1.3
sgi irix 6.1
ibm aix 4.1.4
sun sunos 4.1.3u1
ibm aix 4.1.1
freebsd freebsd 2.0.5
sun sunos 5.3
sgi irix 5.0
ibm aix 3.2.4
ibm aix 4.2
freebsd freebsd 2.1.0
sgi irix 6.2
ibm aix 3.2
ibm aix 4.1
sgi irix 5.0.1
ibm aix 3.1
freebsd freebsd 2.0
hp hp-ux 10.00
sgi irix 6.0.1
sgi irix 5.1
sun sunos 5.2
sgi irix 6.3
ibm aix 3.2.5
sun sunos 5.1
ibm aix 4.1.3
sgi irix 5.2
CVE-1999-0023 HIGH

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sco unixware 2.1
sun sunos 5.5
sco openserver 5.0
sun sunos 4.1.3
sun sunos 4.1.3u1
inet inet 6.01
sco tcp_ip 1.2.0
sun sunos -
freebsd freebsd 2.0.5
sun sunos 5.3
ibm aix 4.2
sco tcp_ip 1.2.1
freebsd freebsd 2.1.0
sco open_desktop 2.0
sco unixware 2.0
sco openserver 5.0.2
ibm aix 3.2
freebsd freebsd 2.2
sco internet_faststart 1.0
sco openserver 2.0
ibm aix 4.1
inet inet 5.01
sun sunos 4.1.4
sco open_desktop 3.0
freebsd freebsd 2.0
bsdi bsd_os *
sun sunos 5.5.1
CVE-1999-0024 MEDIUM

DNS cache poisoning via BIND, by predictable query IDs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
nec ews-ux_v 4.2mp
sun solaris 2.5.1
isc bind 4.9.5
ibm aix 4.1
sco unixware 2.1
bsdi bsd_os 3.0
sun solaris 2.4
nec ews-ux_v 4.2
sun solaris 2.6
nec asl_ux_4800 64
isc bind 8.1
sun sunos 5.5
sco openserver 5.0
sco open_desktop 3.0
nec up-ux_v 4.2mp
bsdi bsd_os 2.1
sun solaris 2.5
sco unix 3.2v4
sun sunos -
sun sunos 5.3
ibm aix 4.2
sun sunos 5.5.1
CVE-1999-0032 HIGH

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.2
sgi irix 6.4
sgi irix 5.1.1
sun sunos 4.1.4
sgi irix 5.0.1
next nextstep 4.0
sgi irix 6.0
freebsd freebsd 2.0
sgi irix 6.1
sun sunos 4.1.3u1
bsdi bsd_os 2.1
next nextstep 4.1
sgi irix 6.0.1
freebsd freebsd 2.0.5
freebsd freebsd 2.1.5
sgi irix 5.0
sgi irix 5.1
sgi irix 6.3
freebsd freebsd 2.1.0
sgi irix 5.2
CVE-1999-0033 HIGH

Command execution in Sun systems via buffer overflow in the at program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sgi irix *
sco unixware 2.1
sun sunos 5.5
sco openserver 5.0
sco open_desktop 3.0
ibm aix *
sco unixware 3.2v4
sun sunos 5.3
sco openserver 3.0
sun sunos 5.5.1
ncr mp-ras 3.0
CVE-1999-0038 HIGH

Buffer overflow in xlock program allows local users to execute commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-120,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.4
sgi irix 5.1.1
sun sunos 5.4
hp hp-ux 10.24
sun solaris 2.5.1
hp hp-ux 10.20
data_general dg_ux 1.0
hp hp-ux 10.08
data_general dg_ux 2.0
data_general dg_ux 7.0
debian debian_linux 0.93
hp hp-ux 10.01
sun sunos 5.5
sgi irix 6.0
sgi irix 6.1
bsdi bsd_os 2.1
sun solaris 2.5
hp hp-ux 10.34
sun sunos 5.3
sgi irix 5.0
ibm aix 4.2
data_general dg_ux 4.0
hp hp-ux 10.30
debian debian_linux 1.2
ibm aix 3.2
debian debian_linux 1.3
hp hp-ux 10.10
debian debian_linux 1.1
data_general dg_ux 5.0
ibm aix 4.1
sgi irix 5.0.1
sun solaris 2.4
hp hp-ux 10.16
hp hp-ux 10.00
sgi irix 6.0.1
data_general dg_ux 6.0
sgi irix 5.1
sgi irix 6.3
sun sunos 5.5.1
data_general dg_ux 3.0
sgi irix 5.2
CVE-1999-0040 HIGH

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.4
sun sunos 5.4
bsdi bsd_os 2.0.1
hp hp-ux 10.24
sun solaris 2.5.1
hp hp-ux 10.20
hp hp-ux 10.08
hp hp-ux 10.01
sun sunos 5.5
sun sunos 4.1.3
sgi irix 6.0
freebsd freebsd 1.1.5.1
sgi irix 6.1
sun sunos 4.1.3u1
nec up-ux_v 4.2mp
bsdi bsd_os 2.1
sun solaris 2.5
hp hp-ux 9.00
hp hp-ux 10.34
sun sunos 5.3
sgi irix 5.0
ibm aix 4.2
hp hp-ux 10.30
hp hp-ux 9.10
sgi irix 6.2
ibm aix 3.2
bsdi bsd_os 2.0
nec ews-ux_v 4.2mp
hp hp-ux 10.10
hp hp-ux 10.09
ibm aix 4.1
sgi irix 4.0
sun sunos 4.1.4
sun solaris 2.4
nec ews-ux_v 4.2
nec asl_ux_4800 64
hp hp-ux 10.16
freebsd freebsd 2.0
hp hp-ux 10.00
hp hp-ux 9.01
sgi irix 6.3
sun sunos 5.5.1
CVE-1999-0046 HIGH

Buffer overflow of rlogin program using TERM environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
bsdi bsd_os 2.0.1
hp hp-ux 10.24
oracle solaris 2.6
ibm aix 4.1.2
hp hp-ux 10.20
data_general dg_ux 1.0
hp hp-ux 10.08
data_general dg_ux 2.0
debian debian_linux 0.93
digital unix 3.2g
next nextstep 2.0
bsdi bsd_os 2.1
oracle solaris -
digital ultrix 4.2
ibm aix 4.1.1
sun sunos 5.3
digital ultrix 4.5
next nextstep 3.2
next nextstep 2.1
digital ultrix 4.3
next nextstep 1.0
digital ultrix 4.4
digital ultrix 4.3a
digital unix 4.0b
ibm aix 4.1
sun sunos 4.1.4
sun solaris 2.4
hp hp-ux 10.16
freebsd freebsd 2.1.5
digital ultrix 4.1
next nextstep 3.3
netbsd netbsd 1.0
sun sunos 5.5.1
digital ultrix -
sun sunos 5.4
oracle solaris 8
sun solaris 2.5.1
ibm aix 4.1.5
hp hp-ux 10.01
sun sunos 5.5
bsdi bsd_os 1.1
freebsd freebsd 1.1.5.1
ibm aix 4.1.4
digital ultrix 3.0
sun sunos 4.1.3u1
oracle solaris 7.0
sun solaris 2.5
next nextstep 3.1
hp hp-ux 10.34
freebsd freebsd 2.0.5
data_general dg_ux 4.0
freebsd freebsd 2.1.0
hp hp-ux 10.30
ibm aix 3.2
bsdi bsd_os 2.0
hp hp-ux 10.10
hp hp-ux 10.09
next nextstep -
next nextstep 4.0
netbsd netbsd 1.1
next nextstep 3.0
freebsd freebsd 2.0
digital ultrix 2.2
hp hp-ux 10.00
digital unix 4.0
next nextstep 1.0a
digital unix 4.0a
digital ultrix 4.0
ibm aix 4.1.3
data_general dg_ux 3.0
CVE-1999-0051 HIGH

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.4
sgi irix 5.1.1
sgi irix 4.0.5h
sun sunos 4.1.1
sgi irix 6.1
sgi irix 4.0.1t
globetrotter flexlm 4.0
sgi license_oeo 3.1.1
sgi irix 6.2
sgi irix 4.0.2
sgi license_oeo 3.0
sgi irix 4.0.5d
sgi irix 4.0.1
sgi irix 4.0.4
sgi irix 4.0
sun sunos 4.1.4
sun solaris 2.4
sgi license_oeo 3.1
sgi irix 4.0.4b
sgi irix 4.0.5g
sgi irix 4.0.5f
sgi irix 5.1
sgi irix 4.0.5a
sgi irix 3.3.3
sun sunos 5.5.1
sgi irix 4.0.5e
sgi irix 5.2
sun sunos 5.4
sun solaris 2.5.1
sun sunos 4.1.4jl
sgi irix 4.0.5_ipr
sun sunos 4.1.2
sun sunos 5.5
sun sunos 4.1.3
sgi irix 6.0
sun sunos 4.1.3u1
sun solaris 2.5
sgi irix 5.0
sgi irix 4.0.4t
globetrotter flexlm 5.0
sgi irix 4.0.5
sgi irix 5.0.1
globetrotter flexlm 4.1
sgi irix 4.0.3
sgi irix 4.0.5_iop
sgi irix 6.0.1
sgi irix 3.3.2
sgi irix 6.3
CVE-1999-0054 MEDIUM

Sun's ftpd daemon can be subjected to a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0055 HIGH

Buffer overflows in Sun libnsl allow root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun solaris 2.5.1
ibm aix 4.3.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5
sun solaris 2.5
ibm aix 4.2.1
sun sunos -
sun sunos 5.3
ibm aix 4.3
sun sunos 5.2
ibm aix 4.2
sun sunos 5.5.1
ibm aix 4.3.2
CVE-1999-0056 HIGH

Buffer overflow in Sun's ping program can give root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.3
sun sunos *
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0057 HIGH

Vacation program allows command execution by remote users through a sendmail command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm aix *
hp hp-ux 10.00
sun solaris *
freebsd freebsd 6.2
hp hp-ux 10.24
eric_allman vacation *
sun sunos *
hp hp-ux 9
hp hp-ux 10.09
hp vvos *
CVE-1999-0065 HIGH

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0069 HIGH

Solaris ufsrestore buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-119,

Products Affected

Vendor Product Version
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0078 LOW

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
freebsd freebsd 6.2
next nextstep *
ibm aix 3.2
hp hp-ux *
sun sunos 5.4
sco openserver 5
ncr mp-ras 3.01
ibm aix 4.1
nec up-ux_v *
sco unixware 2.1
sun sunos 5.5
sun sunos 4.1
ncr mp-ras 2.03
ibm aix 4.2
bsdi bsd_os *
ncr mp-ras 3.0
CVE-1999-0084 HIGH

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-269,

Products Affected

Vendor Product Version
sun nfs *
CVE-1999-0097 HIGH

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
hp hp-ux 10.24
ibm aix 4.1.2
sun solaris 2.5.1
hp hp-ux 10.20
ibm aix 4.1.5
hp hp-ux 9.04
sun solaris 2.6
sun sunos 5.5
hp hp-ux 9.09
hp hp-ux 9.06
ibm aix 4.1.4
sun sunos 4.1.3u1
sun solaris 2.5
hp hp-ux 9.00
ibm aix 4.2.1
sun sunos -
ibm aix 4.1.1
sun sunos 5.3
ibm aix 3.2.4
ibm aix 4.2
hp hp-ux 9.03
hp hp-ux 9.08
hp hp-ux 9.10
sun sunos 4.1.3c
ibm aix 3.2
hp hp-ux 10.10
ibm aix 4.1
sun sunos 4.1.4
sun solaris 2.4
hp hp-ux 10.16
hp hp-ux 10.00
hp hp-ux 9.07
hp hp-ux 9.05
hp hp-ux 11.00
hp hp-ux 9.01
ibm aix 3.2.5
ibm aix 4.1.3
sun sunos 5.5.1
CVE-1999-0099 HIGH

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
convex convexos 10.1
ibm aix 3.2
sun sunos 5.4
bsdi bsd_os 2.0
bsdi bsd_os 2.0.1
cray unicos 9.0
ibm aix 4.1
cray unicos 8.3
sun sunos 4.1.4
sun solaris 2.4
convex convexos 10.2
cray unicos 8.0
sun sunos 4.1.3
sun sunos 4.1.3u1
convex convexos 11.0
convex spp-ux 3
sun sunos 5.3
convex convexos 11.1
CVE-1999-0104 MEDIUM

A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3u1
hp hp-ux *
microsoft windows_nt 4.0
microsoft windows_95 0a
sun sunos 4.1.4
caldera openlinux 2.0
CVE-1999-0109 HIGH

Buffer overflow in ffbconfig in Solaris 2.5.1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 2.5.1
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0120 HIGH

Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos -
CVE-1999-0125 MEDIUM

Buffer overflow in SGI IRIX mailx program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sun solaris 2.5
sun sunos -
sun solaris 2.5.1
redhat linux 4.2
sgi irix 6.3
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
sgi irix 5.2
CVE-1999-0128 MEDIUM

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm sng *
ibm aix 3.2
sun sunos 5.4
sco internet_faststart 1.1
linux linux_kernel 1.3.0
sco internet_faststart 1.0
ibm aix 4.1
sun sunos 5.5
sco openserver 5.0
sco open_desktop 3.0
linux linux_kernel 2.0
digital osf_1 1.3.3
ibm sng 2.2
ibm sng 2.1
ibm aix 4.2
sco tcp_ip 1.2.1
sun sunos 5.5.1
sco openserver 5.0.2
CVE-1999-0129 MEDIUM

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
eric_allman sendmail 8.8.2
sun sunos 5.4
sco internet_faststart 1.1
sun solaris 2.5.1
hp hp-ux 10.20
hp hp-ux 10.01
sun sunos 5.5
sco openserver 5.0
sun sunos 4.1.3u1
bsdi bsd_os 2.1
eric_allman sendmail 8.8.1
sun solaris 2.5
freebsd freebsd 2.1.6
eric_allman sendmail 8.8.3
sun sunos 5.3
ibm aix 4.2
sco openserver 5.0.2
ibm aix 3.2
hp hp-ux 10.10
sco internet_faststart 1.0
eric_allman sendmail 8.8
ibm aix 4.1
sun sunos 4.1.4
sun solaris 2.4
hp hp-ux 10.16
hp hp-ux 10.00
freebsd freebsd 2.1.5
freebsd freebsd 2.1.6.1
sun sunos 5.5.1
CVE-1999-0132 LOW

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3c
sun sunos 5.4
hp hp-ux 9
sun sunos 5.0
hp hp-ux 10
sun solaris 2.4
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
sun sunos 4.1.3u1
sun sunos 5.3
sun sunos 5.2
sun sunos 5.1
CVE-1999-0134 HIGH

vold in Solaris 2.x allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0135 HIGH

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 2.5.1
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0136 HIGH

Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0139 HIGH

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
CVE-1999-0142 HIGH

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java *
netscape navigator *
CVE-1999-0143 MEDIUM

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
mit kerberos 4.0
mit kerberos_5 -
sun sunos 5.3
process_software multinet 3.4
process_software multinet 3.5
CVE-1999-0164 MEDIUM

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.3
CVE-1999-0165 HIGH

NFS cache poisoning.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 3.5
linux linux_kernel 2.6.20.1
sun sunos 5.4
sun sunos 4.0.1
sun sunos 4.0.2
sun sunos 5.0
sun sunos 4.1.4
sun solaris 2.4
sun sunos 4.0
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
sun nfs *
sun sunos 4.1
sun sunos -
sun sunos 5.3
sun sunos 5.2
sun sunos 4.0.3
bsdi bsd_os *
sun sunos 5.1
CVE-1999-0166 MEDIUM

NFS allows users to use a "cd .." command to access other directories besides the exported file system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun nfs *
CVE-1999-0167 MEDIUM

In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.1
CVE-1999-0168 HIGH

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3c
sun sunos 4.1.3
CVE-1999-0169 HIGH

NFS allows attackers to read and write any file on the system by specifying a false UID.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun nfs *
CVE-1999-0185 HIGH

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3u1
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun sunos 4.1.4
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0186 HIGH

In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.6
CVE-1999-0188 HIGH

The passwd command in Solaris can be subjected to a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0189 HIGH

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0190 HIGH

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0209 MEDIUM

The SunView (SunTools) selection_svc facility allows remote users to read files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 3.5
sun sunos 4.1
sun sunos 4.0.1
sun sunos 4.0.2
sun sunos 4.0.3
sun sunos 4.0
sun sunos 4.1.1
CVE-1999-0210 HIGH

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun solaris 2.5.1
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0211 MEDIUM

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3c
sun sunos 5.0
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-0212 HIGH

Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
sun sunos 5.0
CVE-1999-0213 HIGH

libnsl in Solaris allowed an attacker to perform a denial of service of rpcbind.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0214 HIGH

Denial of service by sending forged ICMP unreachable packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos 4.1.2
sun sunos 4.1.1
CVE-1999-0217 MEDIUM

Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3a1
sun sunos 4.1
sun sunos 4.1psr_a
sun sunos 4.0.3
sun sunos 4.0.3c
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-0223 LOW

Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
CVE-1999-0241 HIGH

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xfree86_project x11r6 *
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sgi irix *
CVE-1999-0254 HIGH

A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.6
CVE-1999-0263 MEDIUM

Solaris SUNWadmap can be exploited to obtain root access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos -
CVE-1999-0273 MEDIUM

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.5.1
CVE-1999-0277 HIGH

The WorkMan program can be used to overwrite any file to get root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.0
CVE-1999-0295 HIGH

Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0296 HIGH

Solaris volrmmount program allows attackers to read any file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos -
sun solaris 2.6
CVE-1999-0298 HIGH

ypbind with -ypset and -ypsetme options activated in Linux Slackware and SunOS allows local and remote attackers to overwrite files via a .. (dot dot) attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux 2.3
slackware slackware_linux 2.2
sun sunos 4.1.4
slackware slackware_linux 2.1
sun sunos 4.1.3
CVE-1999-0300 HIGH

nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0301 HIGH

Buffer overflow in SunOS/Solaris ps command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0302 HIGH

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.3
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0303 MEDIUM

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
openbsd openbsd 2.1
netbsd netbsd 1.3.1
sun sunos 5.4
sun solaris 1.1.3
sun sunos 5.0
sun solaris 1.1.4
sun sunos 4.1.4
sun solaris 2.4
sun sunos 5.5
sun sunos 4.1.3
openbsd openbsd 2.2
sun solaris 2.5
digital osf_1 1.1
sun sunos -
netbsd netbsd 1.3
sun sunos 5.3
sun sunos 5.2
sun sunos 5.1
sun sunos 5.5.1
CVE-1999-0315 HIGH

Buffer overflow in Solaris fdformat command gives root access to local users.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0318 HIGH

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11
sun sunos 5.7
sun sunos 5.8
redhat linux 6.0
sun solaris 2.6
sun sunos 5.5.1
ibm aix 4
CVE-1999-0320 HIGH

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3u1
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun sunos 4.1.4
sun solaris 2.4
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0321 HIGH

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
CVE-1999-0334 HIGH

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
sun sunos 5.0
CVE-1999-0339 HIGH

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun sunos 5.3
sun solaris 2.5.1
sun sunos 5.2
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0345 MEDIUM

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ibm aix 3.2
sco internet_faststart 1.1
sco openserver 5
sun sunos *
sco internet_faststart 1.0
freebsd freebsd 1.0
ibm aix 4.1
freebsd freebsd 1.2
freebsd freebsd 2.0
freebsd freebsd 1.1.5.1
ibm sng 2.2
ibm sng 2.1
freebsd freebsd 2.0.5
ibm aix 4.2
sco open_desktop 3
freebsd freebsd 1.1
CVE-1999-0369 HIGH

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
sun sunos 5.4
sun solaris 1.1.3
sun sunos 5.0
sun solaris 1.1.4
sun sunos 4.1.4
sun solaris 2.4
sun sunos 5.5
sun sunos 4.1.3
sun solaris 2.5
sun sunos -
sun sunos 5.3
sun sunos 5.2
sun sunos 5.1
sun sunos 5.5.1
CVE-1999-0370 MEDIUM

In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.4
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0408 HIGH

Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq *
CVE-1999-0410 HIGH

The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos -
CVE-1999-0417 LOW

64 bit Solaris 7 procfs allows local users to perform a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
CVE-1999-0440 HIGH

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape navigator 4.5
netscape navigator 4.61
netscape communicator 4.5
netscape navigator 4.04
netscape navigator 4.02
netscape navigator 4.03
sun java *
netscape navigator 4.05
netscape navigator 4.07
netscape navigator 4.01
netscape navigator 4.06
netscape navigator 4.0
netscape navigator 4.08
CVE-1999-0442 LOW

Solaris ff.core allows local users to modify files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0493 HIGH

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
CVE-1999-0502 HIGH

A Unix account has a default, null, blank, or missing password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 11
sun sunos 5.7
sun sunos 5.8
redhat linux 6.0
hp hp-ux 10.20
sun solaris 2.6
sun sunos 5.5.1
CVE-1999-0513 MEDIUM

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0d
sun sunos 5.4
sun solaris 2.5.1
freebsd freebsd 2.2.4
hp hp-ux 10.20
sun solaris 2.6
digital unix 3.2g
sun sunos 5.5
linux linux_kernel 2.0
freebsd freebsd 1.1.5.1
freebsd freebsd 2.2.3
sun solaris 2.5
sun sunos -
freebsd freebsd 2.1.6
freebsd freebsd 2.0.5
ibm aix 3.2.4
linux linux_kernel 2.1
freebsd freebsd 2.1.0
ibm aix 3.2
digital unix 4.0b
netbsd netbsd 1.2
sun solaris 2.4
ibm aix 3.1
digital unix 4.0
freebsd freebsd 2.1.5
hp hp-ux 11.00
digital unix 4.0a
freebsd freebsd 2.1.7.1
ibm aix 3.2.5
sun sunos 5.5.1
digital unix 4.0c
freebsd freebsd 2.2.2
CVE-1999-0517 HIGH

An SNMP community name is the default (e.g. public), null, or missing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-200,

Products Affected

Vendor Product Version
hp hp-ux 11.00
sun sunos 5.0
hp hp-ux 10
CVE-1999-0568 HIGH

rpc.admind in Solaris is not running in a secure mode.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
CVE-1999-0626 LOW

A version of rusers is running that exposes valid user information to any entity on the network.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun rpc.ruserd *
CVE-1999-0674 HIGH

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.3.1
sun sunos 5.4
openbsd openbsd 2.5
openbsd openbsd 2.4
openbsd openbsd 2.3
sun solaris 2.6
sun sunos 5.5
sun solaris 2.5
sun solaris 7.0
sun sunos -
netbsd netbsd 1.2.1
sun sunos 5.3
netbsd netbsd 1.3.3
openbsd openbsd 2.1
netbsd netbsd 1.2
sun solaris 2.4
netbsd netbsd 1.1
openbsd openbsd 2.2
netbsd netbsd 1.4
openbsd openbsd 2.0
netbsd netbsd 1.3
sun sunos 5.7
sun sunos 5.2
netbsd netbsd 1.0
sun sunos 5.1
sun sunos 5.5.1
netbsd netbsd 1.3.2
CVE-1999-0676 MEDIUM

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos -
sun solaris 2.5.1
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0687 HIGH

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0d
sun sunos 5.4
ibm aix 4.1.2
sun solaris 2.5.1
ibm aix 4.3.1
ibm aix 4.1.5
sun solaris 2.6
sun sunos 5.5
ibm aix 4.1.4
sun sunos 4.1.3u1
sun solaris 2.5
sun solaris 7.0
ibm aix 4.2.1
sun sunos -
ibm aix 4.1.1
sun sunos 5.3
cde cde 1.1
ibm aix 4.2
cde cde 2.120
cde cde 2.1
ibm aix 4.1
sun sunos 4.1.4
sun solaris 2.4
cde cde 2.0
ibm aix 4.3
sun sunos 5.7
cde cde 1.2
cde cde 1.0.1
cde cde 1.0.2
ibm aix 4.1.3
sun sunos 5.5.1
ibm aix 4.3.2
digital unix 4.0f
CVE-1999-0689 HIGH

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5.1
cde cde 2.1
sun solaris 2.6
cde cde 2.0
sun sunos 5.5
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun sunos 5.7
cde cde 1.2
cde cde 1.1
cde cde 1.0.1
cde cde 1.0.2
cde cde 2.120
sun sunos 5.5.1
CVE-1999-0691 HIGH

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
digital unix 4.0d
sun sunos 5.4
digital unix 4.0e
ibm aix 4.1.2
sun solaris 2.5.1
ibm aix 4.3.1
ibm aix 4.1.5
sun solaris 2.6
sun sunos 5.5
ibm aix 4.1.4
sun solaris 7.0
ibm aix 4.2.1
ibm aix 4.1.1
cde cde 1.1
ibm aix 4.2
cde cde 2.1
ibm aix 4.1
sun solaris 2.4
cde cde 2.0
ibm aix 4.3
sun sunos 5.7
cde cde 1.2
cde cde 1.0.1
cde cde 1.0.2
ibm aix 4.1.3
sun sunos 5.5.1
ibm aix 4.3.2
digital unix 4.0f
CVE-1999-0696 HIGH

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
hp hp-ux 10.24
sun sunos 5.3
hp hp-ux 11.00
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
sun sunos 4.1.3
CVE-1999-0722 HIGH

The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_2 *
CVE-1999-0767 HIGH

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun solaris 2.6
CVE-1999-0773 HIGH

Buffer overflow in Solaris lpset program allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun solaris 2.6
CVE-1999-0786 MEDIUM

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0795 HIGH

The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
sun sunos *
CVE-1999-0797 LOW

NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
CVE-1999-0806 HIGH

Buffer overflow in Solaris dtprintinfo program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.0
CVE-1999-0818 HIGH

Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
CVE-1999-0831 MEDIUM

Denial of service in Linux syslogd via a large number of connections.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cobalt qube 1.0
suse suse_linux 6.2
debian debian_linux 2.2
suse suse_linux 6.3
cobalt qube 2.0
sun cobalt_raq_3i *
sun cobalt_raq_2 *
sun cobalt_raq 1.1
CVE-1999-0833 HIGH

Buffer overflow in BIND 8.2 via NXT records.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
isc bind 8.2
isc bind 8.2.1
CVE-1999-0835 HIGH

Denial of service in BIND named via malformed SIG records.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco openserver 5
sco unixware 2
ibm aix 4.3
sun sunos 5.7
sco unixware 7
CVE-1999-0837 HIGH

Denial of service in BIND by improperly closing TCP sessions via so_linger.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
isc bind 8.2
isc bind 8.2.1
CVE-1999-0840 HIGH

Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
CVE-1999-0841 HIGH

Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
CVE-1999-0848 MEDIUM

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
isc bind 8.2
isc bind 8.2.1
CVE-1999-0851 LOW

Denial of service in BIND named via naptr.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco openserver 5
sco unixware 2
ibm aix 4.3
sun sunos 5.7
sco unixware 7
CVE-1999-0859 LOW

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
CVE-1999-0860 LOW

Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
CVE-1999-0868 HIGH

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 4.0
isc inn 1.5.1
nec goah_intrasv r1.1
nec goah_networksv r2.2
redhat linux 4.1
netscape news_server 1.1
sun sparc *
nec goah_networksv r3.1
nec goah_networksv r1.2
CVE-1999-0875 HIGH

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sun sunos -
microsoft windows_98se *
microsoft windows_95 0a
microsoft windows_2000 *
sun solaris 2.6
microsoft windows_95 0b
CVE-1999-0908 MEDIUM

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
CVE-1999-0948 HIGH

Buffer overflow in uum program for Canna input system allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.2
sgi irix 6.4
sun solaris 7.0
sun sunos -
turbolinux turbolinux 4.2
sgi irix 6.5
sun sunos 5.7
sgi irix 6.3
sun solaris 2.6
CVE-1999-0949 HIGH

Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 5.3
sgi irix 6.2
sgi irix 6.4
sun solaris 7.0
sun sunos -
turbolinux turbolinux 4.2
sgi irix 6.5
sun sunos 5.7
sgi irix 6.3
sun solaris 2.6
CVE-1999-0952 HIGH

Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
CVE-1999-0966 HIGH

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.5
CVE-1999-0973 HIGH

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos 5.4
sun sunos -
sun sunos 5.3
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0974 HIGH

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos 5.4
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0977 HIGH

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-0982 HIGH

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun web-based_enterprise_management 2.0
sun solaris 8.0
sun web-based_enterprise_management 1.0
CVE-1999-1014 MEDIUM

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
CVE-1999-1021 HIGH

NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos 4.1.2
sun sunos 4.1.1
CVE-1999-1023 MEDIUM

useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
CVE-1999-1025 MEDIUM

CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.6
sun sunos -
sun solaris 2.6
CVE-1999-1026 HIGH

aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the /tmp/.asppp.fifo file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 2.5.1
sun solaris 2.4
CVE-1999-1027 HIGH

Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.6
CVE-1999-1080 HIGH

rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
CVE-1999-1102 LOW

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple a_ux 2.0.1
bsd bsd 4.3
sun sunos *
sgi irix *
CVE-1999-1118 LOW

ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.6
CVE-1999-1122 MEDIUM

Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.0.1
sun sunos *
sun sunos 4.0
CVE-1999-1123 HIGH

The installation of Sun Source (sunsrc) tapes allows local users to gain root privileges via setuid root programs (1) makeinstall or (2) winstall.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos 4.0.3
sun sunos 4.1.1
CVE-1999-1137 LOW

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
sun sunos 4.1
sun sunos *
sun sunos 5.0
CVE-1999-1142 HIGH

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
CVE-1999-1158 HIGH

Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.3
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-1191 HIGH

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun solaris 2.5.1
sun sunos *
sun solaris 2.4
sun sunos 5.5
CVE-1999-1192 HIGH

Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.3
sun sunos *
sun sunos 5.5
CVE-1999-1197 HIGH

TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.1
CVE-1999-1211 HIGH

Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
CVE-1999-1212 HIGH

Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.0.3
sun sunos 4.0.3c
CVE-1999-1225 MEDIUM

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
linux linux_kernel 2.6.20.1
openbsd openbsd *
digital ultrix *
netbsd netbsd 2.0.4
CVE-1999-1258 MEDIUM

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos *
CVE-1999-1297 LOW

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos -
sun sunos 4.1.4
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-1318 HIGH

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3c
sun sunos *
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-1371 HIGH

Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos -
sun sunos 5.7
sun sunos 5.5.1
CVE-1999-1388 MEDIUM

passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
CVE-1999-1396 HIGH

Vulnerability in integer multiplication emulation code on SPARC architectures for SunOS 4.1 through 4.1.2 allows local users to gain root access or cause a denial of service (crash).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos 4.1.2
sun sunos 4.1.1
CVE-1999-1402 LOW

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 3.0
sun solaris 2.5.1
freebsd freebsd 2.2.4
sun sunos 5.0
sun solaris 2.6
sun sunos 4.0
sun sunos 5.5
freebsd freebsd 2.2.8
freebsd freebsd 2.2.5
freebsd freebsd 2.2.3
sun solaris 2.5
freebsd freebsd 2.2.6
freebsd freebsd 3.1
sun sunos -
sun sunos 5.5.1
freebsd freebsd 2.2.2
CVE-1999-1413 MEDIUM

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun solaris 2.4
CVE-1999-1419 HIGH

Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.3
sun solaris 2.4
CVE-1999-1423 LOW

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos 5.3
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-1424 MEDIUM

Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions when adding new users to the NIS+ password table, which allows local users to gain root access by modifying their password table entries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solstice_adminsuite 2.1
sun solstice_adminsuite 2.2
CVE-1999-1425 MEDIUM

Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write permissions on source files for NIS maps, which could allow local users to gain privileges by modifying /etc/passwd.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solstice_adminsuite 2.1
sun solstice_adminsuite 2.2
CVE-1999-1426 MEDIUM

Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solstice_adminsuite 2.1
sun solstice_adminsuite 2.2
CVE-1999-1427 MEDIUM

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solstice_adminsuite 2.1
sun solstice_adminsuite 2.2
CVE-1999-1428 MEDIUM

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solstice_adminsuite 2.1
sun solstice_adminsuite 2.2
CVE-1999-1432 HIGH

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun sunos 5.4
sun sunos -
sun solaris 2.5.1
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-1999-1438 HIGH

Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local users to gain root privileges via certain command line arguments.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1
sun sunos *
sun sunos 4.0.3
CVE-1999-1449 LOW

SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.4
CVE-1999-1467 HIGH

Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.0.1
sun sunos 4.0.2
sun sunos 4.0.3
sun sunos 4.0.3c
sun sunos 4.0
CVE-1999-1468 MEDIUM

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 3.3.1
next next 2.0
next next 2.1
sun sunos 4.1psr_a
sgi irix 4.0
sun sunos 4.0.3c
sun sunos 4.1.1
cray unicos 6.0e
sun sunos 4.1
cray unicos 6.1
cray unicos 6.0
sgi irix 3.3.2
sun sunos 4.0.3
sgi irix 3.3.3
sgi irix 3.3
CVE-1999-1506 HIGH

Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, allows remote attackers to access user bin.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 3.5
sun sunos 4.0.1
sun sunos 4.0.2
sun sunos 4.0.3
sun sunos 4.0.3c
sun sunos 4.0
CVE-1999-1507 HIGH

Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3u1
sun sunos 4.1.3c
sun sunos 4.1
sun sunos 4.1psr_a
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-1527 HIGH

Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun netbeans_developer 3.0_beta
sun forte community_1.0_beta
CVE-1999-1530 LOW

cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
CVE-1999-1580 HIGH

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3u1
sun sunos 4.1.3c
sendmail sendmail 5.61
sendmail sendmail 5.59
sun sunos 4.1.4jl
sendmail sendmail 5.65
sun sunos 4.1.4
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-1584 HIGH

Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3c
sun sunos 4.1.2
sun sunos 4.1.1
sun openwindows 3.0
sun sunos 4.1.3
CVE-1999-1585 HIGH

The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.0
CVE-1999-1586 HIGH

loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 4.1.3c
sun sunos 4.1.2
sun sunos 4.1.1
sun sunos 4.1.3
CVE-1999-1587 LOW

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-1999-1588 HIGH

Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen (aka System V listener) port, TCP port 2766.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-119,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 2.5.1
sun solaris 2.4
CVE-2000-0030 MEDIUM

Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
CVE-2000-0032 HIGH

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
CVE-2000-0055 HIGH

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos 5.4
sun sunos -
sun sunos 5.3
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-2000-0069 LOW

The recover program in Solstice Backup allows local users to restore sensitive files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solstice_backup 5.1
CVE-2000-0117 HIGH

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq 1.0
sun cobalt_raq_2 *
CVE-2000-0118 HIGH

The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
sun sunos 5.4
redhat linux 5.2
sun solaris 1.1.3
redhat linux 4.1
sun sunos 5.0
redhat linux 6.0
redhat linux 5.1
sun sunos 5.5
sun sunos 4.1.3
redhat linux 5.0
redhat linux 2.1
redhat linux 2.0
sun sunos -
sun sunos 5.3
redhat linux 4.0
sun solaris 1.1.4
sun sunos 4.1.4
sun solaris 2.4
redhat linux 6.1
redhat linux 3.0.3
sun sunos 5.2
redhat linux 4.2
sun sunos 5.1
CVE-2000-0164 HIGH

The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_isp_server 2.0
CVE-2000-0174 MEDIUM

StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun staroffice 5.1
CVE-2000-0175 HIGH

Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun staroffice 5.1
CVE-2000-0210 LOW

The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun workshop 5.0
CVE-2000-0234 MEDIUM

The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
CVE-2000-0291 MEDIUM

Buffer overflow in Star Office 5.1 allows attackers to cause a denial of service by embedding a long URL within a document.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun staroffice 5.1
CVE-2000-0316 HIGH

Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
CVE-2000-0317 HIGH

Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun solaris 2.6
CVE-2000-0320 MEDIUM

Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
qualcomm qpopper 3.0
sun cobalt_raq_3i *
sun cobalt_raq_2 *
qualcomm qpopper 2.53
CVE-2000-0337 HIGH

Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2000-0407 HIGH

Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2000-0431 HIGH

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
CVE-2000-0442 HIGH

Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
qualcomm qpopper 2.52
qualcomm qpopper 2.53
CVE-2000-0471 HIGH

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
sun sunos 5.4
sun solaris 5.6
sun solaris 2.5.1
sun solaris 1.1.3
sun sunos 5.0
sun solaris 5.5.1
sun solaris 2.6
sun solaris 5.5
sun sunos 5.5
sun sunos 4.1.3
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun sunos 5.3
sun solaris 5.4
sun sunos 5.6
sun solaris 1.1.4
sun sunos 4.1.4
sun solaris 2.4
sun sunos 5.7
sun sunos 5.2
sun sunos 5.8
sun sunos 5.1
sun sunos 5.5.1
CVE-2000-0629 HIGH

The default configuration of the Sun Java web server 2.0 and earlier allows remote attackers to execute arbitrary commands by uploading Java code to the server via board.html, then directly calling the JSP compiler servlet.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_server 2.0
sun java_system_web_server 1.1.3
CVE-2000-0696 HIGH

The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_answerbook2 1.4
sun solaris_answerbook2 1.4.2
sun solaris_answerbook2 1.3
sun solaris_answerbook2 1.4.1
CVE-2000-0697 HIGH

The administration interface for the dwhttpd web server in Solaris AnswerBook2 allows interface users to remotely execute commands via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_answerbook2 1.4
sun solaris_answerbook2 1.4.2
sun solaris_answerbook2 1.3
sun solaris_answerbook2 1.4.1
CVE-2000-0812 HIGH

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_server 1.1.2
sun java_system_web_server 2.0
sun java_system_web_server 1.1_beta
sun java_system_web_server 1.1.3
CVE-2000-0844 HIGH

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sgi irix 6.5.4
turbolinux turbolinux 6.0.1
sgi irix 6.4
redhat linux 6.2
slackware slackware_linux 7.1
redhat linux 5.2
debian debian_linux 2.0
ibm aix 4.1.2
ibm aix 4.3.1
sun sunos 5.0
sun solaris 2.6
conectiva linux 4.1
redhat linux 5.0
conectiva linux 4.0es
turbolinux turbolinux 6.0.3
debian debian_linux 2.1
suse suse_linux 6.2
suse suse_linux 6.4
ibm aix 4.1.1
suse suse_linux 6.3
sun sunos 5.3
sgi irix 6.5
trustix secure_linux 1.0
sgi irix 6.5.3
sgi irix 6.2
ibm aix 4.1
ibm aix 4.0
sgi irix 6.5.3f
caldera openlinux *
turbolinux turbolinux 6.0.2
turbolinux turbolinux 6.0.4
sun sunos 5.7
sun sunos 5.8
sgi irix 6.5.1
conectiva linux 4.2
ibm aix 3.2.5
sun sunos 5.1
sun sunos 5.5.1
sun sunos 5.4
sgi irix 6.5.8
redhat linux 6.0
conectiva linux 5.1
ibm aix 4.1.5
turbolinux turbolinux 6.0
redhat linux 5.1
sun sunos 5.5
trustix secure_linux 1.1
ibm aix 4.1.4
slackware slackware_linux 7.0
ibm aix 4.2.1
sgi irix 6.5.7
mandrakesoft mandrake_linux 7.1
immunix immunix 6.2
ibm aix 3.2.4
ibm aix 4.2
mandrakesoft mandrake_linux 7.0
debian debian_linux 2.3
suse suse_linux 6.1
ibm aix 3.2
debian debian_linux 2.2
sgi irix 6.5.2m
redhat linux 6.1
sgi irix 6.5.6
conectiva linux 4.0
sgi irix 6.5.3m
ibm aix 4.3
sun sunos 5.2
caldera openlinux_eserver 2.3
sgi irix 6.3
suse suse_linux 7.0
conectiva linux 5.0
ibm aix 4.1.3
ibm aix 4.3.2
caldera openlinux_ebuilder 3.0
CVE-2000-0949 HIGH

Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
lbl lbl_traceroute 1.4a5
sun sunos 5.5.1
CVE-2000-0958 MEDIUM

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun hotjava_browser 3.0
CVE-2000-1075 MEDIUM

Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape directory_server 4.12
sun iplanet_certificate_management_system 4.2
CVE-2000-1076 HIGH

Netscape (iPlanet) Certificate Management System 4.2 and Directory Server 4.12 stores the administrative password in plaintext, which could allow local and possibly remote attackers to gain administrative privileges on the server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netscape directory_server 4.12
sun iplanet_certificate_management_system 4.2
CVE-2000-1099 MEDIUM

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jdk 1.2.1
sun jdk 1.2.2
sun jdk *
CVE-2000-1156 LOW

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun staroffice 5.2
CVE-2001-0059 MEDIUM

patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
CVE-2001-0077 MEDIUM

The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cluster 2.0
CVE-2001-0078 LOW

in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cluster 2.0
CVE-2001-0095 LOW

catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
CVE-2001-0115 HIGH

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos 5.4
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-0124 HIGH

Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-0165 HIGH

Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2001-0190 HIGH

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos *
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-0229 HIGH

Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun chilisoft *
CVE-2001-0236 HIGH

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2001-0269 HIGH

pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2001-0283 MEDIUM

Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sun_ftp build_9
CVE-2001-0353 HIGH

Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2001-0401 HIGH

Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-0403 HIGH

/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.0
CVE-2001-0404 MEDIUM

Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun javaserver_web_dev_kit 1.0.1
CVE-2001-0421 MEDIUM

FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
sun solaris 2.6
CVE-2001-0422 HIGH

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.3
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-0423 HIGH

Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
CVE-2001-0426 HIGH

Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2001-0470 HIGH

Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local users to gain root privileges by calling snmpd with a long program name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2001-0526 MEDIUM

Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 8.0
CVE-2001-0548 MEDIUM

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
CVE-2001-0554 HIGH

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netbsd netbsd 1.5.1
openbsd openbsd 2.4
ibm aix 4.3.1
sun sunos 5.0
sun solaris 2.6
netkit linux_netkit 0.12
netbsd netbsd 1.4.1
netbsd netbsd 1.2.1
sun sunos 5.3
freebsd freebsd 2.1
sgi irix 6.5
mit kerberos_5 1.2.1
freebsd freebsd 3.5
freebsd freebsd 4.3
openbsd openbsd 2.8
freebsd freebsd 3.5.1
freebsd freebsd 4.2
freebsd freebsd 3.0
freebsd freebsd 2.2.7
freebsd freebsd 2.2
freebsd freebsd 4.1.1
netkit linux_netkit 0.10
ibm aix 5.1
freebsd freebsd 2.1.7
openbsd openbsd 2.2
netbsd netbsd 1.4
openbsd openbsd 2.7
openbsd openbsd 2.0
freebsd freebsd 2.1.5
mit kerberos_5 1.1
sun sunos 5.7
sun sunos 5.8
netbsd netbsd 1.0
freebsd freebsd 2.1.7.1
sun sunos 5.1
freebsd freebsd 3.4
sun sunos 5.5.1
netbsd netbsd 1.3.2
mit kerberos_5 1.1.1
netbsd netbsd 1.4.2
mit kerberos_5 1.2
netbsd netbsd 1.3.1
freebsd freebsd 3.3
sun sunos 5.4
freebsd freebsd 2.2.1
mit kerberos 1.0
openbsd openbsd 2.5
freebsd freebsd 2.2.4
openbsd openbsd 2.3
sun sunos 5.5
freebsd freebsd 2.2.5
freebsd freebsd 2.2.3
netkit linux_netkit 0.11
ibm aix 4.3.3
freebsd freebsd 2.1.6
freebsd freebsd 2.0.5
freebsd freebsd 2.0.1
freebsd freebsd 2.1.0
freebsd freebsd 4.0
freebsd freebsd 4.1
netbsd netbsd 1.3.3
openbsd openbsd 2.1
debian debian_linux 2.2
netbsd netbsd 1.5
netbsd netbsd 1.2
netbsd netbsd 1.1
freebsd freebsd 2.2.8
openbsd openbsd 2.6
freebsd freebsd 2.0
freebsd freebsd 2.2.6
freebsd freebsd 3.1
freebsd freebsd 2.1.6.1
netbsd netbsd 1.3
netbsd netbsd 1.4.3
ibm aix 4.3
sun sunos 5.2
freebsd freebsd 3.2
mit kerberos_5 1.2.2
ibm aix 4.3.2
freebsd freebsd 2.2.2
CVE-2001-0565 MEDIUM

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos *
sun sunos 5.7
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-0594 MEDIUM

kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2001-0595 MEDIUM

Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
CVE-2001-0606 MEDIUM

Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with VirtualVault A.04.00 allows a remote attacker to create a denial of service via the HTTPS service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun iplanet_web_server 4.1
hp virtualvault 4.0
CVE-2001-0632 HIGH

Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun chilisoft 3.6
sun chilisoft 3.5.2
CVE-2001-0633 MEDIUM

Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a '..' (dot dot) attack in the sample script 'codebrws.asp'.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun chilisoft *
CVE-2001-0634 HIGH

Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun chilisoft *
CVE-2001-0652 HIGH

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos *
CVE-2001-0686 MEDIUM

Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 5.8
sun solaris 8.0
CVE-2001-0699 HIGH

Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2001-0701 HIGH

Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunvts 4.0
sun sunvts 4.2
sun sunvts 4.1
sun sunvts 4.3
CVE-2001-0779 HIGH

Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2001-0797 HIGH

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 3.3.1
sun sunos 5.4
hp hp-ux 10.24
sco openserver 5.0.1
sgi irix 3.2
sun solaris 2.5.1
ibm aix 4.3.1
sun sunos 5.0
hp hp-ux 10.20
sco openserver 5.0.6a
sun solaris 2.6
sun solaris 8.0
hp hp-ux 10.01
sun sunos 5.5
sco openserver 5.0
sun solaris 2.5
sun solaris 7.0
hp hp-ux 11.11
ibm aix 4.3.3
sun sunos -
sun sunos 5.3
sco openserver 5.0.2
hp hp-ux 10.10
sco openserver 5.0.6
sun solaris 2.4
ibm aix 5.1
hp hp-ux 10.00
ibm aix 4.3
sgi irix 3.3.2
sun sunos 5.7
sun sunos 5.2
hp hp-ux 11.00
sun sunos 5.8
sco openserver 5.0.5
sun sunos 5.1
hp hp-ux 11.0.4
sgi irix 3.3.3
sun sunos 5.5.1
sco openserver 5.0.4
sgi irix 3.3
ibm aix 4.3.2
sco openserver 5.0.3
CVE-2001-0922 HIGH

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun netdynamics 4.1
sun netdynamics 5.0
sun netdynamics 4.1.3
sun netdynamics 4.1.2
sun netdynamics 4.0
CVE-2001-1008 HIGH

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.3.0
sun java_plug-in 1.4
CVE-2001-1066 LOW

ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
CVE-2001-1075 MEDIUM

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
CVE-2001-1076 HIGH

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-1244 MEDIUM

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
netbsd netbsd 1.5.1
netbsd netbsd 1.5
openbsd openbsd 2.9
microsoft windows_nt 4.0
microsoft windows_2000 *
hp vvos 11.04
linux linux_kernel 2.4.4
linux linux_kernel 2.4.2
linux linux_kernel 2.4.1
hp hp-ux 11.11
linux linux_kernel 2.4.5
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
linux linux_kernel 2.4.3
linux linux_kernel 2.4.0
hp hp-ux 11.0.4
sun sunos 5.5.1
freebsd freebsd 4.3
openbsd openbsd 2.8
CVE-2001-1306 HIGH

iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid BER length of length fields, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun iplanet_directory_server *
CVE-2001-1307 HIGH

Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun iplanet_directory_server *
CVE-2001-1308 HIGH

Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun iplanet_directory_server *
CVE-2001-1328 HIGH

Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.4
sun sunos 5.6
sun sunos 5.7
sun sunos 5.8
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-1414 HIGH

The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2001-1479 LOW

smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun management+center 2.0
CVE-2001-1480 HIGH

Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sdk 1.3.0
sun jdk 1.2.2_07
sun sdk 1.1.3
sun jre 1.2.2_007
sun jdk 1.2.2_07a
sun jre 1.3.0
sun jdk 1.3.0_02
sun jre 1.2.2
sun jre 1.2.2_005
sun jre 1.2.2_006
sun jre 1.2.2_004
apple mac_os_runtime_for_java 2.2.4
sun jre 1.2.2_003
sun jre 1.2.2_07
CVE-2001-1503 LOW

The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5
sun solaris 7.0
sun sunos 5.6
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
sun sunos 5.5
CVE-2001-1555 MEDIUM

pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2001-1582 HIGH

Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2001-1583 HIGH

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
sun sunos *
CVE-2002-0033 HIGH

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun solaris 2.6
sun solaris 8.0
CVE-2002-0058 MEDIUM

Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sdk 1.3_02
microsoft virtual_machine 3802
sun jdk 1.1.8
sun sdk 1.2.2_010
sun jre 1.1.8
sun sdk 1.1.8_007
sun jre 1.3.0
sun jre 1.2.2
sun sdk 1.2.2_10
CVE-2002-0076 HIGH

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp java_jre-jdk 1.3
microsoft virtual_machine 3802
sun jre 1.1.8
sun sdk 1.3_05
hp java_jre-jdk 1.2.2
sun sdk 1.3.1_01
sun sdk 1.2.2_10
sun sdk 1.3.1_01a
sun jdk 1.1.8
sun sdk 1.2.2_010
sun jre 1.3.0
sun jre 1.2.2
sun jre 1.3.1
hp java_jre-jdk 1.1.8
CVE-2002-0084 HIGH

Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
sun solaris 8.0
CVE-2002-0085 MEDIUM

cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
sun solaris 8.0
CVE-2002-0088 HIGH

Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
sun solaris 8.0
CVE-2002-0089 HIGH

Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
sun sunos 5.5
CVE-2002-0090 HIGH

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 8.0
CVE-2002-0158 HIGH

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.6
sun solaris 8.0
CVE-2002-0346 HIGH

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
sun cobalt_raq_4 *
CVE-2002-0347 MEDIUM

Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
sun cobalt_raq_4 *
CVE-2002-0348 HIGH

service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
sun cobalt_raq_4 *
CVE-2002-0360 HIGH

Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_answerbook2 1.4
sun solaris_answerbook2 1.4.2
sun solaris_answerbook2 1.4.3
sun solaris_answerbook2 1.4.1
CVE-2002-0387 HIGH

Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_application_server 6.5
sun one_application_server 6.0
CVE-2002-0391 HIGH

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,CWE-190,

Products Affected

Vendor Product Version
microsoft windows_2000 -
microsoft windows_nt 4.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
openbsd openbsd 3.1
freebsd freebsd *
microsoft windows_xp -
sun solaris 2.6
sun sunos 5.5.1
CVE-2002-0430 LOW

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_3i *
sun cobalt_raq_2 *
sun cobalt_raq_4 *
CVE-2002-0436 HIGH

sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2002-0572 HIGH

FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openbsd openbsd 2.1
sun solaris 2.5.1
freebsd freebsd 4.5
openbsd openbsd 2.3
sun solaris 2.6
sun solaris 8.0
openbsd openbsd 2.2
freebsd freebsd 4.4
sun solaris 7.0
sun sunos -
openbsd openbsd 2.0
sun sunos 5.7
sun sunos 5.8
sun sunos 5.5.1
CVE-2002-0573 HIGH

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2002-0677 HIGH

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
sgi irix 5.3
sgi irix 6.4
hp hp-ux 10.24
sgi irix 6.5.8
hp hp-ux 10.20
caldera openunix 8.0
sun solaris 2.6
caldera unixware 7.1_.0
sgi irix 6.0
sgi irix 6.1
hp hp-ux 11.11
compaq tru64 4.0g
ibm aix 4.3.3
sgi irix 6.5.10
sgi irix 6.5.7
compaq tru64 5.1a
sgi irix 6.5.13
sgi irix 6.5
sgi irix 6.5.5
compaq tru64 5.1
caldera unixware 7.1.1
sgi irix 6.5.3
sgi irix 6.2
caldera unixware 7
xi_graphics dextop 2.1
hp hp-ux 10.10
sgi irix 6.5.9
ibm aix 5.1
sgi irix 6.5.2
sgi irix 6.5.6
sgi irix 6.0.1
compaq tru64 5.0a
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
sgi irix 6.5.12
sgi irix 6.3
sgi irix 6.5.1
sgi irix 6.5.14
sgi irix 6.5.15
compaq tru64 4.0f
sun sunos 5.5.1
sgi irix 6.5.11
sgi irix 5.2
sgi irix 6.5.16
CVE-2002-0678 HIGH

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
sgi irix 5.3
sgi irix 6.4
hp hp-ux 10.24
sun solaris 9.0
sgi irix 6.5.8
hp hp-ux 10.20
caldera openunix 8.0
sun solaris 2.6
sgi irix 6.0
sgi irix 6.1
hp hp-ux 11.11
compaq tru64 4.0g
ibm aix 4.3.3
sgi irix 6.5.10
sgi irix 6.5.7
compaq tru64 5.1a
sgi irix 6.5.13
sgi irix 6.5
sgi irix 6.5.5
compaq tru64 5.1
caldera unixware 7.1.0
caldera unixware 7.1.1
sgi irix 6.5.3
sgi irix 6.2
xi_graphics dextop 2.1
hp hp-ux 10.10
sgi irix 6.5.9
ibm aix 5.1
sgi irix 6.5.2
sgi irix 6.5.6
sgi irix 6.0.1
caldera unixware 7.0
compaq tru64 5.0a
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
sgi irix 6.5.12
sgi irix 6.3
sgi irix 6.5.1
sgi irix 6.5.14
sgi irix 6.5.15
compaq tru64 4.0f
sun sunos 5.5.1
sgi irix 6.5.11
sgi irix 5.2
sgi irix 6.5.16
CVE-2002-0679 HIGH

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
hp hp-ux 10.24
xi_graphics dextop 2.1
hp hp-ux 10.10
sun solaris 9.0
hp hp-ux 10.20
caldera openunix 8.0
sun solaris 2.6
ibm aix 5.1
hp hp-ux 11.11
compaq tru64 4.0g
ibm aix 4.3.3
caldera unixware 7.0
compaq tru64 5.1a
compaq tru64 5.0a
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
compaq tru64 5.1
compaq tru64 4.0f
sun sunos 5.5.1
caldera unixware 7.1.0
caldera unixware 7.1.1
CVE-2002-0796 HIGH

Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.6
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2002-0797 HIGH

Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.6
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2002-0884 HIGH

Multiple format string vulnerabilities in in.rarpd (ARP server) on Solaris, Caldera UnixWare and Open UNIX, and possibly other operating systems, allows remote attackers to execute arbitrary code via format strings that are not properly handled in the functions (1) syserr and (2) error.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0885 HIGH

Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
caldera openunix 8.0
caldera unixware 7.1.1
CVE-2002-0994 HIGH

SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sun_pci_ii_driver 2.3
CVE-2002-1033 MEDIUM

Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun i-runbook 2.5.2
CVE-2002-1034 HIGH

none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun i-runbook 2.5.2
CVE-2002-1042 MEDIUM

Directory traversal vulnerability in search engine for iPlanet web server 6.0 SP2 and 4.1 SP9, and Netscape Enterprise Server 3.6, when running on Windows platforms, allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the NS-query-pat parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun iplanet_web_server 4.1
sun one_application_server 6.0
sun one_web_server 6.0
netscape enterprise_server 3.6
CVE-2002-1199 MEDIUM

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
caldera openlinux 2.2
caldera openlinux 2.3
caldera openlinux 2.4
sun solaris 9.0
sco openserver 5.0.6
sun sunos 5.7
sun sunos 5.8
sco openserver 5.0.5
sco openserver 5.0.6a
CVE-2002-1228 MEDIUM

Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 2.5.1
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
sun sunos 5.5.1
sun sunos 5.5
CVE-2002-1296 HIGH

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2002-1317 HIGH

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
hp hp-ux 10.24
sun solaris 2.5.1
sun solaris 9.0
sgi irix 6.5.8
hp hp-ux 10.20
hp hp-ux 11.22
sun solaris 2.6
sun solaris 8.0
xfree86_project x11r6 3.3.3
hp hp-ux 11.04
sun solaris 7.0
hp hp-ux 11.11
sun sunos -
sgi irix 6.5.10
sgi irix 6.5.7
sgi irix 6.5.13
sgi irix 6.5
sgi irix 6.5.5
xfree86_project x11r6 3.3.2
xfree86_project x11r6 3.3.4
sgi irix 6.5.3
hp hp-ux 10.10
xfree86_project x11r6 3.3.5
sgi irix 6.5.9
sgi irix 6.5.2
sgi irix 6.5.6
xfree86_project x11r6 3.3
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
sgi irix 6.5.12
sgi irix 6.5.1
sun sunos 5.5.1
sgi irix 6.5.11
CVE-2002-1323 MEDIUM

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
sgi irix 6.5.19
sgi irix 6.5.18f
sun solaris 9.0
sgi irix 6.5.22
sgi irix 6.5.8
sgi irix 6.5.18
sco open_unix 8.0
sgi irix 6.5.21m
sun solaris 8.0
sgi irix 6.5.18m
redhat enterprise_linux 2.1
sgi irix 6.5.17
sun linux 5.0.7
sgi irix 6.5.10
sgi irix 6.5.7
sgi irix 6.5.13
sgi irix 6.5
sgi irix 6.5.17m
sgi irix 6.5.19f
sgi irix 6.5.5
sgi irix 6.5.20m
sco unixware 7.1.2
safe.pm safe.pm 2.0_6
sgi irix 6.5.17f
sgi irix 6.5.3
safe.pm safe.pm 2.0_7
sco unixware 7.1.3
redhat linux_advanced_workstation 2.1
sgi irix 6.5.9
sgi irix 6.5.2
sgi irix 6.5.6
sgi irix 6.5.21f
sgi irix 6.5.20f
sun sunos 5.8
sgi irix 6.5.12
sgi irix 6.5.19m
sgi irix 6.5.1
sgi irix 6.5.14
sgi irix 6.5.15
sgi irix 6.5.11
sgi irix 6.5.16
CVE-2002-1337 HIGH

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netbsd netbsd 1.5.1
oracle solaris 8
oracle solaris 2.6
hp hp-ux 10.20
hp hp-ux 11.22
oracle solaris 7.0
netbsd netbsd 1.5.2
hp hp-ux 11.11
sun sunos -
hp alphaserver_sc *
windriver bsdos 5.0
windriver bsdos 4.3.1
sendmail sendmail *
gentoo linux 1.4
netbsd netbsd 1.5
hp hp-ux 10.10
netbsd netbsd 1.6
oracle solaris 9
windriver bsdos 4.2
windriver platform_sa 1.0
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
netbsd netbsd 1.5.3
hp hp-ux 11.0.4
CVE-2002-1344 MEDIUM

Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu wget 1.7.1
gnu wget 1.8.1
sun cobalt_raq_xtr *
gnu wget 1.5.3
gnu wget 1.7
gnu wget 1.8
gnu wget 1.8.2
gnu wget 1.6
CVE-2002-1345 MEDIUM

Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ncftp_software ncftp 3.0.1
ncftp_software ncftp 3.0.3
ncftp_software ncftp 3.0.0
ncftp_software ncftp 3.1.2
sun solaris 2.6
ncftp_software ncftp 3.0.4
ncftp_software ncftp 3.1.1
sun solaris 7.0
ncftp_software ncftp 3.0.2
sun sunos -
openbsd openbsd 3.0
sun sunos 5.7
ncftp_software ncftp 3.1.4
ncftp_software ncftp 3.1.0
ncftp_software ncftp 3.1.3
CVE-2002-1361 HIGH

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cobalt_raq_4 *
CVE-2002-1525 MEDIUM

Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on port (1) 6015 or (2) 6016, or (3) an absolute pathname to port 6017.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
astaware searchdisc 3.1
sun sunone_starter_kit 2.0
CVE-2002-1584 HIGH

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
sgi irix 6.5.19
sgi irix 6.5.6m
sgi irix 6.5.6f
sun solaris 2.6
sgi irix 6.5.15f
sgi irix 6.5.2f
sgi irix 6.5.18m
sgi irix 6.5.8f
sun solaris 7.0
sgi irix 6.5.10
sgi irix 6.5.7m
sgi irix 6.5.17m
sgi irix 6.5.16m
sgi irix 6.5.17f
sgi irix 6.5.3
sgi irix 6.5.10m
sgi irix 6.5.3f
sgi irix 6.5.2
sgi irix 6.5.4m
sgi irix 6.5.9m
sgi irix 6.5.14f
sun sunos 5.7
sgi irix 6.5.5m
sgi irix 6.5.1
sgi irix 6.5.14
sun sunos 5.5.1
sgi irix 6.5.11m
sgi irix 6.5.11f
sgi irix 6.5.9f
sgi irix 6.5.15m
sgi irix 6.5.18f
sgi irix 6.5.13m
sun solaris 2.5.1
sgi irix 6.5.8
sgi irix 6.5.18
sgi irix 6.5.14m
sgi irix 6.5.17
sun sunos -
sgi irix 6.5.7
sgi irix 6.5.10f
sgi irix 6.5.13
sgi irix 6.5.5f
sgi irix 6.5.5
sgi irix 6.5.7f
sgi irix 6.5.8m
sgi irix 6.5.2m
sgi irix 6.5.12m
sgi irix 6.5.9
sgi irix 6.5.6
sgi irix 6.5.13f
sgi irix 6.5.3m
sgi irix 6.5.12
sgi irix 6.5.4f
sgi irix 6.5.15
sgi irix 6.5.11
sgi irix 6.5.12f
sgi irix 6.5.16f
sgi irix 6.5.16
CVE-2002-1585 MEDIUM

Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2002-1586 LOW

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2002-1587 LOW

The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2002-1588 MEDIUM

Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers to cause a denial of service (mailtool segmentation violation and crash) via a malformed mail attachment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun openwindows 3.6.2
sun openwindows 3.6
sun openwindows 3.6.1
CVE-2002-1589 LOW

Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2002-1590 HIGH

The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2002-1763 MEDIUM

The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2002-1871 HIGH

pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode, (2) owner, or (3) group fields, which allows attackers to elevate privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun sunos 5.5.1
CVE-2002-1980 HIGH

Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2002-2005 HIGH

Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_web_start 1.0
sun java_web_start 1.0.1_01
sun java_web_start 1.0.1
CVE-2002-2036 HIGH

Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun ray_server_software 1.3
CVE-2002-2072 MEDIUM

java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.2.2
sun jre 1.3.1
CVE-2002-2089 MEDIUM

Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2002-2197 HIGH

Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll, triggering a NULL pointer dereference.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2002-2203 MEDIUM

Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
CVE-2002-2323 MEDIUM

Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,CWE-281,

Products Affected

Vendor Product Version
sun solaris_pc_netlink *
CVE-2002-2327 MEDIUM

Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2002-2374 HIGH

Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-59,CWE-362,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun patchpro 2.0
CVE-2002-2425 HIGH

Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun solaris_answerbook2 1.4
sun solaris_answerbook2 1.4.2
sun solaris_answerbook2 1.3
sun solaris_answerbook2 1.2
sun solaris_answerbook2 1.4.1
CVE-2003-0027 MEDIUM

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2003-0028 HIGH

Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.19
openbsd openbsd 2.4
sgi irix 6.5.6f
cray unicos 7.0
sun solaris 2.6
gnu glibc 2.2.5
sgi irix 6.5.15f
sgi irix 6.5.18m
hp hp-ux 11.04
openafs openafs 1.0.1
sgi irix 6.5.10
sgi irix 6.5.7m
mit kerberos_5 1.2.7
openafs openafs 1.2.1
sgi irix 6.5.16m
openafs openafs 1.2.4
cray unicos 9.2.4
sgi irix 6.5.3
freebsd freebsd 4.2
sgi irix 6.5.10m
openafs openafs 1.2.3
freebsd freebsd 4.6.2
freebsd freebsd 5.0
cray unicos 9.0
mit kerberos_5 1.2.3
openbsd openbsd 2.7
sgi irix 6.5.9m
openafs openafs 1.3
openbsd openbsd 2.0
sgi irix 6.5.14f
openafs openafs 1.0.2
sgi irix 6.5.5m
sgi irix 6.5.1
sgi irix 6.5.14
gnu glibc 2.2
sun sunos 5.5.1
mit kerberos_5 1.2
sgi irix 6.5.18f
gnu glibc 2.1.1
openbsd openbsd 2.5
sun solaris 9.0
openbsd openbsd 2.3
gnu glibc 2.1
cray unicos 6.0e
hp hp-ux_series_800 10.20
sun sunos -
sgi irix 6.5.7
sgi irix 6.5.10f
sgi irix 6.5.5
gnu glibc 2.1.3
openafs openafs 1.0.4a
freebsd freebsd 4.0
sgi irix 6.5.7f
sgi irix 6.5.8m
openbsd openbsd 2.1
openafs openafs 1.3.1
openafs openafs 1.0.4
openbsd openbsd 3.1
ibm aix 5.2
cray unicos 8.0
openbsd openbsd 2.6
sgi irix 6.5.6
openafs openafs 1.1.1a
openafs openafs 1.2
sgi irix 6.5.13f
sgi irix 6.5.3m
openafs openafs 1.0.3
openafs openafs 1.1
openafs openafs 1.1.1
sgi irix 6.5.4f
sgi irix 6.5.15
sgi irix 6.5.11
openafs openafs 1.3.2
sgi irix 6.5.16f
sgi irix 6.5.16
sgi irix 6.5.4
sgi irix 6.5.6m
hp hp-ux 10.24
mit kerberos_5 1.2.4
hp hp-ux 10.20
hp hp-ux 11.22
gnu glibc 2.3.1
sgi irix 6.5.2f
sgi irix 6.5.8f
freebsd freebsd 4.4
sun solaris 7.0
hp hp-ux 11.11
cray unicos 6.1
sgi irix 6.5
sgi irix 6.5.17m
cray unicos 6.0
openafs openafs 1.0
freebsd freebsd 4.7
gnu glibc 2.3
mit kerberos_5 1.2.1
openafs openafs 1.2.2b
sgi irix 6.5.17f
freebsd freebsd 4.3
openbsd openbsd 2.8
hp hp-ux 11.20
openbsd openbsd 2.9
gnu glibc 2.2.2
freebsd freebsd 4.5
cray unicos 9.2
freebsd freebsd 4.1.1
sgi irix 6.5.3f
ibm aix 5.1
sgi irix 6.5.2
openbsd openbsd 2.2
sgi irix 6.5.4m
mit kerberos_5 1.2.6
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
openafs openafs 1.2.6
gnu glibc 2.3.2
openafs openafs 1.2.5
sgi irix 6.5.11m
sgi irix 6.5.11f
sgi irix 6.5.9f
sgi irix 6.5.15m
mit kerberos_5 1.2.5
openafs openafs 1.2.2
sgi irix 6.5.13m
cray unicos 9.0.2.5
sun solaris 2.5.1
sgi irix 6.5.8
sgi irix 6.5.18
sgi irix 6.5.14m
sun solaris 8.0
sgi irix 6.5.20
sgi irix 6.5.17
ibm aix 4.3.3
sgi irix 6.5.13
sgi irix 6.5.5f
openbsd openbsd 3.0
gnu glibc 2.2.1
freebsd freebsd 4.1
openbsd openbsd 3.2
hp hp-ux_series_700 10.20
sgi irix 6.5.2m
gnu glibc 2.2.4
sgi irix 6.5.12m
cray unicos 8.3
sgi irix 6.5.9
gnu glibc 2.2.3
gnu glibc 2.1.2
openafs openafs 1.2.2a
freebsd freebsd 4.6
sgi irix 6.5.12
mit kerberos_5 1.2.2
sgi irix 6.5.12f
CVE-2003-0058 MEDIUM

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mit kerberos_5 1.2.4
sun solaris 9.0
sun sunos 5.8
mit kerberos_5 1.2.3
sun enterprise_authentication_mechanism 1.0
sun solaris 8.0
mit kerberos_5 1.2.1
mit kerberos_5 1.2.2
CVE-2003-0064 HIGH

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sgi irix 6.5.4
sgi irix 5.3
sgi irix 6.4
sgi irix 6.5.6m
sgi irix 5.1.1
hp hp-ux 10.24
sgi irix 6.5.6f
ibm aix 4.3.1
hp hp-ux 10.20
hp hp-ux 11.22
sun solaris 2.6
sgi irix 6.5.15f
sgi irix 6.5.2f
sgi irix 6.5.18m
sgi irix 6.5.8f
sgi irix 6.1
hp hp-ux 11.04
sun solaris 7.0
hp hp-ux 11.11
sgi irix 6.5.10
sgi irix 6.5.7m
sgi irix 6.5
sgi irix 6.5.17m
sgi irix 6.5.16m
sgi irix 6.5.17f
sgi irix 6.5.3
sgi irix 6.2
hp hp-ux 11.20
sgi irix 6.5.10m
sgi irix 6.5.3f
ibm aix 5.1
sgi irix 6.5.2
sgi irix 6.5.4m
sgi irix 6.5.9m
sgi irix 6.5.14f
sgi irix 5.1
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
sgi irix 6.5.5m
sgi irix 6.5.1
sgi irix 6.5.14
sun sunos 5.5.1
sgi irix 5.2
sgi irix 6.5.11m
sgi irix 6.5.11f
sgi irix 6.5.9f
sgi irix 6.5.15m
sgi irix 6.5.18f
sgi irix 6.5.13m
sun solaris 2.5.1
sun solaris 9.0
sgi irix 6.5.8
sgi irix 6.5.18
sgi irix 6.5.14m
sun solaris 8.0
sgi irix 6.0
sgi irix 6.5.17
ibm aix 4.3.3
sun sunos -
hp hp-ux 10.34
sgi irix 6.5.7
sgi irix 6.5.10f
sgi irix 6.5.13
sgi irix 6.5.5f
sgi irix 5.0
sgi irix 6.5.5
sgi irix 6.5.7f
hp hp-ux 10.30
sgi irix 6.5.8m
sgi irix 6.5.2m
sgi irix 6.5.12m
ibm aix 5.2
sgi irix 5.0.1
sgi irix 6.5.9
sgi irix 6.5.6
sgi irix 6.0.1
sgi irix 6.5.13f
sgi irix 6.5.3m
ibm aix 4.3
sgi irix 6.5.12
sgi irix 6.3
sgi irix 6.5.4f
sgi irix 6.5.15
sgi irix 6.5.11
sgi irix 6.5.12f
ibm aix 4.3.2
hp hp-ux 10.26
sgi irix 6.5.16f
sgi irix 6.5.16
CVE-2003-0091 HIGH

Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun solaris 2.6
sun sunos 5.5.1
CVE-2003-0092 HIGH

Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun sunos 5.5.1
CVE-2003-0161 HIGH

The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail_switch 2.2.4
compaq tru64 5.1_pk3_bl17
sendmail sendmail 8.11.2
sendmail sendmail 8.9.1
hp hp-ux 10.08
sun solaris 2.6
sendmail sendmail 8.9.2
compaq tru64 4.0g_pk3_bl17
sendmail sendmail 2.6
sendmail sendmail 8.12.8
sendmail sendmail_switch 2.2.5
sendmail sendmail 8.9.3
sendmail sendmail_switch 3.0
compaq tru64 5.1b
sendmail sendmail 8.11.3
sun solaris 2.4
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.2.1
hp hp-ux 10.16
sendmail sendmail_switch 3.0.2
compaq tru64 5.1_pk6_bl20
compaq tru64 4.0b
sendmail sendmail 8.12
sun sunos 5.5.1
sendmail sendmail 8.11.0
sun sunos 5.4
sun solaris 9.0
compaq tru64 5.1b_pk1_bl1
hp hp-ux 10.01
sun sunos 5.5
hp hp-ux_series_800 10.20
sun solaris 2.5
sendmail sendmail 3.0
sun sunos -
hp hp-ux 10.34
compaq tru64 5.1a
compaq tru64 5.1a_pk1_bl1
sendmail sendmail 3.0.3
sendmail sendmail 8.12.4
hp hp-ux 10.30
hp hp-ux 10.10
sendmail sendmail 8.12.2
compaq tru64 4.0d_pk9_bl17
hp hp-ux 10.09
sendmail sendmail 8.12.6
compaq tru64 5.1a_pk2_bl2
sendmail sendmail_switch 2.2.3
hp hp-ux 11.0.4
hp hp-ux 10.26
compaq tru64 5.0_pk4_bl17
sendmail sendmail 3.0.1
sendmail sendmail 2.6.2
hp hp-ux 10.24
hp hp-ux 10.20
hp hp-ux 11.22
compaq tru64 5.1_pk4_bl18
compaq tru64 5.0f
sun solaris 7.0
hp hp-ux 11.11
compaq tru64 4.0g
sendmail sendmail_switch 2.1.2
compaq tru64 5.1_pk5_bl19
sendmail sendmail_switch 2.1.3
hp hp-ux 11.20
compaq tru64 5.0a_pk3_bl17
sendmail sendmail 8.11.1
sendmail sendmail 8.11.6
sendmail sendmail_switch 2.1.4
compaq tru64 5.1a_pk3_bl3
sendmail sendmail 8.10
compaq tru64 5.0a
sendmail sendmail 8.11.4
sendmail sendmail 8.12.7
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
sendmail sendmail_switch 2.2
compaq tru64 4.0d
compaq tru64 4.0f
compaq tru64 5.0_pk4_bl18
compaq tru64 4.0f_pk7_bl18
sendmail sendmail_switch 3.0.1
compaq tru64 5.0
sun solaris 2.5.1
sendmail sendmail 8.9.0
sendmail sendmail_switch 2.1.5
sendmail sendmail 8.12.5
sun solaris 8.0
sendmail sendmail_switch 2.1.1
sendmail sendmail 3.0.2
hp sis *
compaq tru64 5.1
compaq tru64 4.0f_pk6_bl17
sendmail sendmail 8.11.5
sendmail sendmail 8.10.1
hp hp-ux_series_700 10.20
sendmail sendmail_switch 2.2.2
sendmail sendmail_switch 2.1
sendmail sendmail 8.12.0
hp hp-ux 10.00
sendmail sendmail 8.10.2
sendmail sendmail_switch 3.0.3
sendmail sendmail 8.12.1
sendmail sendmail 2.6.1
CVE-2003-0196 HIGH

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.2.4
hp hp-ux 10.24
compaq tru64 5.1_pk3_bl17
hp cifs-9000_server a.01.08
hp cifs-9000_server a.01.08.01
hp hp-ux 10.20
hp hp-ux 11.22
compaq tru64 5.1_pk4_bl18
compaq tru64 5.0f
sun solaris 2.6
hp cifs-9000_server a.01.09.01
samba samba 2.2.7
samba samba 2.2.6
hp hp-ux 11.04
samba-tng samba-tng 0.3.1
samba samba 2.0.5
sun solaris 7.0
hp hp-ux 11.11
compaq tru64 4.0g
samba samba 2.0.10
samba samba 2.2.0a
compaq tru64 5.1_pk5_bl19
samba samba 2.2.8
compaq tru64 4.0g_pk3_bl17
samba samba 2.0.8
samba-tng samba-tng 0.3
samba samba 2.0.9
samba samba 2.0.4
samba samba 2.0.7
samba samba 2.2.1a
hp hp-ux 11.20
compaq tru64 5.1b
samba samba 2.2.7a
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1a_pk3_bl3
hp cifs-9000_server a.01.05
compaq tru64 5.1_pk6_bl20
samba samba 2.0.6
compaq tru64 5.0a
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
samba samba 2.2.3a
compaq tru64 4.0d
samba samba 2.2.3
compaq tru64 4.0b
compaq tru64 4.0f
compaq tru64 5.0_pk4_bl18
sun sunos 5.5.1
hp cifs-9000_server a.01.07
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.0
samba samba 2.0.0
sun solaris 2.5.1
sun solaris 9.0
compaq tru64 5.1b_pk1_bl1
sun solaris 8.0
hp hp-ux 10.01
sun sunos -
compaq tru64 5.1a
hp cifs-9000_server a.01.06
compaq tru64 5.1a_pk1_bl1
samba samba 2.2.2
compaq tru64 5.1
samba samba 2.0.3
compaq tru64 4.0f_pk6_bl17
hp cifs-9000_server a.01.09
samba samba 2.0.2
samba samba 2.2.5
compaq tru64 4.0d_pk9_bl17
hp cifs-9000_server a.01.09.02
compaq tru64 5.1a_pk2_bl2
samba samba 2.0.1
compaq tru64 5.0_pk4_bl17
samba samba 2.2.0
CVE-2003-0201 HIGH

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
samba samba 2.2.4
hp hp-ux 10.24
compaq tru64 5.1_pk3_bl17
hp cifs-9000_server a.01.08
hp cifs-9000_server a.01.08.01
hp hp-ux 10.20
hp hp-ux 11.22
compaq tru64 5.1_pk4_bl18
compaq tru64 5.0f
sun solaris 2.6
hp cifs-9000_server a.01.09.01
samba samba 2.2.7
samba samba 2.2.6
hp hp-ux 11.04
samba-tng samba-tng 0.3.1
samba samba 2.0.5
sun solaris 7.0
hp hp-ux 11.11
compaq tru64 4.0g
samba samba 2.0.10
samba samba 2.2.0a
compaq tru64 5.1_pk5_bl19
samba samba 2.2.8
compaq tru64 4.0g_pk3_bl17
samba samba 2.0.8
samba-tng samba-tng 0.3
samba samba 2.0.9
samba samba 2.0.4
samba samba 2.0.7
apple mac_os_x 10.2.2
samba samba 2.2.1a
hp hp-ux 11.20
compaq tru64 5.1b
samba samba 2.2.7a
compaq tru64 5.0a_pk3_bl17
compaq tru64 5.1a_pk3_bl3
hp cifs-9000_server a.01.05
compaq tru64 5.1_pk6_bl20
apple mac_os_x 10.2.4
samba samba 2.0.6
compaq tru64 5.0a
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
samba samba 2.2.3a
apple mac_os_x 10.2
compaq tru64 4.0d
compaq tru64 4.0b
compaq tru64 4.0f
compaq tru64 5.0_pk4_bl18
sun sunos 5.5.1
hp cifs-9000_server a.01.07
apple mac_os_x 10.2.3
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.0
samba samba 2.0.0
sun solaris 2.5.1
sun solaris 9.0
compaq tru64 5.1b_pk1_bl1
sun solaris 8.0
hp hp-ux 10.01
apple mac_os_x 10.2.1
sun sunos -
compaq tru64 5.1a
hp cifs-9000_server a.01.06
compaq tru64 5.1a_pk1_bl1
compaq tru64 5.1
samba samba 2.0.3
compaq tru64 4.0f_pk6_bl17
hp cifs-9000_server a.01.09
samba samba 2.0.2
samba samba 2.2.5
compaq tru64 4.0d_pk9_bl17
hp cifs-9000_server a.01.09.02
compaq tru64 5.1a_pk2_bl2
samba samba 2.0.1
compaq tru64 5.0_pk4_bl17
samba samba 2.2.0
CVE-2003-0412 MEDIUM

Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_application_server 7.0
CVE-2003-0413 MEDIUM

Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_application_server 7.0
CVE-2003-0414 HIGH

The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_application_server 7.0
CVE-2003-0466 HIGH

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-193,

Products Affected

Vendor Product Version
redhat wu_ftpd 2.6.1-16
openbsd openbsd *
sun solaris 9.0
wuftpd wu-ftpd *
freebsd freebsd *
netbsd netbsd *
apple mac_os_x_server 10.2.6
apple mac_os_x 10.2.6
CVE-2003-0609 HIGH

Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-0669 LOW

Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via "a rare race condition" or an attack by local users.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-0676 MEDIUM

Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via "..%2f" (partially encoded dot dot) sequences.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_directory_server 5.0_sp2
sun iplanet_directory_server 5.0
sun iplanet_directory_server 5.1
sun one_directory_server 5.0
sun one_directory_server 5.1
CVE-2003-0694 HIGH

The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sendmail sendmail_switch 2.2.4
compaq tru64 5.1_pk3_bl17
sendmail sendmail 8.11.2
sendmail sendmail 8.8.8
sendmail sendmail 8.9.1
sun solaris 2.6
sendmail sendmail 8.9.2
sgi irix 6.5.18m
compaq tru64 4.0g_pk3_bl17
sendmail sendmail 2.6
sendmail sendmail 8.12.8
sendmail sendmail_switch 2.2.5
gentoo linux 1.4
sendmail sendmail 8.9.3
sendmail sendmail_switch 3.0
freebsd freebsd 3.0
compaq tru64 5.1b
sendmail sendmail 8.11.3
freebsd freebsd 5.0
sendmail sendmail 8.12.3
sendmail sendmail_switch 2.2.1
apple mac_os_x_server 10.2.2
sendmail sendmail_switch 3.0.2
compaq tru64 5.1_pk6_bl20
sendmail sendmail 8.12
sendmail advanced_message_server 1.3
turbolinux turbolinux_workstation 7.0
sendmail advanced_message_server 1.2
sendmail sendmail 8.11.0
sgi irix 6.5.18f
sun solaris 9.0
compaq tru64 5.1b_pk1_bl1
sgi irix 6.5.21m
sendmail sendmail 8.12.9
freebsd freebsd 4.8
netbsd netbsd 1.5.2
sendmail sendmail 3.0
sun sunos -
compaq tru64 5.1a
compaq tru64 5.1a_pk1_bl1
sendmail sendmail 3.0.3
sgi irix 6.5.19f
sendmail sendmail_pro 8.9.2
sendmail sendmail_pro 8.9.3
turbolinux turbolinux_server 8.0
sendmail sendmail 8.12.4
freebsd freebsd 4.0
freebsd freebsd 4.9
turbolinux turbolinux_server 6.5
sendmail sendmail 8.12.2
ibm aix 5.2
compaq tru64 4.0g_pk4_bl22
sendmail sendmail 8.12.6
compaq tru64 5.1a_pk2_bl2
turbolinux turbolinux_server 7.0
apple mac_os_x_server 10.2.4
netbsd netbsd 1.4.3
apple mac_os_x 10.2.5
sgi irix 6.5.20f
sendmail sendmail_switch 2.2.3
netbsd netbsd 1.5.3
apple mac_os_x_server 10.2.6
sgi irix 6.5.15
hp hp-ux 11.0.4
apple mac_os_x_server 10.2
compaq tru64 5.1a_pk5_bl23
sgi irix 6.5.16
sendmail sendmail 3.0.1
netbsd netbsd 1.5.1
sendmail sendmail 2.6.2
compaq tru64 5.1a_pk4_bl21
gentoo linux 0.5
hp hp-ux 11.22
compaq tru64 5.1_pk4_bl18
turbolinux turbolinux_workstation 8.0
freebsd freebsd 4.4
sun solaris 7.0
hp hp-ux 11.11
compaq tru64 4.0g
sendmail sendmail_switch 2.1.2
compaq tru64 5.1_pk5_bl19
sgi irix 6.5.17m
apple mac_os_x_server 10.2.1
freebsd freebsd 4.7
sgi irix 6.5.20m
sendmail sendmail_switch 2.1.3
sgi irix 6.5.17f
freebsd freebsd 4.3
apple mac_os_x 10.2.2
apple mac_os_x_server 10.2.5
sendmail sendmail 8.11.1
freebsd freebsd 4.5
sendmail sendmail 8.11.6
sendmail sendmail_switch 2.1.4
ibm aix 5.1
compaq tru64 5.1a_pk3_bl3
apple mac_os_x 10.2.4
sendmail sendmail 8.10
sendmail sendmail 8.11.4
sendmail sendmail 8.12.7
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
sendmail sendmail_switch 2.2
apple mac_os_x 10.2
netbsd netbsd 1.6.1
apple mac_os_x 10.2.6
compaq tru64 4.0f
apple mac_os_x 10.2.3
compaq tru64 4.0f_pk7_bl18
freebsd freebsd 5.1
sendmail sendmail_switch 3.0.1
compaq tru64 5.1b_pk2_bl22
sendmail sendmail 8.9.0
sendmail sendmail_switch 2.1.5
sendmail sendmail 8.12.5
sun solaris 8.0
sendmail sendmail_switch 2.1.1
apple mac_os_x 10.2.1
compaq tru64 4.0f_pk8_bl22
sendmail sendmail 3.0.2
ibm aix 4.3.3
turbolinux turbolinux_workstation 6.0
compaq tru64 5.1
gentoo linux 1.2
compaq tru64 4.0f_pk6_bl17
sendmail sendmail 8.11.5
gentoo linux 1.1a
sendmail sendmail 8.10.1
sendmail sendmail_switch 2.2.2
netbsd netbsd 1.5
sendmail sendmail_switch 2.1
turbolinux turbolinux_server 6.1
turbolinux turbolinux_advanced_server 6.0
netbsd netbsd 1.6
sendmail sendmail 8.12.0
sendmail sendmail 8.10.2
sgi irix 6.5.21f
apple mac_os_x_server 10.2.3
gentoo linux 0.7
sendmail sendmail_switch 3.0.3
freebsd freebsd 4.6
sendmail sendmail 8.12.1
sgi irix 6.5.19m
sendmail sendmail 2.6.1
CVE-2003-0722 HIGH

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris *
CVE-2003-0896 HIGH

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre *
CVE-2003-0914 MEDIUM

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 5.1_pk3_bl17
compaq tru64 5.1a_pk4_bl21
compaq tru64 5.1_pk4_bl18
ibm aix 5.1l
isc bind 8.3.2
isc bind 8.3.4
freebsd freebsd 4.4
sun solaris 7.0
hp hp-ux 11.11
compaq tru64 4.0g
compaq tru64 5.1_pk5_bl19
netbsd netbsd current
compaq tru64 4.0g_pk3_bl17
freebsd freebsd 4.7
isc bind 8.2.4
compaq tru64 5.1b
nixu namesurfer suite_3.0.1
freebsd freebsd 4.6.2
freebsd freebsd 4.5
isc bind 8.4.1
freebsd freebsd 5.0
isc bind 8.2.5
isc bind 8.2.7
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1_pk6_bl20
nixu namesurfer standard_3.0.1
sun sunos 5.7
hp hp-ux 11.00
sun sunos 5.8
isc bind 8.3.0
netbsd netbsd 1.6.1
compaq tru64 4.0f
compaq tru64 4.0f_pk7_bl18
compaq tru64 5.1b_pk2_bl22
isc bind 8.4
sun solaris 9.0
isc bind 8.3.6
compaq tru64 5.1b_pk1_bl1
sun solaris 8.0
isc bind 8.2.3
freebsd freebsd 4.8
compaq tru64 4.0f_pk8_bl22
compaq tru64 5.1a
compaq tru64 5.1a_pk1_bl1
compaq tru64 5.1
compaq tru64 4.0f_pk6_bl17
isc bind 8.2.6
isc bind 8.3.3
freebsd freebsd 4.9
isc bind 8.3.5
netbsd netbsd 1.6
compaq tru64 4.0g_pk4_bl22
compaq tru64 5.1a_pk2_bl2
freebsd freebsd 4.6
isc bind 8.3.1
sco unixware 7.1.1
compaq tru64 5.1a_pk5_bl23
CVE-2003-0970 MEDIUM

The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sun_fire b1600
CVE-2003-0999 HIGH

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1024 HIGH

Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2003-1055 HIGH

Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2003-1056 HIGH

The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1057 HIGH

Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1058 LOW

The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1059 HIGH

Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun sunos 5.5.1
CVE-2003-1060 MEDIUM

The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2003-1061 LOW

Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1063 HIGH

The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun solaris 2.6
CVE-2003-1065 LOW

Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2003-1066 MEDIUM

Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1067 HIGH

Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1068 HIGH

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1069 MEDIUM

The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1070 MEDIUM

Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1071 LOW

rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2003-1072 LOW

Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2003-1073 LOW

A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
sun sunos 5.5
CVE-2003-1074 HIGH

Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2003-1075 MEDIUM

Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1076 HIGH

Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2003-1077 LOW

Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2003-1078 HIGH

The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1079 MEDIUM

Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 2.5.1
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5.1
CVE-2003-1081 HIGH

Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2003-1082 HIGH

Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2003-1123 HIGH

Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jdk 1.2.2_10
sun jre 1.4.0_01
sun jdk 1.3.0_05
sun jre 1.4
sun jdk 1.3.1_01
sun jre 1.2.2_012
sun jdk 1.3
sun jdk 1.4
sun jdk 1.2.2
sun jre 1.3.0
sun jdk 1.2.2_12
sun jdk 1.3.0_02
sun jre 1.2.2
sun jre 1.3.1
sun jdk 1.3.1_03
sun jdk 1.3.1_01a
sun jdk 1.3.1_04
sun jre 1.3.1_03
sun jdk 1.4.0_01
sun jdk 1.2.2_11
sun jre 1.2.2_003
sun jre 1.2.2_011
CVE-2003-1124 MEDIUM

Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun management+center 3.0_revenue_release
sun management+center 2.1.1
sun management+center 3.0
CVE-2003-1125 MEDIUM

Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_directory_server 5.0
sun one_directory_server 5.1
sun one_directory_server 4.16
CVE-2003-1126 MEDIUM

Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_web_server 6.0
CVE-2003-1134 LOW

Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java 1.4.2
sun java 1.4.1
sun java 1.3.1
CVE-2003-1156 MEDIUM

Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2
sun jdk 1.4.2
sun jdk 1.4.2_02
CVE-2003-1229 HIGH

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-295,

Products Affected

Vendor Product Version
oracle jre *
sun jsse 1.0.3
sun java_web_start *
CVE-2003-1301 MEDIUM

Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2_8
sun jre 1.4.2_5
sun jre 1.4.2_3
sun jre 1.4.2_1
sun jre 1.4.2_9
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.2_6
sun jre 1.4.2_10
sun jre 1.5.0
sun jre 1.4.2_4
sun jre 1.4.2_7
CVE-2003-1516 MEDIUM

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_plug-in 1.4.2_01
CVE-2003-1521 MEDIUM

Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_plug-in 1.4.2
sun java_plug-in 1.4
sun java_plug-in 1.4.2_02
sun java_plug-in 1.4.2_01
CVE-2003-1563 MEDIUM

Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cluster 2.2
sun cluster 3.2
sun cluster 3.0
sun cluster 3.1
CVE-2003-1576 HIGH

Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun change_manager 1.0
CVE-2003-1577 LOW

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun one_web_server 4.1
sun one_web_server 6.0
sun one_web_server *
CVE-2003-1578 MEDIUM

Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_web_server 4.1
sun one_web_server 6.0
sun one_web_server *
CVE-2003-1579 MEDIUM

Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
sun one_web_server 6.0
CVE-2003-1588 LOW

Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
sun cluster 2.2
CVE-2003-1589 MEDIUM

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun one_web_server 4.1
sun one_web_server 6.0
CVE-2003-1590 MEDIUM

Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun one_web_server 6.0
CVE-2004-0079 MEDIUM

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
cisco pix_firewall_software 6.1(5)
4d webstar 5.2.1
openssl openssl 0.9.6d
openssl openssl 0.9.6j
avaya sg203 4.31.29
avaya sg203 4.4
cisco pix_firewall_software 6.1(1)
redhat linux 8.0
4d webstar 4.0
cisco okena_stormwatch 3.2
lite speed_technologies_litespeed_web_server 1.3.1
avaya vsu 7500_r2.0.1
cisco gss_4480_global_site_selector *
cisco pix_firewall_software 6.0(2)
stonesoft stonegate 2.2.4
stonesoft stonebeat_securitycluster 2.5
redhat enterprise_linux_desktop 3.0
cisco pix_firewall 6.2.2_.111
lite speed_technologies_litespeed_web_server 1.3_rc1
avaya sg208 4.4
cisco pix_firewall_software 6.3(3.102)
avaya vsu 5x
cisco threat_response *
avaya s8500 r2.0.0
neoteris instant_virtual_extranet 3.3
cisco pix_firewall_software 6.2
lite speed_technologies_litespeed_web_server 1.2_rc1
cisco access_registrar *
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_fullcluster 3.0
dell bsafe_ssl-j 3.1
cisco webns 6.10_b4
sgi propack 2.3
cisco ios 12.1(11b)e14
sco openserver 5.0.7
avaya s8500 r2.0.1
cisco pix_firewall_software 6.0(4.101)
avaya vsu 5000_r2.0.1
novell edirectory 8.5
tarantella tarantella_enterprise 3.30
vmware gsx_server 3.0_build_7592
redhat enterprise_linux 3.0
cisco pix_firewall_software 6.0
vmware gsx_server 2.5.1_build_5336
lite speed_technologies_litespeed_web_server 1.2.1
freebsd freebsd 4.8
stonesoft stonegate 2.0.9
cisco webns 7.2_0.0.03
novell edirectory 8.7
securecomputing sidewinder 5.2.0.04
stonesoft stonegate 1.6.2
cisco css_secure_content_accelerator 2.0
openssl openssl 0.9.7a
cisco ios 12.1(11b)e12
freebsd freebsd 4.9
4d webstar 5.2.3
cisco css11000_content_services_switch *
avaya s8700 r2.0.0
avaya intuity_audix s3400
stonesoft stonegate_vpn_client 2.0.9
bluecoat proxysg *
redhat openssl 0.9.6b-3
stonesoft stonegate 1.7
4d webstar 5.3
openssl openssl 0.9.6e
stonesoft stonebeat_fullcluster 1_3.0
cisco content_services_switch_11500 *
cisco ios 12.1(19)e1
cisco ios 12.2(14)sy1
cisco webns 7.10
checkpoint vpn-1 vsx_ng_with_application_intelligence
lite speed_technologies_litespeed_web_server 1.0.2
4d webstar 5.2.2
stonesoft servercluster 2.5.2
hp hp-ux 11.11
stonesoft stonegate 2.0.5
avaya sg208 *
neoteris instant_virtual_extranet 3.2
symantec clientless_vpn_gateway_4400 5.0
neoteris instant_virtual_extranet 3.0
stonesoft stonegate 2.2.1
cisco webns 7.1_0.1.02
neoteris instant_virtual_extranet 3.1
avaya converged_communications_server 2.0
checkpoint provider-1 4.1
lite speed_technologies_litespeed_web_server 1.3_rc2
cisco pix_firewall_software 6.0(4)
avaya sg200 4.4
cisco pix_firewall_software 6.0(3)
cisco ios 12.1(13)e9
cisco ios 12.1(11b)e
cisco pix_firewall_software 6.3(1)
hp wbem a.02.00.00
novell edirectory 8.7.1
cisco pix_firewall_software 6.3
lite speed_technologies_litespeed_web_server 1.2_rc2
stonesoft stonebeat_fullcluster 2.5
securecomputing sidewinder 5.2
cisco css_secure_content_accelerator 1.0
avaya vsu 2000_r2.0.1
openssl openssl 0.9.7
cisco ios 12.2za
stonesoft stonegate_vpn_client 1.7
freebsd freebsd 5.2
lite speed_technologies_litespeed_web_server 1.2.2
openssl openssl 0.9.6k
cisco firewall_services_module *
novell edirectory 8.5.27
cisco mds_9000 *
openssl openssl 0.9.6f
openbsd openbsd 3.4
avaya vsu 100_r2.0.1
avaya vsu 10000_r2.0.1
stonesoft stonegate_vpn_client 2.0
cisco call_manager *
cisco gss_4490_global_site_selector *
checkpoint firewall-1 2.0
cisco ios 12.2(14)sy
checkpoint firewall-1 next_generation_fp2
sco openserver 5.0.6
4d webstar 5.2
redhat openssl 0.9.7a-2
stonesoft stonegate 1.7.1
cisco ciscoworks_common_management_foundation 2.1
stonesoft stonegate 1.7.2
stonesoft stonegate 2.0.4
neoteris instant_virtual_extranet 3.3.1
vmware gsx_server 2.0.1_build_2129
avaya sg200 4.31.29
cisco ios 12.1(11)e
checkpoint firewall-1 next_generation_fp1
cisco pix_firewall_software 6.1(2)
checkpoint firewall-1 *
sgi propack 2.4
openssl openssl 0.9.7c
cisco pix_firewall_software 6.2(1)
cisco pix_firewall_software 6.2(3)
stonesoft stonebeat_fullcluster 2.0
vmware gsx_server 2.0
redhat openssl 0.9.6-15
avaya sg5 4.4
stonesoft stonegate_vpn_client 2.0.7
hp hp-ux 11.23
cisco pix_firewall_software 6.2(2)
cisco pix_firewall_software 6.3(3.109)
stonesoft stonegate 2.0.8
tarantella tarantella_enterprise 3.40
cisco pix_firewall_software 6.2(3.100)
openssl openssl 0.9.6c
cisco firewall_services_module 1.1.2
securecomputing sidewinder 5.2.0.02
stonesoft stonegate 2.0.6
securecomputing sidewinder 5.2.1.02
avaya sg5 4.3
novell edirectory 8.5.12a
cisco firewall_services_module 1.1_(3.005)
lite speed_technologies_litespeed_web_server 1.0.1
avaya vsu 500
avaya s8300 r2.0.0
stonesoft stonegate_vpn_client 2.0.8
vmware gsx_server 2.5.1
bluecoat cacheos_ca_sa 4.1.10
stonesoft stonebeat_fullcluster 1_2.0
hp apache-based_web_server 2.0.43.00
stonesoft stonegate_vpn_client 1.7.2
avaya s8300 r2.0.1
stonesoft stonegate 2.2
sun crypto_accelerator_4000 1.0
novell edirectory 8.6.2
checkpoint vpn-1 next_generation_fp2
avaya sg5 4.2
stonesoft stonegate 1.5.17
redhat linux 7.2
stonesoft servercluster 2.5
checkpoint firewall-1 next_generation_fp0
dell bsafe_ssl-j 3.0
lite speed_technologies_litespeed_web_server 1.1
avaya intuity_audix 5.1.46
cisco webns 7.1_0.2.06
hp wbem a.01.05.08
novell imanager 2.0
avaya intuity_audix s3210
checkpoint vpn-1 next_generation_fp0
freebsd freebsd 5.2.1
cisco firewall_services_module 1.1.3
cisco webns 7.10_.0.06s
novell imanager 1.5
4d webstar 5.2.4
avaya vsu 5
avaya s8700 r2.0.1
hp apache-based_web_server 2.0.43.04
lite speed_technologies_litespeed_web_server 1.0.3
sgi propack 3.0
hp wbem a.02.00.01
cisco pix_firewall_software 6.0(1)
checkpoint vpn-1 next_generation_fp1
lite speed_technologies_litespeed_web_server 1.1.1
hp aaa_server *
stonesoft stonegate 1.6.3
stonesoft stonebeat_webcluster 2.0
hp hp-ux 11.00
openssl openssl 0.9.6h
cisco ciscoworks_common_services 2.2
dell bsafe_ssl-j 3.0.1
apple mac_os_x 10.3.3
openssl openssl 0.9.6i
freebsd freebsd 5.1
lite speed_technologies_litespeed_web_server 1.3
cisco pix_firewall_software 6.1(4)
stonesoft stonegate 2.0.1
cisco ios 12.2sy
stonesoft stonegate 1.5.18
avaya intuity_audix *
securecomputing sidewinder 5.2.1
cisco application_and_content_networking_software *
apple mac_os_x_server 10.3.3
4d webstar 5.3.1
securecomputing sidewinder 5.2.0.01
cisco webns 6.10
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6g
cisco firewall_services_module 2.1_(0.208)
novell edirectory 8.0
tarantella tarantella_enterprise 3.20
cisco pix_firewall_software 6.1
redhat linux 7.3
openbsd openbsd 3.3
stonesoft stonegate 2.0.7
cisco secure_content_accelerator 10000
cisco pix_firewall_software 6.1(3)
lite speed_technologies_litespeed_web_server 1.3_rc3
stonesoft stonegate 2.1
openssl openssl 0.9.7b
hp hp-ux 8.05
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.3(2)
CVE-2004-0081 MEDIUM

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
cisco pix_firewall_software 6.1(5)
4d webstar 5.2.1
openssl openssl 0.9.6d
openssl openssl 0.9.6j
avaya sg203 4.31.29
avaya sg203 4.4
cisco pix_firewall_software 6.1(1)
redhat linux 8.0
4d webstar 4.0
cisco okena_stormwatch 3.2
lite speed_technologies_litespeed_web_server 1.3.1
avaya vsu 7500_r2.0.1
cisco gss_4480_global_site_selector *
cisco pix_firewall_software 6.0(2)
stonesoft stonegate 2.2.4
stonesoft stonebeat_securitycluster 2.5
redhat enterprise_linux_desktop 3.0
cisco pix_firewall 6.2.2_.111
lite speed_technologies_litespeed_web_server 1.3_rc1
avaya sg208 4.4
cisco pix_firewall_software 6.3(3.102)
avaya vsu 5x
cisco threat_response *
avaya s8500 r2.0.0
neoteris instant_virtual_extranet 3.3
cisco pix_firewall_software 6.2
lite speed_technologies_litespeed_web_server 1.2_rc1
cisco access_registrar *
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_fullcluster 3.0
dell bsafe_ssl-j 3.1
cisco webns 6.10_b4
sgi propack 2.3
cisco ios 12.1(11b)e14
sco openserver 5.0.7
avaya s8500 r2.0.1
cisco pix_firewall_software 6.0(4.101)
avaya vsu 5000_r2.0.1
novell edirectory 8.5
tarantella tarantella_enterprise 3.30
vmware gsx_server 3.0_build_7592
redhat enterprise_linux 3.0
cisco pix_firewall_software 6.0
vmware gsx_server 2.5.1_build_5336
lite speed_technologies_litespeed_web_server 1.2.1
freebsd freebsd 4.8
stonesoft stonegate 2.0.9
cisco webns 7.2_0.0.03
novell edirectory 8.7
securecomputing sidewinder 5.2.0.04
stonesoft stonegate 1.6.2
cisco css_secure_content_accelerator 2.0
openssl openssl 0.9.7a
cisco ios 12.1(11b)e12
freebsd freebsd 4.9
4d webstar 5.2.3
cisco css11000_content_services_switch *
avaya s8700 r2.0.0
avaya intuity_audix s3400
stonesoft stonegate_vpn_client 2.0.9
bluecoat proxysg *
redhat openssl 0.9.6b-3
stonesoft stonegate 1.7
4d webstar 5.3
openssl openssl 0.9.6e
stonesoft stonebeat_fullcluster 1_3.0
cisco content_services_switch_11500 *
cisco ios 12.1(19)e1
cisco ios 12.2(14)sy1
cisco webns 7.10
checkpoint vpn-1 vsx_ng_with_application_intelligence
lite speed_technologies_litespeed_web_server 1.0.2
4d webstar 5.2.2
stonesoft servercluster 2.5.2
hp hp-ux 11.11
stonesoft stonegate 2.0.5
avaya sg208 *
neoteris instant_virtual_extranet 3.2
symantec clientless_vpn_gateway_4400 5.0
neoteris instant_virtual_extranet 3.0
stonesoft stonegate 2.2.1
cisco webns 7.1_0.1.02
neoteris instant_virtual_extranet 3.1
avaya converged_communications_server 2.0
checkpoint provider-1 4.1
lite speed_technologies_litespeed_web_server 1.3_rc2
cisco pix_firewall_software 6.0(4)
avaya sg200 4.4
cisco pix_firewall_software 6.0(3)
cisco ios 12.1(13)e9
cisco ios 12.1(11b)e
cisco pix_firewall_software 6.3(1)
hp wbem a.02.00.00
novell edirectory 8.7.1
cisco pix_firewall_software 6.3
lite speed_technologies_litespeed_web_server 1.2_rc2
stonesoft stonebeat_fullcluster 2.5
securecomputing sidewinder 5.2
cisco css_secure_content_accelerator 1.0
avaya vsu 2000_r2.0.1
openssl openssl 0.9.7
cisco ios 12.2za
stonesoft stonegate_vpn_client 1.7
freebsd freebsd 5.2
lite speed_technologies_litespeed_web_server 1.2.2
openssl openssl 0.9.6k
cisco firewall_services_module *
novell edirectory 8.5.27
cisco mds_9000 *
openssl openssl 0.9.6f
openbsd openbsd 3.4
avaya vsu 100_r2.0.1
avaya vsu 10000_r2.0.1
stonesoft stonegate_vpn_client 2.0
cisco call_manager *
cisco gss_4490_global_site_selector *
checkpoint firewall-1 2.0
cisco ios 12.2(14)sy
checkpoint firewall-1 next_generation_fp2
sco openserver 5.0.6
4d webstar 5.2
redhat openssl 0.9.7a-2
stonesoft stonegate 1.7.1
cisco ciscoworks_common_management_foundation 2.1
stonesoft stonegate 1.7.2
stonesoft stonegate 2.0.4
neoteris instant_virtual_extranet 3.3.1
vmware gsx_server 2.0.1_build_2129
avaya sg200 4.31.29
cisco ios 12.1(11)e
checkpoint firewall-1 next_generation_fp1
cisco pix_firewall_software 6.1(2)
checkpoint firewall-1 *
sgi propack 2.4
openssl openssl 0.9.7c
cisco pix_firewall_software 6.2(1)
cisco pix_firewall_software 6.2(3)
stonesoft stonebeat_fullcluster 2.0
vmware gsx_server 2.0
redhat openssl 0.9.6-15
avaya sg5 4.4
stonesoft stonegate_vpn_client 2.0.7
hp hp-ux 11.23
cisco pix_firewall_software 6.2(2)
cisco pix_firewall_software 6.3(3.109)
stonesoft stonegate 2.0.8
tarantella tarantella_enterprise 3.40
cisco pix_firewall_software 6.2(3.100)
openssl openssl 0.9.6c
cisco firewall_services_module 1.1.2
securecomputing sidewinder 5.2.0.02
stonesoft stonegate 2.0.6
securecomputing sidewinder 5.2.1.02
avaya sg5 4.3
novell edirectory 8.5.12a
cisco firewall_services_module 1.1_(3.005)
lite speed_technologies_litespeed_web_server 1.0.1
avaya vsu 500
avaya s8300 r2.0.0
stonesoft stonegate_vpn_client 2.0.8
vmware gsx_server 2.5.1
bluecoat cacheos_ca_sa 4.1.10
stonesoft stonebeat_fullcluster 1_2.0
hp apache-based_web_server 2.0.43.00
stonesoft stonegate_vpn_client 1.7.2
avaya s8300 r2.0.1
stonesoft stonegate 2.2
sun crypto_accelerator_4000 1.0
novell edirectory 8.6.2
avaya sg5 4.2
stonesoft stonegate 1.5.17
redhat linux 7.2
stonesoft servercluster 2.5
checkpoint firewall-1 next_generation_fp0
dell bsafe_ssl-j 3.0
lite speed_technologies_litespeed_web_server 1.1
avaya intuity_audix 5.1.46
cisco webns 7.1_0.2.06
hp wbem a.01.05.08
novell imanager 2.0
avaya intuity_audix s3210
checkpoint vpn-1 next_generation_fp0
freebsd freebsd 5.2.1
cisco firewall_services_module 1.1.3
cisco webns 7.10_.0.06s
novell imanager 1.5
4d webstar 5.2.4
avaya vsu 5
avaya s8700 r2.0.1
hp apache-based_web_server 2.0.43.04
lite speed_technologies_litespeed_web_server 1.0.3
sgi propack 3.0
hp wbem a.02.00.01
cisco pix_firewall_software 6.0(1)
checkpoint vpn-1 next_generation_fp1
lite speed_technologies_litespeed_web_server 1.1.1
hp aaa_server *
stonesoft stonegate 1.6.3
stonesoft stonebeat_webcluster 2.0
hp hp-ux 11.00
openssl openssl 0.9.6h
cisco ciscoworks_common_services 2.2
dell bsafe_ssl-j 3.0.1
apple mac_os_x 10.3.3
openssl openssl 0.9.6i
freebsd freebsd 5.1
lite speed_technologies_litespeed_web_server 1.3
cisco pix_firewall_software 6.1(4)
stonesoft stonegate 2.0.1
cisco ios 12.2sy
stonesoft stonegate 1.5.18
avaya intuity_audix *
securecomputing sidewinder 5.2.1
checkpoint vpn-1 next_generation
cisco application_and_content_networking_software *
apple mac_os_x_server 10.3.3
4d webstar 5.3.1
securecomputing sidewinder 5.2.0.01
cisco webns 6.10
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6g
cisco firewall_services_module 2.1_(0.208)
novell edirectory 8.0
tarantella tarantella_enterprise 3.20
cisco pix_firewall_software 6.1
redhat linux 7.3
openbsd openbsd 3.3
stonesoft stonegate 2.0.7
cisco secure_content_accelerator 10000
cisco pix_firewall_software 6.1(3)
lite speed_technologies_litespeed_web_server 1.3_rc3
stonesoft stonegate 2.1
openssl openssl 0.9.7b
hp hp-ux 8.05
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.3(2)
CVE-2004-0112 MEDIUM

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
cisco pix_firewall_software 6.1(5)
4d webstar 5.2.1
openssl openssl 0.9.6d
forcepoint stonegate 2.1
openssl openssl 0.9.6j
avaya sg203 4.31.29
avaya sg203 4.4
forcepoint stonegate 2.0.6
cisco pix_firewall_software 6.1(1)
redhat linux 8.0
4d webstar 4.0
cisco okena_stormwatch 3.2
avaya vsu 7500_r2.0.1
cisco gss_4480_global_site_selector *
cisco pix_firewall_software 6.0(2)
stonesoft stonebeat_securitycluster 2.5
redhat enterprise_linux_desktop 3.0
cisco pix_firewall 6.2.2_.111
avaya sg208 4.4
cisco pix_firewall_software 6.3(3.102)
avaya vsu 5x
cisco threat_response *
avaya s8500 r2.0.0
neoteris instant_virtual_extranet 3.3
cisco pix_firewall_software 6.2
forcepoint stonegate 2.2.1
cisco access_registrar *
securecomputing sidewinder 5.2.0.03
stonesoft stonebeat_webcluster 2.5
stonesoft stonebeat_fullcluster 3.0
dell bsafe_ssl-j 3.1
cisco webns 6.10_b4
forcepoint stonegate 1.5.17
forcepoint stonegate 1.6.2
sgi propack 2.3
cisco ios 12.1(11b)e14
sco openserver 5.0.7
avaya s8500 r2.0.1
cisco pix_firewall_software 6.0(4.101)
avaya vsu 5000_r2.0.1
novell edirectory 8.5
tarantella tarantella_enterprise 3.30
vmware gsx_server 3.0_build_7592
redhat enterprise_linux 3.0
cisco pix_firewall_software 6.0
vmware gsx_server 2.5.1_build_5336
freebsd freebsd 4.8
litespeedtech litespeed_web_server 1.0.1
cisco webns 7.2_0.0.03
novell edirectory 8.7
securecomputing sidewinder 5.2.0.04
cisco css_secure_content_accelerator 2.0
openssl openssl 0.9.7a
cisco ios 12.1(11b)e12
freebsd freebsd 4.9
forcepoint stonegate 1.6.3
4d webstar 5.2.3
cisco css11000_content_services_switch *
avaya s8700 r2.0.0
avaya intuity_audix s3400
bluecoat proxysg *
redhat openssl 0.9.6b-3
4d webstar 5.3
openssl openssl 0.9.6e
stonesoft stonebeat_fullcluster 1_3.0
cisco content_services_switch_11500 *
cisco ios 12.1(19)e1
cisco ios 12.2(14)sy1
forcepoint stonegate 2.0.4
forcepoint stonegate 2.2.4
cisco webns 7.10
checkpoint vpn-1 vsx_ng_with_application_intelligence
4d webstar 5.2.2
stonesoft servercluster 2.5.2
hp hp-ux 11.11
avaya sg208 *
neoteris instant_virtual_extranet 3.2
symantec clientless_vpn_gateway_4400 5.0
neoteris instant_virtual_extranet 3.0
cisco webns 7.1_0.1.02
neoteris instant_virtual_extranet 3.1
avaya converged_communications_server 2.0
checkpoint provider-1 4.1
cisco pix_firewall_software 6.0(4)
avaya sg200 4.4
cisco pix_firewall_software 6.0(3)
cisco ios 12.1(13)e9
cisco ios 12.1(11b)e
cisco pix_firewall_software 6.3(1)
forcepoint stonegate 2.2
hp wbem a.02.00.00
novell edirectory 8.7.1
cisco pix_firewall_software 6.3
stonesoft stonebeat_fullcluster 2.5
securecomputing sidewinder 5.2
cisco css_secure_content_accelerator 1.0
avaya vsu 2000_r2.0.1
openssl openssl 0.9.7
cisco ios 12.2za
forcepoint stonegate 2.0.1
freebsd freebsd 5.2
openssl openssl 0.9.6k
cisco firewall_services_module *
novell edirectory 8.5.27
cisco mds_9000 *
openssl openssl 0.9.6f
openbsd openbsd 3.4
avaya vsu 100_r2.0.1
avaya vsu 10000_r2.0.1
cisco call_manager *
cisco gss_4490_global_site_selector *
checkpoint firewall-1 2.0
cisco ios 12.2(14)sy
checkpoint firewall-1 next_generation_fp2
sco openserver 5.0.6
4d webstar 5.2
redhat openssl 0.9.7a-2
cisco ciscoworks_common_management_foundation 2.1
neoteris instant_virtual_extranet 3.3.1
forcepoint stonegate 1.7.2
vmware gsx_server 2.0.1_build_2129
avaya sg200 4.31.29
forcepoint stonegate 1.7
cisco ios 12.1(11)e
checkpoint firewall-1 next_generation_fp1
cisco pix_firewall_software 6.1(2)
checkpoint firewall-1 *
sgi propack 2.4
openssl openssl 0.9.7c
cisco pix_firewall_software 6.2(1)
cisco pix_firewall_software 6.2(3)
stonesoft stonebeat_fullcluster 2.0
vmware gsx_server 2.0
redhat openssl 0.9.6-15
avaya sg5 4.4
hp hp-ux 11.23
cisco pix_firewall_software 6.2(2)
cisco pix_firewall_software 6.3(3.109)
tarantella tarantella_enterprise 3.40
cisco pix_firewall_software 6.2(3.100)
openssl openssl 0.9.6c
cisco firewall_services_module 1.1.2
securecomputing sidewinder 5.2.0.02
securecomputing sidewinder 5.2.1.02
avaya sg5 4.3
novell edirectory 8.5.12a
cisco firewall_services_module 1.1_(3.005)
avaya vsu 500
avaya s8300 r2.0.0
vmware gsx_server 2.5.1
bluecoat cacheos_ca_sa 4.1.10
stonesoft stonebeat_fullcluster 1_2.0
hp apache-based_web_server 2.0.43.00
avaya s8300 r2.0.1
sun crypto_accelerator_4000 1.0
novell edirectory 8.6.2
checkpoint vpn-1 next_generation_fp2
avaya sg5 4.2
redhat linux 7.2
stonesoft servercluster 2.5
checkpoint firewall-1 next_generation_fp0
dell bsafe_ssl-j 3.0
avaya intuity_audix 5.1.46
cisco webns 7.1_0.2.06
hp wbem a.01.05.08
novell imanager 2.0
avaya intuity_audix s3210
checkpoint vpn-1 next_generation_fp0
freebsd freebsd 5.2.1
cisco firewall_services_module 1.1.3
forcepoint stonegate 2.0.5
forcepoint stonegate 2.0.9
cisco webns 7.10_.0.06s
novell imanager 1.5
forcepoint stonegate 1.7.1
4d webstar 5.2.4
avaya vsu 5
forcepoint stonegate 1.5.18
avaya s8700 r2.0.1
hp apache-based_web_server 2.0.43.04
sgi propack 3.0
hp wbem a.02.00.01
cisco pix_firewall_software 6.0(1)
checkpoint vpn-1 next_generation_fp1
hp aaa_server *
stonesoft stonebeat_webcluster 2.0
hp hp-ux 11.00
openssl openssl 0.9.6h
cisco ciscoworks_common_services 2.2
dell bsafe_ssl-j 3.0.1
apple mac_os_x 10.3.3
openssl openssl 0.9.6i
forcepoint stonegate 2.0.7
freebsd freebsd 5.1
cisco pix_firewall_software 6.1(4)
cisco ios 12.2sy
avaya intuity_audix *
securecomputing sidewinder 5.2.1
cisco application_and_content_networking_software *
apple mac_os_x_server 10.3.3
4d webstar 5.3.1
securecomputing sidewinder 5.2.0.01
cisco webns 6.10
stonesoft stonebeat_securitycluster 2.0
openssl openssl 0.9.6g
cisco firewall_services_module 2.1_(0.208)
novell edirectory 8.0
tarantella tarantella_enterprise 3.20
forcepoint stonegate 2.0.8
cisco pix_firewall_software 6.1
redhat linux 7.3
openbsd openbsd 3.3
cisco secure_content_accelerator 10000
cisco pix_firewall_software 6.1(3)
openssl openssl 0.9.7b
hp hp-ux 8.05
bluecoat cacheos_ca_sa 4.1.12
cisco pix_firewall_software 6.3(2)
CVE-2004-0360 HIGH

Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2004-0481 LOW

The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2004-0496 HIGH

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.6.0
mandrakesoft mandrake_linux 9.1
sun solaris 9.0
suse suse_email_server 3
mandrakesoft mandrake_linux 10.0
suse suse_linux 7
suse suse_linux_office_server *
sun sunos 5.9
suse suse_linux_database_server *
suse suse_email_server 3.1
mandrakesoft mandrake_multi_network_firewall 8.2
mandrakesoft mandrake_linux_corporate_server 2.1
sun sunos 5.8
suse suse_linux 8
mandrakesoft mandrake_linux 9.2
gentoo linux *
suse suse_linux_firewall *
suse suse_linux_connectivity_server *
CVE-2004-0523 HIGH

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mit kerberos_5 1.2
mit kerberos_5 1.2.5
mit kerberos 1.0
mit kerberos_5 1.2.4
sun seam 1.0
sun solaris 9.0
sgi propack 2.4
mit kerberos_5 1.3
sun solaris 8.0
mit kerberos_5 1.0.6
mit kerberos_5 1.2.7
sun seam 1.0.2
tinysofa tinysofa_enterprise_server 1.0
sgi propack 3.0
mit kerberos_5 1.2.1
mit kerberos 1.0.8
mit kerberos_5 1.0
mit kerberos 1.2.2.beta1
mit kerberos_5 1.2.3
tinysofa tinysofa_enterprise_server 1.0_u1
sun seam 1.0.1
mit kerberos_5 1.2.6
mit kerberos_5 1.1
sun sunos 5.8
mit kerberos_5 1.2.2
mit kerberos_5 1.3.3
mit kerberos_5 1.1.1
CVE-2004-0651 MEDIUM

Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2
sun jre 1.4.2_3
sun sdk 1.4.2
sun sdk 1.4.2_03
CVE-2004-0653 LOW

Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2004-0654 LOW

Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2004-0701 MEDIUM

Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun ray_server_software 1.3
sun ray_server_software 2.0
CVE-2004-0742 HIGH

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_calendar_server 6.2
CVE-2004-0780 HIGH

Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2004-0790 MEDIUM

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
microsoft windows_98 *
microsoft windows_98se *
microsoft windows_xp *
sun solaris 9.0
sun sunos 5.7
microsoft windows_2000 *
sun sunos 5.8
microsoft windows_me *
sun solaris 10.0
microsoft windows_2003_server r2
CVE-2004-0791 MEDIUM

Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 10.0
CVE-2004-0800 MEDIUM

Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
avaya call_management_system_server 9.0
avaya call_management_system_server 12.0
sun dtmail *
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
avaya call_management_system_server 11.0
CVE-2004-0801 HIGH

Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
conectiva linux 10.0
trustix secure_linux 2.0
sun java_desktop_system 2.0
linuxprinting.org foomatic-filters 3.0.2
linuxprinting.org foomatic-filters 3.0
linuxprinting.org foomatic-filters 3.0.1
trustix secure_linux 2.1
sun java_desktop_system 2003
conectiva linux 9.0
linuxprinting.org foomatic-filters 3.1
CVE-2004-0802 MEDIUM

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.4
suse suse_linux 9.0
enlightenment imlib2 1.0
enlightenment imlib2 1.0.1
mandrakesoft mandrake_linux 10.0
suse suse_linux 8.0
enlightenment imlib 1.9.10
suse suse_linux 8.1
turbolinux turbolinux_workstation 8.0
enlightenment imlib 1.9.14
redhat fedora_core core_1.0
suse suse_linux 9.1
enlightenment imlib 1.9.13
redhat enterprise_linux 2.1
enlightenment imlib 1.9.8
imagemagick imagemagick 5.4.3
enlightenment imlib 1.9.2
redhat enterprise_linux_desktop 3.0
enlightenment imlib 1.9.9
conectiva linux 9.0
enlightenment imlib 1.9
imagemagick imagemagick 6.0.2
enlightenment imlib 1.9.11
imagemagick imagemagick 5.5.7
imagemagick imagemagick 5.4.8.2.1.1.0
redhat linux_advanced_workstation 2.1
imagemagick imagemagick 5.4.7
enlightenment imlib 1.9.6
suse suse_linux 8.2
suse suse_linux 9.2
enlightenment imlib2 1.0.3
imagemagick imagemagick 5.4.4.5
enlightenment imlib 1.9.7
mandrakesoft mandrake_linux 9.2
enlightenment imlib 1.9.12
turbolinux turbolinux_workstation 7.0
conectiva linux 10.0
enlightenment imlib2 1.0.4
redhat enterprise_linux 3.0
enlightenment imlib 1.9.3
imagemagick imagemagick 5.3.3
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.5
enlightenment imlib2 1.0.5
sun java_desktop_system 2.0
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux_server 8.0
imagemagick imagemagick 5.4.8
enlightenment imlib 1.9.1
sun java_desktop_system 2003
imagemagick imagemagick 5.5.3.2.1.2.0
enlightenment imlib2 1.0.2
enlightenment imlib2 1.1
enlightenment imlib2 1.1.1
turbolinux turbolinux_server 7.0
redhat fedora_core core_3.0
imagemagick imagemagick 5.5.6.0_2003-04-09
CVE-2004-0817 HIGH

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.4
suse suse_linux 9.0
enlightenment imlib2 1.0
enlightenment imlib2 1.0.1
mandrakesoft mandrake_linux 10.0
suse suse_linux 8.0
enlightenment imlib 1.9.10
suse suse_linux 8.1
turbolinux turbolinux_workstation 8.0
enlightenment imlib 1.9.14
redhat fedora_core core_1.0
suse suse_linux 9.1
enlightenment imlib 1.9.13
redhat enterprise_linux 2.1
enlightenment imlib 1.9.8
imagemagick imagemagick 5.4.3
enlightenment imlib 1.9.2
redhat enterprise_linux_desktop 3.0
enlightenment imlib 1.9.9
conectiva linux 9.0
enlightenment imlib 1.9
imagemagick imagemagick 6.0.2
enlightenment imlib 1.9.11
imagemagick imagemagick 5.5.7
imagemagick imagemagick 5.4.8.2.1.1.0
redhat linux_advanced_workstation 2.1
imagemagick imagemagick 5.4.7
enlightenment imlib 1.9.6
suse suse_linux 8.2
suse suse_linux 9.2
enlightenment imlib2 1.0.3
imagemagick imagemagick 5.4.4.5
enlightenment imlib 1.9.7
mandrakesoft mandrake_linux 9.2
enlightenment imlib 1.9.12
turbolinux turbolinux_workstation 7.0
conectiva linux 10.0
enlightenment imlib2 1.0.4
redhat enterprise_linux 3.0
enlightenment imlib 1.9.3
imagemagick imagemagick 5.3.3
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.5
enlightenment imlib2 1.0.5
sun java_desktop_system 2.0
mandrakesoft mandrake_linux_corporate_server 2.1
turbolinux turbolinux_desktop 10.0
turbolinux turbolinux_server 8.0
imagemagick imagemagick 5.4.8
enlightenment imlib 1.9.1
sun java_desktop_system 2003
imagemagick imagemagick 5.5.3.2.1.2.0
enlightenment imlib2 1.0.2
enlightenment imlib2 1.1
enlightenment imlib2 1.1.1
turbolinux turbolinux_server 7.0
redhat fedora_core core_3.0
imagemagick imagemagick 5.5.6.0_2003-04-09
CVE-2004-0826 HIGH

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mozilla network_security_services 3.2
netscape enterprise_server 3.0
mozilla network_security_services 3.4.2
hp hp-ux 11.11
netscape enterprise_server 2.0.1c
mozilla network_security_services 3.7
netscape enterprise_server 3.6
hp hp-ux 11.23
mozilla network_security_services 3.3.2
sun java_system_application_server 7.0
netscape enterprise_server 3.0.1
netscape directory_server 3.1
netscape enterprise_server 3.0.7a
mozilla network_security_services 3.4
netscape certificate_server 1.0
mozilla network_security_services 3.7.2
mozilla network_security_services 3.8
sun java_enterprise_system 2004q2
sun one_web_server 6.0
hp hp-ux 11.00
netscape enterprise_server 3.5.1
netscape directory_server 3.12
netscape enterprise_server 4.0
mozilla network_security_services 3.9
sun one_web_server 6.1
sun java_system_application_server 7.1
mozilla network_security_services 3.6.1
mozilla network_security_services 3.3
mozilla network_security_services 3.3.1
mozilla network_security_services 3.7.3
mozilla network_security_services 3.7.5
netscape directory_server 1.3
mozilla network_security_services 3.5
sun one_web_server 4.1
mozilla network_security_services 3.4.1
netscape enterprise_server 3.3
netscape enterprise_server 4.1
netscape enterprise_server 2.0a
netscape enterprise_server 3.4
netscape directory_server 4.11
mozilla network_security_services 3.6
mozilla network_security_services 3.7.1
netscape certificate_server 4.2
netscape enterprise_server 3.2
netscape enterprise_server 3.0l
netscape personalization_engine *
netscape enterprise_server 4.1.1
netscape directory_server 4.1
netscape directory_server 4.13
netscape enterprise_server 5.0
mozilla network_security_services 3.7.7
netscape enterprise_server 3.5
sun one_application_server 6.0
netscape enterprise_server 3.0.1b
netscape enterprise_server 2.0
sun java_enterprise_system 2003q4
netscape enterprise_server 3.1
mozilla network_security_services 3.2.1
CVE-2004-0827 HIGH

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.4
suse suse_linux 9.0
enlightenment imlib2 1.0
enlightenment imlib2 1.0.1
mandrakesoft mandrake_linux 10.0
suse suse_linux 8.0
enlightenment imlib 1.9.10
suse suse_linux 8.1
enlightenment imlib 1.9.14
redhat fedora_core core_1.0
suse suse_linux 9.1
enlightenment imlib 1.9.13
redhat enterprise_linux 2.1
enlightenment imlib 1.9.8
imagemagick imagemagick 5.4.3
enlightenment imlib 1.9.2
redhat enterprise_linux_desktop 3.0
enlightenment imlib 1.9.9
conectiva linux 9.0
turbolinux turbolinux workstation_7.0
turbolinux turbolinux desktop_10.0
enlightenment imlib 1.9
imagemagick imagemagick 6.0.2
enlightenment imlib 1.9.11
imagemagick imagemagick 5.5.7
imagemagick imagemagick 5.4.8.2.1.1.0
redhat linux_advanced_workstation 2.1
turbolinux turbolinux server_8.0
imagemagick imagemagick 5.4.7
enlightenment imlib 1.9.6
suse suse_linux 8.2
suse suse_linux 9.2
turbolinux turbolinux server_7.0
enlightenment imlib2 1.0.3
imagemagick imagemagick 5.4.4.5
enlightenment imlib 1.9.7
mandrakesoft mandrake_linux 9.2
enlightenment imlib 1.9.12
conectiva linux 10.0
enlightenment imlib2 1.0.4
redhat enterprise_linux 3.0
enlightenment imlib 1.9.3
imagemagick imagemagick 5.3.3
redhat fedora_core core_2.0
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.5
enlightenment imlib2 1.0.5
sun java_desktop_system 2.0
mandrakesoft mandrake_linux_corporate_server 2.1
imagemagick imagemagick 5.4.8
enlightenment imlib 1.9.1
sun java_desktop_system 2003
imagemagick imagemagick 5.5.3.2.1.2.0
enlightenment imlib2 1.0.2
enlightenment imlib2 1.1
enlightenment imlib2 1.1.1
redhat fedora_core core_3.0
imagemagick imagemagick 5.5.6.0_2003-04-09
turbolinux turbolinux workstation_8.0
CVE-2004-1029 HIGH

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun jdk 1.4.2_01
sun jdk 1.4.2_05
hp hp-ux 11.22
sun jdk 1.3.1_01
hp hp-ux 11.11
sun jre 1.3.0
sun jdk 1.3.1_06
sun jre 1.4.0_03
hp hp-ux 11.23
gentoo linux *
sun jre 1.3.1_07
symantec gateway_security_5400 2.0.1
sun jre 1.4.1_01
sun jdk 1.3.1_02
sun jdk 1.4.1_02
sun jre 1.4
sun jre 1.4.1_02
sun jre 1.4.1_07
sun jdk 1.3.1_05
sun jre 1.4.2
hp java_sdk-rte 1.4
sun jre 1.3.1
sun jdk 1.3.1_01a
sun jdk 1.3.1_04
hp hp-ux 11.00
sun jre 1.3.1_09
hp java_sdk-rte 1.3
symantec gateway_security_5400 2.0
conectiva linux 10.0
sun jdk 1.4.1
sun jdk 1.4.1_01
sun jdk 1.4.2
symantec enterprise_firewall 8.0
sun jdk 1.4.2_04
sun jdk 1.4
sun jre 1.4.0_02
sun jre 1.4.1
sun jre 1.3.1_05
sun jdk 1.3.1_03
sun jre 1.3.1_03
sun jdk 1.4.0_01
sun jdk 1.4.1_03
sun jdk 1.4.0_02
sun jdk 1.4.2_03
sun jre 1.4.0_01
sun jre 1.4.0_04
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jdk 1.4.0_03
sun jre 1.3.1_02
sun jdk 1.4.0_4
sun jdk 1.4.2_02
CVE-2004-1082 HIGH

mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apache http_server 1.3.22
openbsd openbsd current
hp virtualvault 4.6
sun solaris 9.0
avaya communication_manager 2.0
hp virtualvault 4.7
apache http_server 1.3.1
avaya communication_manager 2.0.1
sun solaris 8.0
apache http_server 1.3.12
hp virtualvault 4.5
openbsd openbsd 3.5
apache http_server 1.3.3
ibm http_server 1.3.19
openbsd openbsd 3.4
apache http_server 1.3.9
avaya mn100 *
apache http_server 1.3.18
apache http_server 1.3.20
apache http_server 1.3.28
avaya modular_messaging_message_storage_server 1.1
apache http_server 1.3.19
avaya modular_messaging_message_storage_server 2.0
avaya network_routing *
apache http_server 1.3.29
sco openserver 5.0.6
apache http_server 1.3.23
apache http_server 1.3.25
apache http_server 1.3.14
apache http_server 1.3.6
apache http_server 1.3
avaya intuity_audix_lx *
apache http_server 1.3.7
avaya communication_manager 1.1
apache http_server 1.3.26
apple apache_mod_digest_apple *
apache http_server 1.3.17
sun sunos 5.8
apache http_server 1.3.11
sco openserver 5.0.7
hp webproxy a.02.10
apache http_server 1.3.27
avaya communication_manager 1.3.1
hp webproxy a.02.00
apache http_server 1.3.4
apache http_server 1.3.24
CVE-2004-1170 HIGH

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.0
suse suse_linux 8.2
sun java_desktop_system 2.0
suse suse_linux 8
gnu a2ps 4.13
suse suse_linux 8.1
suse suse_linux 9.1
sun java_desktop_system 2003
gnu a2ps 4.13b
CVE-2004-1180 MEDIUM

Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.9
sun solaris *
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux 10.0
debian debian_linux 3.0
mandrakesoft mandrake_linux 10.1
CVE-2004-1307 HIGH

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
apple mac_os_x_server 10.3
apple mac_os_x_server 10.3.7
sco unixware 7.1.4
apple mac_os_x_server 10.3.1
mandrakesoft mandrake_linux 10.0
libtiff libtiff 3.4
libtiff libtiff 3.5.4
libtiff libtiff 3.7.0
sun solaris 7.0
avaya interactive_response 1.2.1
f5 icontrol_service_manager 1.3
apple mac_os_x 10.3
libtiff libtiff 3.5.3
gentoo linux *
avaya mn100 *
sgi propack 3.0
sun solaris 10.0
conectiva linux 9.0
f5 icontrol_service_manager 1.3.5
avaya integrated_management *
avaya call_management_system_server 9.0
avaya interactive_response 1.3
apple mac_os_x 10.3.5
libtiff libtiff 3.5.7
avaya intuity_audix_lx *
avaya interactive_response *
mandrakesoft mandrake_linux_corporate_server 3.0
sun sunos 5.7
sun sunos 5.8
apple mac_os_x 10.3.6
libtiff libtiff 3.6.1
apple mac_os_x_server 10.3.9
apple mac_os_x 10.3.3
conectiva linux 10.0
libtiff libtiff 3.5.1
libtiff libtiff 3.5.2
avaya call_management_system_server 12.0
sun solaris 9.0
apple mac_os_x 10.3.1
apple mac_os_x_server 10.3.8
sun solaris 8.0
apple mac_os_x 10.3.8
apple mac_os_x 10.3.7
libtiff libtiff 3.6.0
f5 icontrol_service_manager 1.3.4
apple mac_os_x_server 10.3.3
apple mac_os_x_server 10.3.5
avaya call_management_system_server 11.0
avaya call_management_system_server 8.0
f5 icontrol_service_manager 1.3.6
avaya modular_messaging_message_storage_server 1.1
avaya modular_messaging_message_storage_server 2.0
apple mac_os_x_server 10.3.4
mandrakesoft mandrake_linux 10.1
libtiff libtiff 3.5.5
avaya call_management_system_server 13.0
apple mac_os_x_server 10.3.2
apple mac_os_x 10.3.4
apple mac_os_x 10.3.9
apple mac_os_x_server 10.3.6
avaya cvlan *
apple mac_os_x 10.3.2
CVE-2004-1345 HIGH

Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun enterprise_storage_manager 2.1
sun storedge_3510_fc_array *
sun storedge_3310_scsi_array *
CVE-2004-1346 LOW

The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users to cause a denial of service (kernel panic) via a malformed probe request to the SVM.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2004-1348 MEDIUM

Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.8
sun solaris 8.0
CVE-2004-1350 HIGH

Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_proxy_server 3.6
CVE-2004-1351 HIGH

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2004-1352 HIGH

Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2004-1353 HIGH

Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2004-1354 MEDIUM

The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2004-1355 LOW

Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.9
sun solaris *
CVE-2004-1356 LOW

Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2004-1357 MEDIUM

The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2004-1358 MEDIUM

The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2004-1359 MEDIUM

Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2004-1393 MEDIUM

Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
CVE-2004-1394 MEDIUM

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-2004-1503 MEDIUM

Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2
sun jre 1.5.0
CVE-2004-1767 HIGH

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2004-1815 MEDIUM

Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
macromedia jrun 4.0_build_61650
sun one_application_server 7.0
macromedia coldfusion 6.1
macromedia coldfusion 6.0
macromedia jrun 4.0
CVE-2004-1942 HIGH

The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun patch_manager 113579-04
sun patch_manager 114342-05
sun patch_manager 113579-02
sun patch_manager 113579-05
sun patch_manager 114342-03
sun patch_manager 114342-04
sun patch_manager 113579-03
sun patch_manager 114342-02
CVE-2004-2216 MEDIUM

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_application_server 7.0
sun java_system_web_server 6.0
sun java_system_web_server 6.1
CVE-2004-2306 MEDIUM

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2004-2393 HIGH

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jsse 1.0.3_02
sun jsse 1.0.3
sun jsse 1.0.3_01
CVE-2004-2540 MEDIUM

readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jdk 1.4.1
sun jdk 1.4.1_01
sun jdk 1.4.2
sun jdk 1.4.2_01
sun jdk 1.4.2_05
sun jdk 1.4.2_04
sun jdk 1.4
sun jre 1.4.0_02
sun jre 1.4.1
sun jre 1.4.0_03
sun jdk 1.4.0_01
sun jdk 1.4.1_03
sun jdk 1.4.0_02
sun jdk 1.4.2_03
sun jre 1.4.1_01
sun jre 1.4.0_01
sun jdk 1.4.1_02
sun jre 1.4
sun jre 1.4.0_04
sun jre 1.4.1_02
sun jre 1.4.1_07
sun jre 1.4.2
sun jdk 1.4.0_03
sun jdk 1.4.0_4
sun jdk 1.4.2_02
CVE-2004-2641 MEDIUM

Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sun_fire 4810
sun sun_fire 4800
sun sun_fire 3800
sun sun_fire 6800
sun sun_fire v1280
sun netra_1280 *
CVE-2004-2686 HIGH

Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sun sunos 5.9
sun solaris 7.0
sun sunos -
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 2.6
sun solaris 8.0
CVE-2004-2758 HIGH

Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunforum 3d_1.0
sun sunforum 3.2
CVE-2004-2759 LOW

Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun storedge_qfs *
sun storeedge_performance_suite 4.1
sun storedge_sam-qfs *
sun storeedge_performance_suite 4.0
sun storeedge_utilization_suite 4.0
sun storeedge_utilization_suite 4.1
CVE-2004-2765 MEDIUM

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun one_messaging_server 6.1
sun iplanet_messaging_server 5.2
CVE-2004-2766 MEDIUM

Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sun one_messaging_server 6.1
sun iplanet_messaging_server 5.2
CVE-2005-0109 MEDIUM

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ubuntu ubuntu_linux 5.04
sco unixware 7.1.4
redhat enterprise_linux_desktop 4.0
freebsd freebsd 5.3
redhat enterprise_linux 2.1
freebsd freebsd 4.4
sun solaris 7.0
freebsd freebsd 4.7
redhat enterprise_linux_desktop 3.0
sun solaris 10.0
freebsd freebsd 3.5
freebsd freebsd 4.3
freebsd freebsd 3.5.1
freebsd freebsd 4.2
freebsd freebsd 3.0
freebsd freebsd 2.2
freebsd freebsd 4.6.2
freebsd freebsd 4.5
freebsd freebsd 5.0
freebsd freebsd 4.1.1
sco unixware 7.1.3
freebsd freebsd 2.1.5
sco openserver 5.0.7
freebsd freebsd 2.1.7.1
freebsd freebsd 3.4
freebsd freebsd 4.10
freebsd freebsd 5.1
freebsd freebsd 3.3
redhat enterprise_linux 3.0
freebsd freebsd 5.2
sun solaris 9.0
freebsd freebsd 2.2.4
ubuntu ubuntu_linux 4.1
sun solaris 8.0
freebsd freebsd 1.1.5.1
freebsd freebsd 4.8
freebsd freebsd 2.2.5
freebsd freebsd 2.2.3
freebsd freebsd 2.1.6
freebsd freebsd 2.0.5
freebsd freebsd 2.1.0
freebsd freebsd 4.0
freebsd freebsd 4.1
freebsd freebsd 4.9
freebsd freebsd 4.11
sco unixware 7.1.3_up
freebsd freebsd 2.2.8
freebsd freebsd 2.0
freebsd freebsd 2.2.6
redhat fedora_core core_3.0
freebsd freebsd 3.1
freebsd freebsd 2.1.6.1
freebsd freebsd 4.6
redhat enterprise_linux 4.0
freebsd freebsd 3.2
freebsd freebsd 5.2.1
freebsd freebsd 5.4
freebsd freebsd 2.2.2
CVE-2005-0223 MEDIUM

The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sdk 1.4.1
sun rte 1.4.1
compaq tru64 *
sun rte 1.4.2
sun sdk 1.4.2
CVE-2005-0248 HIGH

The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
CVE-2005-0357 HIGH

EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emc legato_networker 4.2.2
emc legato_networker 6.1
sun storedge_enterprise_backup_software 7.0
emc legato_networker 7.13
emc legato_networker 7.2
sun storedge_enterprise_backup_software 7.2
sun storedge_enterprise_backup_software 7.1
emc legato_networker 6.0
sun solstice_backup 6.0
sun solstice_backup 6.1
CVE-2005-0358 HIGH

EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emc legato_networker 4.2.2
emc legato_networker 6.1
sun storedge_enterprise_backup_software 7.0
emc legato_networker 7.13
emc legato_networker 7.2
sun storedge_enterprise_backup_software 7.2
sun storedge_enterprise_backup_software 7.1
emc legato_networker 6.0
sun solstice_backup 6.0
sun solstice_backup 6.1
CVE-2005-0359 MEDIUM

The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
emc legato_networker 4.2.2
emc legato_networker 6.1
sun storedge_enterprise_backup_software 7.0
emc legato_networker 7.13
emc legato_networker 7.2
sun storedge_enterprise_backup_software 7.2
sun storedge_enterprise_backup_software 7.1
emc legato_networker 6.0
sun solstice_backup 6.0
sun solstice_backup 6.1
CVE-2005-0418 HIGH

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun j2se 1.4.2_01
sun j2se 1.4.2_04
sun j2se 1.4.2_05
sun j2se 1.4.2
sun j2se 1.4.2_03
sun j2se 1.4.2_02
sun j2se 1.4.2_06
CVE-2005-0426 MEDIUM

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-2005-0447 MEDIUM

Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
CVE-2005-0471 MEDIUM

Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.2
sun jdk 1.5.0
sun jdk 1.2.0
sun jre 1.3.0
sun jdk 1.3.0
sun jre 1.4
sun jdk 1.4.0
sun jre 1.1
sun jdk 1.1.0
sun jre 1.5.0
CVE-2005-0488 MEDIUM

Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.9
mit kerberos_5 1.3.4
microsoft telnet_client 5.1.2600.2180
CVE-2005-0548 MEDIUM

Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_answerbook2 1.4
sun solaris_answerbook2 1.4.2
sun solaris_answerbook2 1.3
sun solaris_answerbook2 1.4.4
sun solaris_answerbook2 1.4.3
sun solaris_answerbook2 1.2
sun solaris_answerbook2 1.4.1
CVE-2005-0549 MEDIUM

Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_answerbook2 *
CVE-2005-0576 LOW

Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
CVE-2005-0742 MEDIUM

Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_application_server 7.0
CVE-2005-0816 HIGH

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2005-0836 HIGH

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun j2se 1.4.2_01
sun j2se 1.4.2_04
sun j2se 1.4.2_05
sun j2se 1.4.2
sun j2se 1.4.2_03
sun j2se 1.4.2_02
sun j2se 1.4.2_06
CVE-2005-1080 MEDIUM

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sdk 1.5
sun sdk 1.4.2
CVE-2005-1105 MEDIUM

Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun javamail 1.3.2
CVE-2005-1124 MEDIUM

Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
CVE-2005-1150 MEDIUM

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_server 6.0
CVE-2005-1232 HIGH

Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_proxy_server 3.6
CVE-2005-1518 LOW

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2005-1591 MEDIUM

Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2005-1609 HIGH

Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun storedge_6130_arrays *
CVE-2005-1753 MEDIUM

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun javamail 1.3
sun javamail 1.2
sun javamail 1.1.3
CVE-2005-1754 MEDIUM

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
apache_tomcat apache_tomcat 5.0.16
sun javamail 1.3
sun javamail 1.3.2
sun javamail 1.2
sun javamail 1.1.3
CVE-2005-1887 MEDIUM

Unknown vulnerability in the Sun Solaris C library (libc and libproject) in Solaris 10 allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-1889 MEDIUM

Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_server *
sun java_system_web_server 6.1
CVE-2005-1973 MEDIUM

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun j2se 5.0_update1
sun j2se 5.0
CVE-2005-1974 MEDIUM

Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun j2se 1.4.2_01
sun j2se 1.4.2_04
sun j2se 1.4.2_05
sun j2se 5.0_update1
sun j2se 1.4.2
sun j2se 1.4.2_03
sun j2se 1.4.2_02
sun j2se 1.4.2_06
sun j2se 1.4.2_07
sun j2se 5.0
CVE-2005-2022 MEDIUM

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun one_messaging_server 6.2
sun iplanet_messaging_server 5.2
CVE-2005-2032 LOW

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
CVE-2005-2071 MEDIUM

traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-2072 HIGH

The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
sun solaris 10.0
CVE-2005-2094 MEDIUM

Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_web_server 6.1
CVE-2005-2527 LOW

Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
sun java *
CVE-2005-2529 HIGH

Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java 1.4.2
CVE-2005-2530 HIGH

Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java 1.3.1
CVE-2005-2738 MEDIUM

Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java 1.4.2
CVE-2005-2870 HIGH

Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-3001 LOW

Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-3071 LOW

Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-2005-3099 MEDIUM

Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 10.0
CVE-2005-3250 LOW

Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-3269 HIGH

Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun one_directory_server 5.0_sp2
sun java_system_directory_server 5.2
sun java_system_directory_proxy_server 5.2
sun one_directory_server 5.0
sun one_administration_server 5.2
sun one_directory_server 5.1
sun one_directory_server 4.16
CVE-2005-3398 MEDIUM

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 10.0
CVE-2005-3472 MEDIUM

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_communications_express 2004q2
sun java_system_communications_express 2005q1
CVE-2005-3583 HIGH

(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sdk 1.4.2_08
sun jre 1.4.2
sun sdk 1.5.0_05
sun sdk 1.4.2_09
CVE-2005-3674 HIGH

The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun solaris 10.0
CVE-2005-3781 MEDIUM

Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.9
sun solaris *
CVE-2005-3904 HIGH

Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2_8
sun jre 1.4.2_5
sun jdk 1.5.0_03
sun jre 1.4.2_3
sun jre 1.4.2_1
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.1
sun jre 1.3.0
sun jre 1.3.1
sun jre 1.4.2_6
sun jre 1.5.0
sun jre 1.4.2_4
sun jre 1.4.2_7
CVE-2005-3905 HIGH

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3_02
sun jdk 1.4.2_01
sun jdk 1.4.2_05
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.4.2_1
sun jdk 1.3.1_08
sun jre 1.3.0
sun jdk 1.3.1_06
sun jdk 1.3.0_02
sun jre 1.4.2_6
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.4.2_08
sun jdk 1.3.1_02
sun jdk 1.4.1_02
sun jre 1.4.2_3
sun jdk 1.3.1_05
sun jdk 1.3
sun jre 1.4.2
sun jdk 1.3_05
sun jre 1.3.1
sun jdk 1.3.1_01a
sun jdk 1.3.1_04
sun jre 1.5.0
sun jdk 1.4.1
sun jdk 1.3.0_05
sun jre 1.4.2_5
sun jdk 1.3.1_15
sun jdk 1.4.1_01
sun jdk 1.4.2
sun jdk 1.3.1_12
sun jdk 1.4.2_04
sun jdk 1.4
sun jre 1.4.1
sun jdk 1.3.1_03
sun jdk 1.4.0_01
sun jdk 1.4.1_03
sun jdk 1.3.1_10
sun jdk 1.4.0_02
sun jdk 1.4.2_03
sun jdk 1.3.1_13
sun jre 1.4.2_8
sun jdk 1.5.0_03
sun jre 1.4.2_2
sun jdk 1.3.1_07
sun jdk 1.4.0_03
sun jdk 1.4.0_4
sun jdk 1.4.2_02
CVE-2005-3906 HIGH

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3_02
sun jdk 1.4.2_01
sun jdk 1.4.2_05
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.4.2_1
sun jdk 1.3.1_08
sun jre 1.3.0
sun jdk 1.3.1_06
sun jdk 1.3.0_02
sun jre 1.4.2_6
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.4.2_08
sun jdk 1.3.1_02
sun jdk 1.4.1_02
sun jre 1.4.2_3
sun jdk 1.3.1_05
sun jdk 1.3
sun jre 1.4.2
sun jdk 1.3_05
sun jre 1.3.1
sun jdk 1.3.1_01a
sun jdk 1.3.1_04
sun jre 1.5.0
sun jdk 1.4.1
sun jdk 1.3.0_05
sun jre 1.4.2_5
sun jdk 1.3.1_15
sun jdk 1.4.1_01
sun jdk 1.4.2
sun jdk 1.3.1_12
sun jdk 1.4.2_04
sun jdk 1.4
sun jre 1.4.1
sun jdk 1.3.1_03
sun jdk 1.4.0_01
sun jdk 1.4.1_03
sun jdk 1.3.1_10
sun jdk 1.4.0_02
sun jdk 1.4.2_03
sun jdk 1.3.1_13
sun jre 1.4.2_8
sun jdk 1.5.0_03
sun jre 1.4.2_2
sun jdk 1.3.1_07
sun jdk 1.4.0_03
sun jdk 1.4.0_4
sun jdk 1.4.2_02
CVE-2005-3907 HIGH

Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_8
sun jre 1.4.2_5
sun jdk 1.5.0_03
sun jre 1.4.2_3
sun jre 1.4.2_1
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.1
sun jre 1.3.0
sun jre 1.3.1
sun jre 1.4.2_6
sun jre 1.5.0
sun jre 1.4.2_4
sun jre 1.4.2_7
CVE-2005-4045 HIGH

Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (TLA) default password via unknown vectors, possibly involving configure_toplevel_admin.ldif.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun java_communications_services_delegated_administrator 6
CVE-2005-4046 MEDIUM

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_application_server 7.0
sun one_application_server 7.0
sun java_system_application_server 8.1
CVE-2005-4133 LOW

Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-4350 HIGH

Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun wbem_services a.02.00.07
sun wbem_services a.01.05.11
CVE-2005-4552 HIGH

The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris_pc_netlink 2.0
CVE-2005-4701 LOW

Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-4706 LOW

Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2005-4795 HIGH

Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.7
sun sunos 5.8
CVE-2005-4796 LOW

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5.1
sun solaris 9.0
sun solaris 2.6
sun solaris 8.0
sun sunos 5.5
sun solaris 2.5
sun solaris 7.0
sun sunos -
sun sunos 5.7
sun sunos 5.8
sun sunos 5.5.1
sun solaris 10.0
CVE-2005-4797 MEDIUM

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun solaris 9.0
sun sunos 5.7
sun sunos 5.8
sun solaris 8.0
sun solaris 10.0
CVE-2005-4804 MEDIUM

Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_application_server 8.1
CVE-2005-4805 MEDIUM

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_application_server 7.0
sun java_system_application_server 6.0
CVE-2005-4806 MEDIUM

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_proxy_server 3.6
CVE-2005-4845 MEDIUM

The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sun java_plug-in 1.4.2_03
sun java_plug-in 1.4.2_04
CVE-2005-4885 HIGH

Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote attackers to delete data via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun storedge_6130_arrays *
CVE-2006-0161 MEDIUM

Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-2006-0190 HIGH

Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun solaris 10.0
CVE-2006-0191 MEDIUM

Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-0227 LOW

Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.9
sun solaris 9.0
sun sunos 5.8
sun solaris 10.0
CVE-2006-0408 HIGH

rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun grid_engine 6.0
CVE-2006-0516 LOW

Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-0531 HIGH

Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_access_manager 7.0
CVE-2006-0613 MEDIUM

Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun j2se *
CVE-2006-0614 MEDIUM

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre *
sun jre 5.0
sun sdk *
sun jdk 5.0
CVE-2006-0615 MEDIUM

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2_8
sun sdk 1.4.2_2
sun jre 1.4.2_5
sun sdk 1.4.2_6
sun sdk 1.4.2_9
sun jre 1.4.2_3
sun sdk 1.4.2_4
sun jre 1.4.2_1
sun sdk 1.4.2_7
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_2
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun sdk 1.4.2_8
sun sdk 1.4.2_5
sun jre 1.5.0
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
CVE-2006-0616 MEDIUM

Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jdk *
sun jre *
CVE-2006-0617 MEDIUM

Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jdk *
sun jre *
CVE-2006-0647 MEDIUM

LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_directory_server 5.2
CVE-2006-0745 HIGH

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
x.org x11r7 1.0
x.org x11r6 6.9
mandrakesoft mandrake_linux 2006
sun solaris 10.0
suse suse_linux 10.0
redhat fedora_core core_5.0
x.org x11r7 1.0.1
CVE-2006-0769 HIGH

Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-0901 HIGH

Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
sun solaris 10.0
CVE-2006-1092 LOW

Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 10.0
CVE-2006-1506 HIGH

Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun n1_grid_engine 6.0
sun grid_engine 5.3
CVE-2006-1601 LOW

Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun cluster 3.1
CVE-2006-1780 LOW

The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
sun solaris 10.0
CVE-2006-1782 LOW

Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-2006-1830 LOW

Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_studio_enterprise 8
CVE-2006-2064 MEDIUM

Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 might allow local users to gain privileges or cause a denial of service (application failure) via unknown attack vectors that involve the getpwnam family of non-reentrant functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-2198 HIGH

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun staroffice 7.0
sun staroffice 8.0
openoffice openoffice 1.1.5
openoffice openoffice 2.0.1
openoffice openoffice 2.0.2
openoffice openoffice 1.1.1b
openoffice openoffice 2.0.0
openoffice openoffice 1.1.4
openoffice openoffice 2.0.2_rc3
openoffice openoffice 2.0.3_rc5
openoffice openoffice 2.0.2_rc4
openoffice openoffice 2.0.3_rc4
openoffice openoffice 1.1.1a
openoffice openoffice 1.1.2
openoffice openoffice 2.0.2_rc1
openoffice openoffice 1.1.0
openoffice openoffice 2.0.3_rc3
openoffice openoffice 2.0.0_rc1
openoffice openoffice 2.0.3_rc6
openoffice openoffice 2.0.0_rc3
openoffice openoffice 1.1.1
openoffice openoffice 2.0.0_rc2
openoffice openoffice 2.0.2_rc2
openoffice openoffice 1.1.3
CVE-2006-2199 HIGH

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun staroffice 7.0
sun staroffice 8.0
openoffice openoffice 1.1.5
openoffice openoffice 2.0.1
sun staroffice 6.0
openoffice openoffice 2.0.2
openoffice openoffice 2.0.0
openoffice openoffice 1.1.4
openoffice openoffice 1.1.1
openoffice openoffice 1.1.2
openoffice openoffice 1.1.3
openoffice openoffice 1.1.0
CVE-2006-2426 MEDIUM

Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jdk 1.5.0
sun sdk 1.5.0_6
sun jre 1.5.0
CVE-2006-2501 MEDIUM

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_application_server *
sun java_system_web_server *
sun one_application_server 7.0
sun one_application_server 6.0
sun one_web_server 6.0
sun java_system_application_server *
sun java_system_web_server 6.1
sun one_web_server *
CVE-2006-2513 HIGH

Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_directory_server 5.2
CVE-2006-2614 MEDIUM

Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun n1_system_manager 1.1
CVE-2006-2790 HIGH

A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun storage_automated_diagnostic_environment 2.4
CVE-2006-2930 MEDIUM

Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun n1_grid_engine 6.0
sun grid_engine 5.3
CVE-2006-3117 HIGH

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun staroffice 7.0
openoffice openoffice 2.0
sun staroffice 8.0
openoffice openoffice 2.0.1
sun staroffice 6.0
openoffice openoffice 2.0.2
openoffice openoffice 2.0.0
openoffice openoffice 1.1.4
openoffice openoffice 1.1.1
openoffice openoffice 1.1.2
openoffice openoffice 1.1.3
openoffice openoffice 1.1.0
CVE-2006-3127 HIGH

Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
sun java_system_directory_server 5.2
sun java_enterprise_system 2004q2
sun java_enterprise_system 2003q4
sun java_enterprise_system 2005q1
CVE-2006-3159 LOW

pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_messaging_server 5.2
sun iplanet_messaging_server 5.2
CVE-2006-3225 LOW

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun one_application_server *
sun java_system_application_server 8.1
sun java_system_application_server *
CVE-2006-3606 MEDIUM

Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 9.0
sun sunos 5.8
CVE-2006-3664 MEDIUM

Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun sunos 5.9
sun solaris 9.0
sun sunos 5.8
sun solaris 8.0
sun solaris 10.0
CVE-2006-3728 MEDIUM

Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun solaris 10.0
CVE-2006-3781 HIGH

Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-3782 MEDIUM

Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-3783 MEDIUM

Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-3824 MEDIUM

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-3825 LOW

The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 10.0
CVE-2006-4175 HIGH

The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-824,

Products Affected

Vendor Product Version
sun java_system_directory_server 5.2
sun one_directory_server 5.2
sun one_directory_server 5.1
CVE-2006-6276 MEDIUM

HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
sun java_system_web_proxy_server 4.0
sun java_system_application_server 7.0
sun one_application_server 7.0
sun java_system_application_server 8.1
sun java_system_web_server 6.0
sun java_system_web_proxy_server -
sun java_system_web_server 6.1
sun java_system_web_proxy_server 3.6
CVE-2007-0882 HIGH

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-88,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
oracle solaris 11
oracle solaris 10
CVE-2007-6059 MEDIUM

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
sun javamail *
CVE-2008-7300 HIGH

The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun sunos 5.10
sun opensolaris build_snv_64
sun opensolaris build_snv_39
sun opensolaris build_snv_67
sun opensolaris build_snv_59
sun opensolaris build_snv_47
CVE-2009-0581 MEDIUM

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-401,

Products Affected

Vendor Product Version
sun openjdk *
gimp gimp *
mozilla firefox 3.1
littlecms little_cms *
CVE-2009-0723 HIGH

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
sun openjdk *
gimp gimp *
mozilla firefox 3.1
littlecms little_cms *
CVE-2009-0733 HIGH

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
sun openjdk *
gimp gimp *
mozilla firefox 3.1
littlecms little_cms *
CVE-2009-0793 MEDIUM

cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sun openjdk 6
littlecms lcms 1.18
CVE-2009-0794 MEDIUM

Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
sun openjdk 1.6.0.0
CVE-2009-1671 HIGH

Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun jre 6
CVE-2009-1672 HIGH

The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun jre 6
CVE-2009-2416 MEDIUM

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,CWE-416,

Products Affected

Vendor Product Version
xmlsoft libxml2 2.5.10
fedoraproject fedora 11
redhat enterprise_linux 3.0
vmware vma 4.0
xmlsoft libxml2 2.6.27
vmware esxi 3.5
vmware esx 4.0
fedoraproject fedora 10
canonical ubuntu_linux 9.04
suse linux_enterprise 10.0
google chrome *
vmware esx 3.5
apple iphone_os *
xmlsoft libxml2 2.6.26
vmware vcenter_server 4.0
apple mac_os_x *
redhat enterprise_linux 5.0
vmware esx 3.0.3
vmware esxi 4.0
apple safari *
suse linux_enterprise 11.0
canonical ubuntu_linux 8.04
opensuse opensuse *
apple mac_os_x_server *
debian debian_linux 4.0
xmlsoft libxml 1.8.17
sun openoffice.org *
suse linux_enterprise_server 9
canonical ubuntu_linux 8.10
redhat enterprise_linux 4.0
xmlsoft libxml2 2.6.32
canonical ubuntu_linux 6.06
xmlsoft libxml2 2.6.16
CVE-2009-2704 MEDIUM

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun j2ee *
CVE-2009-2705 MEDIUM

CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun j2ee *
broadcom siteminder *
CVE-2009-3692 HIGH

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun virtualbox 3.0.4
sun virtualbox 3.0.0
sun virtualbox 3.0.6
sun virtualbox 3.0.2
CVE-2009-4774 MEDIUM

Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 through snv_117, when 64bit mode is used on the Intel x86 platform and a Linux (lx) branded zone is configured, allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2007-6225.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun opensolaris snv_104
sun opensolaris snv_63
sun opensolaris snv_91
sun opensolaris snv_96
sun opensolaris snv_109
sun opensolaris snv_49
sun opensolaris snv_87
sun opensolaris snv_55
sun opensolaris snv_64
sun opensolaris snv_94
sun opensolaris snv_98
sun opensolaris snv_75
sun opensolaris snv_106
sun opensolaris snv_108
sun opensolaris snv_78
sun opensolaris snv_61
sun opensolaris snv_115
sun opensolaris snv_85
sun opensolaris snv_90
sun opensolaris snv_86
sun opensolaris snv_99
sun opensolaris snv_116
sun opensolaris snv_117
sun opensolaris snv_82
sun opensolaris snv_66
sun opensolaris snv_51
sun opensolaris snv_88
sun opensolaris snv_105
sun opensolaris snv_54
sun opensolaris snv_52
sun opensolaris snv_114
sun opensolaris snv_68
sun opensolaris snv_93
sun opensolaris snv_58
sun opensolaris snv_74
sun opensolaris snv_110
sun opensolaris snv_92
sun opensolaris snv_60
sun opensolaris snv_97
sun opensolaris snv_95
sun opensolaris snv_76
sun opensolaris snv_81
sun opensolaris snv_84
sun opensolaris snv_69
sun opensolaris snv_70
sun opensolaris snv_73
sun opensolaris snv_113
sun opensolaris snv_65
sun opensolaris snv_62
sun opensolaris snv_77
sun opensolaris snv_79
sun opensolaris snv_102
sun opensolaris snv_103
sun opensolaris snv_107
sun solaris 10
sun opensolaris snv_112
sun opensolaris snv_67
sun opensolaris snv_101
sun opensolaris snv_53
sun opensolaris snv_80
sun opensolaris snv_111
sun opensolaris snv_56
sun opensolaris snv_71
sun opensolaris snv_83
sun opensolaris snv_57
sun opensolaris snv_50
sun opensolaris snv_100
sun opensolaris snv_59
sun opensolaris snv_89
sun opensolaris snv_72
CVE-2010-0082 MEDIUM

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0084 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0091.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-0085 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0088.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0087 HIGH

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0088 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0089 MEDIUM

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-0090 MEDIUM

Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18 allows remote attackers to affect integrity and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-0091 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2010-0084.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-0092 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-0093 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0095.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-0094 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is due to missing privilege checks during deserialization of RMIConnectionImpl objects, which allows remote attackers to call system-level Java functions via the ClassLoader of a constructor that is being deserialized.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-0095 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-0386 MEDIUM

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sun java_system_application_server 7.0
CVE-2010-0387 HIGH

Multiple heap-based buffer overflows in (1) webservd and (2) the admin server in Sun Java System Web Server 7.0 Update 7 allow remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long string in an "Authorization: Digest" HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
sun java_system_web_server 7.0
CVE-2010-0388 HIGH

Format string vulnerability in the WebDAV implementation in webservd in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in the encoding attribute of the XML declaration in a PROPFIND request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
sun java_system_web_server 7.0
CVE-2010-0389 MEDIUM

The admin server in Sun Java System Web Server 7.0 Update 6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP request that lacks a method token.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_system_web_server 7.0
CVE-2010-0453 MEDIUM

The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and OpenSolaris snv_69 through snv_133, when running on x86 architectures, allows local users to cause a denial of service (panic) via a request with a 0 size value to the UCODE_GET_VERSION IOCTL, which triggers a NULL pointer dereference in the ucode_get_rev function, related to retrieval of the microcode revision.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
sun opensolaris snv_104
sun opensolaris snv_91
sun opensolaris snv_96
sun opensolaris snv_109
sun opensolaris snv_87
sun opensolaris snv_120
sun opensolaris snv_94
sun opensolaris snv_98
sun opensolaris snv_123
sun opensolaris snv_75
sun opensolaris snv_106
sun opensolaris snv_132
sun opensolaris snv_108
sun opensolaris snv_78
sun opensolaris snv_115
sun opensolaris snv_85
sun opensolaris snv_90
sun opensolaris snv_86
sun opensolaris snv_99
sun opensolaris snv_116
sun solaris 10.0
sun opensolaris snv_117
sun opensolaris snv_82
sun opensolaris snv_121
sun opensolaris snv_88
sun opensolaris snv_105
sun opensolaris snv_128
sun opensolaris snv_114
sun opensolaris snv_127
sun opensolaris snv_126
sun opensolaris snv_93
sun opensolaris snv_74
sun opensolaris snv_110
sun opensolaris snv_133
sun opensolaris snv_92
sun opensolaris snv_131
sun opensolaris snv_97
sun opensolaris snv_95
sun opensolaris snv_76
sun opensolaris snv_81
sun opensolaris snv_84
sun opensolaris snv_130
sun opensolaris snv_69
sun opensolaris snv_70
sun opensolaris snv_73
sun opensolaris snv_113
sun opensolaris snv_125
sun opensolaris snv_119
sun opensolaris snv_77
sun opensolaris snv_79
sun opensolaris snv_102
sun opensolaris snv_124
sun opensolaris snv_103
sun opensolaris snv_107
sun opensolaris snv_112
sun opensolaris snv_101
sun opensolaris snv_129
sun opensolaris snv_80
sun opensolaris snv_111
sun opensolaris snv_122
sun opensolaris snv_71
sun opensolaris snv_118
sun opensolaris snv_83
sun opensolaris snv_100
sun opensolaris snv_89
sun opensolaris snv_72
CVE-2010-0558 HIGH

The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sun opensolaris snv_104
sun opensolaris snv_91
sun opensolaris snv_96
sun opensolaris snv_109
sun opensolaris snv_87
sun opensolaris snv_120
sun opensolaris snv_94
sun opensolaris snv_98
sun opensolaris snv_123
sun opensolaris snv_106
sun opensolaris snv_108
sun opensolaris snv_78
sun opensolaris snv_115
sun opensolaris snv_85
sun opensolaris snv_90
sun opensolaris snv_86
sun opensolaris snv_99
sun opensolaris snv_116
sun opensolaris snv_117
sun opensolaris snv_82
sun opensolaris snv_121
sun opensolaris snv_88
sun opensolaris snv_105
sun opensolaris snv_128
sun opensolaris snv_114
sun opensolaris snv_127
sun opensolaris snv_126
sun opensolaris snv_93
sun opensolaris snv_110
sun opensolaris snv_92
sun opensolaris snv_131
sun opensolaris snv_97
sun opensolaris snv_95
sun opensolaris snv_81
sun opensolaris snv_84
sun opensolaris snv_130
sun opensolaris snv_113
sun opensolaris snv_125
sun opensolaris snv_119
sun opensolaris snv_77
sun opensolaris snv_79
sun opensolaris snv_102
sun opensolaris snv_124
sun opensolaris snv_103
sun opensolaris snv_107
sun opensolaris snv_112
sun opensolaris snv_101
sun opensolaris snv_129
sun opensolaris snv_80
sun opensolaris snv_111
sun opensolaris snv_122
sun opensolaris snv_118
sun opensolaris snv_83
sun opensolaris snv_100
sun opensolaris snv_89
CVE-2010-0559 HIGH

The default configuration of Oracle OpenSolaris snv_91 through snv_131 allows attackers to have an unspecified impact via vectors related to using kclient to join a Windows Active Directory domain.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
sun opensolaris snv_104
sun opensolaris snv_91
sun opensolaris snv_96
sun opensolaris snv_109
sun opensolaris snv_130
sun opensolaris snv_120
sun opensolaris snv_113
sun opensolaris snv_125
sun opensolaris snv_94
sun opensolaris snv_98
sun opensolaris snv_119
sun opensolaris snv_123
sun opensolaris snv_106
sun opensolaris snv_102
sun opensolaris snv_108
sun opensolaris snv_115
sun opensolaris snv_124
sun opensolaris snv_103
sun opensolaris snv_99
sun opensolaris snv_107
sun opensolaris snv_116
sun opensolaris snv_117
sun opensolaris snv_112
sun opensolaris snv_121
sun opensolaris snv_105
sun opensolaris snv_128
sun opensolaris snv_114
sun opensolaris snv_127
sun opensolaris snv_101
sun opensolaris snv_129
sun opensolaris snv_126
sun opensolaris snv_93
sun opensolaris snv_111
sun opensolaris snv_122
sun opensolaris snv_118
sun opensolaris snv_110
sun opensolaris snv_92
sun opensolaris snv_131
sun opensolaris snv_100
sun opensolaris snv_97
sun opensolaris snv_95
CVE-2010-0708 MEDIUM

Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe in Sun Directory Server Enterprise Edition 7.0, Sun Java System Directory Server 5.2, and Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allow remote attackers to cause a denial of service (daemon crash) via a crafted LDAP search request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun java_system_directory_server 6.0
sun java_system_directory_server 6.1
sun java_system_directory_server 5.2
sun java_system_directory_server 7.0
sun java_system_directory_server 6.3.1
sun java_system_directory_server 6.3
sun java_system_directory_server 6.2
CVE-2010-0837 HIGH

Unspecified vulnerability in the Pack200 component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-0838 HIGH

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a stack-based buffer overflow using an untrusted size value in the readMabCurveData function in the CMM module in the JVM.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-0839 HIGH

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0841 HIGH

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX".

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-0842 HIGH

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0843 HIGH

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jre 1.3.1_27
sun sdk 1.4.2_25
sun jre 1.6.0
sun jre 1.5.0
sun sdk 1.3.1_27
sun jre 1.4.2_25
CVE-2010-0844 HIGH

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and allows a NULL byte to be written to arbitrary memory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0845 MEDIUM

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0, Update, and 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-0846 HIGH

Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0847 HIGH

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0848 HIGH

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0849 HIGH

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-0850 HIGH

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.3.1_05
sun sdk 1.3.1_06
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jdk 1.3.1_05
sun sdk 1.3.1_07
sun jre 1.3.1
sun jdk 1.3.1_01a
sun jdk 1.3.1
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun jre 1.3.1_03
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.3.1_22
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.3.1_23
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun sdk 1.3.1_22
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun jdk 1.3.1_03
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun jdk 1.3.1_25
sun sdk 1.3.0_05
sun sdk 1.3.1_04
sun jdk 1.3.1_20
sun jdk 1.3.0_03
CVE-2010-0886 HIGH

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.6.0
CVE-2010-0887 HIGH

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun java 6
CVE-2010-1183 LOW

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
sun solaris *
CVE-2010-1227 MEDIUM

Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun java_system_communications_express *
CVE-2010-2632 HIGH

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2010-3541 MEDIUM

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3548 MEDIUM

Unspecified vulnerability in the Java Naming and Directory Interface (JNDI) component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to determine internal IP addresses or "otherwise-protected internal network names."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-3549 MEDIUM

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3550 HIGH

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-3551 MEDIUM

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-3552 HIGH

Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-3553 HIGH

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to unsafe reflection involving the UIDefault.ProxyLazyValue class.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3554 HIGH

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to "permissions granted to certain system objects."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3555 HIGH

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that the ActiveX Plugin does not properly initialize an object field that is used as a window handle, which allows attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-3556 HIGH

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3557 MEDIUM

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3558 HIGH

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-3559 HIGH

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this involves an incorrect sign extension in the HeadspaceSoundbank.nGetName function, which allows attackers to execute arbitrary code via a crafted BANK record that leads to a buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3560 LOW

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-3561 HIGH

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this involves the use of the privileged accept method in the ServerSocket class, which does not limit which hosts can connect and allows remote attackers to bypass intended network access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-3562 HIGH

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3563 HIGH

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-3565 HIGH

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that triggers memory corruption via large values in a subsample of a JPEG image, related to JPEGImageWriter.writeImage in the imageio API.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-3566 HIGH

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update and 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow that leads to a buffer overflow via a crafted devs (device information) tag structure in a color profile.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-3567 HIGH

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to a calculation error in right-to-left text character counts for the ICU OpenType font rendering implementation, which triggers an out-of-bounds memory access.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-3568 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-3569 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this allows remote attackers to execute arbitrary code by causing the defaultReadObject method in the Serialization API to set a volatile field multiple times.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
CVE-2010-3570 HIGH

Unspecified vulnerability in the Deployment Toolkit component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-3571 HIGH

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3572 HIGH

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3573 MEDIUM

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to missing validation of request headers in the HttpURLConnection class when they are set by applets, which allows remote attackers to bypass the intended security policy.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-3574 HIGH

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.3.1_11
sun jdk 1.3.1_22
sun jdk 1.3.0
sun sdk 1.4.2_6
sun jre 1.3.1_08
sun jdk 1.3.1_01
sun jdk 1.3.1_09
sun jre 1.3.1_26
sun sdk 1.3.1_18
sun jdk 1.3.1_08
sun jdk 1.3.1_19
sun jdk 1.3.1_06
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre 1.4.2_13
sun sdk 1.3.1_05
sun jre 1.4.2_4
sun sdk 1.4.2
sun sdk 1.3.1_06
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jdk 1.3.1_14
sun jdk 1.3.1_02
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.6.0
sun jdk 1.3.1_05
sun jre 1.4.2_15
sun sdk 1.3.1_07
sun sdk 1.4.2_15
sun jre 1.3.1
sun jdk 1.3.1_01a
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun jdk 1.3.1
sun sdk 1.4.2_5
sun sdk 1.3.1_10
sun sdk 1.3.0_04
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.3.1_21
sun sdk *
sun sdk 1.3.1_01a
sun jre 1.3.1_05
sun jre 1.3.1_16
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun jre 1.3.1_03
sun sdk 1.4.2_26
sun sdk 1.3.1_12
sun sdk 1.3.1_19
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.3.1_14
sun sdk 1.3.0_03
sun sdk 1.3.1_21
sun sdk 1.4.2_4
sun sdk 1.3.1_13
sun jre 1.3.1_19
sun sdk 1.3.1_15
sun sdk 1.3.1
sun sdk 1.3.1_20
sun jre 1.3.1_10
sun jre 1.4.2_2
sun jre 1.3.1_22
sun jre 1.3.1_27
sun jdk *
sun jre 1.3.1_06
sun jdk 1.3.1_07
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun sdk 1.4.2_12
sun jre 1.3.1_2
sun jre 1.3.1_24
sun sdk 1.3.0
sun jre 1.3.1_18
sun sdk 1.3.1_09
sun jre 1.4.2_22
sun jre 1.3.1_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun jre 1.3.0
sun jdk 1.3.0_02
sun jdk 1.3.1_17
sun jre *
sun jdk 1.3.1_16
sun sdk 1.4.2_25
sun jre 1.3.1_07
sun jre 1.3.1_12
sun sdk 1.4.2_1
sun sdk 1.3.1_23
sun jdk 1.3.1_26
sun sdk 1.3.0_02
sun jre 1.4.2_21
sun sdk 1.3.1_27
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.3.1_22
sun sdk 1.4.2_14
sun sdk 1.3.1_02
sun jre 1.3.1_04
sun jdk 1.3.1_04
sun jre 1.3.1_14
sun jre 1.3.1_11
sun jre 1.5.0
sun jre 1.3.1_09
sun jre 1.3.1_17
sun sdk 1.3.1_08
sun sdk 1.3.1_24
sun jdk 1.3.1_23
sun sdk 1.3.1_17
sun sdk 1.4.2_24
sun jdk 1.3.0_05
sun jdk 1.3.1_18
sun sdk 1.3.1_25
sun jdk 1.3.1_15
sun sdk 1.3.1_16
sun sdk 1.3.1_11
sun sdk 1.3.1_01
sun jdk 1.3.1_12
sun jdk 1.3.0_04
sun sdk 1.4.2_17
sun jdk 1.3.1_03
sun jdk 1.3.1_27
sun jre 1.3.1_25
sun jre 1.3.1_15
sun jre 1.3.1_13
sun jdk 1.3.1_10
sun sdk 1.3.1_26
sun jre 1.4.2_23
sun jdk 1.3.1_13
sun sdk 1.3.0_01
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.3.1_03
sun jdk 1.3.1_24
sun jdk 1.3.0_01
sun jre 1.3.1_21
sun jre 1.3.1_20
sun sdk 1.4.2_7
sun jdk 1.3.1_25
sun jre 1.4.2_24
sun sdk 1.3.0_05
sun jre 1.4.2_14
sun sdk 1.3.1_04
sun sdk 1.4.2_8
sun jre 1.4.2_18
sun jdk 1.3.1_20
sun sdk 1.4.2_02
sun jdk 1.3.0_03
CVE-2010-3586 LOW

Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
CVE-2010-4415 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2010-4422 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-4431 LOW

Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 and 7.2 allows local users to affect confidentiality via unknown vectors related to Proxy.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun java_system_portal_server 7.2
sun java_system_portal_server 7.1
CVE-2010-4433 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2010-4435 HIGH

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2010-4440 MEDIUM

Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2010-4442 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2010-4443 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/NFS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2010-4444 MEDIUM

Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle opensso 7
sun java_system_access_manager *
oracle opensso 7.1
oracle opensso 8
CVE-2010-4446 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2010-4447 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4475.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4448 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4450 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4451 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, when using Java Update, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-4452 HIGH

Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-4454 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4456 MEDIUM

Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun java_system_communications_express 6.3
sun java_system_communications_express 6.2
CVE-2010-4457 HIGH

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to SMB and CIFS.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2010-4458 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to ZFS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2010-4459 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2010-4460 LOW

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2010-4462 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4473.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4463 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 21 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.6.0
CVE-2010-4465 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or "clipboard access in Applets."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4466 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Windows, Solaris, and, Linux; 5.0 Update 27 and earlier for Windows; and 1.4.2_29 and earlier for Windows allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4467 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 10 through 6 Update 23 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.6.0
CVE-2010-4468 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to JDBC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-4469 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and "backward jsrs."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4470 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows remote attackers to affect availability via unknown vectors related to JAXP and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to "Features set on SchemaFactory not inherited by Validator."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-4471 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, and 5.0 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to 2D. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2010-4472 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-4473 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4454 and CVE-2010-4462.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4474 LOW

Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2010-4475 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment, a different vulnerability than CVE-2010-4447.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2010-4476 MEDIUM

The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun sdk 1.4.2_6
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.6.0
sun jre 1.4.2_19
sun sdk 1.4.2_13
sun jre 1.4.2_17
sun sdk 1.4.2_3
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun sdk 1.4.2_25
sun jre 1.4.2_4
sun sdk 1.4.2
sun jre 1.4.2_7
sun jre 1.4.2_25
sun sdk 1.4.2_1
sun jre 1.4.2_11
sun sdk 1.4.2_21
sun sdk 1.4.2_18
sun sdk 1.4.2_27
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun sdk 1.4.2_20
sun jre 1.4.2_9
sun jdk 1.5.0
sun jre 1.4.2
sun sdk 1.4.2_14
sun sdk 1.4.2_15
sun sdk 1.4.2_16
sun jre 1.4.2_26
sun sdk 1.4.2_5
sun jre 1.5.0
sun sdk 1.4.2_24
sun jre 1.4.2_5
sun jre 1.4.2_12
sun sdk *
sun sdk 1.4.2_17
sun sdk 1.4.2_23
sun sdk 1.4.2_22
sun sdk 1.4.2_26
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun sdk 1.4.2_11
sun sdk 1.4.2_9
sun sdk 1.4.2_10
sun sdk 1.4.2_4
sun sdk 1.4.2_7
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun sdk 1.4.2_8
sun jre 1.4.2_10
sun sdk 1.4.2_19
sun jre 1.4.2_18
sun sdk 1.4.2_12
sun sdk 1.4.2_02
sun sdk 1.4.2_28
CVE-2011-0412 LOW

Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2011-0706 HIGH

The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sun jdk 1.6.0
redhat icedtea-web 1.0
redhat icedtea-web 1.0.1
CVE-2011-0786 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0788.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0788 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2011-0786.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0790 LOW

Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality via unknown vectors related to wbem.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
CVE-2011-0800 MEDIUM

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-0801 LOW

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-0802 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0814.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0807 HIGH

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle glassfish_server 2.1
oracle glassfish_server 2.1.1
oracle glassfish_server 3.0.1
sun java_system_application_server 9.1
CVE-2011-0812 LOW

Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-0813 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2012-0098.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-0814 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound, a different vulnerability than CVE-2011-0802.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0815 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0817 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0820 MEDIUM

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-0821 LOW

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2011-0829 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability, related to Kernel/SPARC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-0839 LOW

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
CVE-2011-0841 HIGH

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to TCP/IP.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2011-0862 HIGH

Multiple unspecified vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0863 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0864 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0865 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0866 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Java Runtime Environment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0867 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0868 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0869 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0871 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_17
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-0872 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-0873 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jre 1.6.0
sun jre 1.5.0
CVE-2011-2249 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2011-2258 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-2259 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-2285 HIGH

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2011-2287 HIGH

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-2289 LOW

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2011-2290 MEDIUM

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-2291 LOW

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2011-2293 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2011-2294 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-2295 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-2296 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2011-2298 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-2313 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2311.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle solaris 10.0
CVE-2011-2713 MEDIUM

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
libreoffice libreoffice 3.3.1
libreoffice libreoffice 3.3.2
libreoffice libreoffice 3.3.4
libreoffice libreoffice 3.3.0
libreoffice libreoffice 3.4.0
sun openoffice.org 3.3.0
libreoffice libreoffice 3.3.3
libreoffice libreoffice 3.4.1
libreoffice libreoffice *
CVE-2011-3508 HIGH

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2011-3515 MEDIUM

Unspecified vulnerability in the Oracle Solaris 10 and 11 Express allows local users to affect integrity and availability via unknown vectors related to Process File System (procfs).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-3516 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, when running on Windows, allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk *
sun jre *
sun jre 1.6.0
CVE-2011-3521 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.7.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jdk 1.7.0
sun jre 1.6.0
sun jre 1.5.0
CVE-2011-3542 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Performance Counter BackEnd Module (pcbe).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2011-3543 HIGH

Unspecified vulnerability in Oracle Solaris 11 Express allows remote attackers to affect availability, related to iSCSI DataMover (IDM).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2011-3545 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
oracle jrockit r28.0.0
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
oracle jrockit r28.0.2
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
oracle jrockit r28.0.1
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
oracle jrockit *
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
oracle jrockit r28.1.0
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
oracle jrockit r28.1.3
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jrockit r28.1.1
CVE-2011-3546 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle javafx 2.0
oracle jre 1.7.0
CVE-2011-3547 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
CVE-2011-3548 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.7.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.7.0
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-3549 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-3550 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.7.0
sun jdk *
sun jre *
sun jdk 1.7.0
sun jre 1.6.0
CVE-2011-3551 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
sun jre 1.7.0
oracle jrockit r28.1.0
oracle jrockit r28.0.2
sun jre 1.6.0
sun jdk 1.6.0
oracle jrockit *
sun jdk *
oracle jrockit r28.1.3
sun jre *
sun jdk 1.7.0
oracle jrockit r28.1.1
oracle jrockit r28.0.1
CVE-2011-3552 LOW

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.7.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.7.0
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-3553 LOW

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
sun jre 1.7.0
oracle jrockit r28.1.0
oracle jrockit r28.0.2
sun jre 1.6.0
sun jdk 1.6.0
oracle jrockit *
sun jdk *
oracle jrockit r28.1.3
sun jre *
sun jdk 1.7.0
oracle jrockit r28.1.1
oracle jrockit r28.0.1
CVE-2011-3554 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.7.0
sun jdk 1.5.0
sun jdk *
sun jre *
sun jdk 1.7.0
sun jre 1.6.0
sun jre 1.5.0
CVE-2011-3555 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.7.0
sun jdk 1.7.0
CVE-2011-3556 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
oracle jrockit r28.0.0
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
oracle jrockit r28.0.2
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.7.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
oracle jrockit r28.0.1
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
oracle jrockit *
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.7.0
sun jdk 1.4.2_4
oracle jrockit r28.1.0
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
oracle jrockit r28.1.3
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jrockit r28.1.1
CVE-2011-3557 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
oracle jrockit r28.0.0
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
oracle jrockit r28.0.2
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.7.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
oracle jrockit r28.0.1
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
oracle jrockit *
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.7.0
sun jdk 1.4.2_4
oracle jrockit r28.1.0
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
oracle jrockit r28.1.3
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jrockit r28.1.1
CVE-2011-3558 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.7.0
sun jdk *
sun jre *
sun jdk 1.7.0
sun jre 1.6.0
CVE-2011-3560 MEDIUM

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.7.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jdk 1.4.2_9
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_21
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.7.0
sun jdk 1.4.2_4
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_14
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
sun jdk 1.4.2_20
sun jre 1.4.2_10
sun jdk 1.4.2_28
sun jre 1.4.2_18
sun jdk 1.4.2_29
CVE-2011-3561 LOW

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jre 1.7.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
sun jdk 1.7.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.0
CVE-2011-3563 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jre 1.4.2_31
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jre 1.4.2_19
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_32
sun jre 1.4.2_28
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_23
sun jre 1.4.2_8
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jre 1.4.2_24
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.2_33
sun jre 1.4.2_14
oracle jre *
sun jre 1.4.2_10
sun jre 1.4.2_26
sun jre 1.4.2_30
oracle jre 1.6.0
sun jre 1.4.2_18
sun jre 1.5.0
CVE-2012-0094 HIGH

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
CVE-2012-0096 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-0097 LOW

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2012-0098 LOW

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-0099 LOW

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
CVE-2012-0100 MEDIUM

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
CVE-2012-0103 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2012-0109 LOW

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-0217 HIGH

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
joyent smartos *
xen xen 4.0.3
xen xen *
citrix xenserver 6.0
microsoft windows_xp *
sun sunos *
xen xen 4.1.1
xen xen 4.1.0
microsoft windows_7 *
xen xen 4.0.2
freebsd freebsd *
microsoft windows_server_2008 r2
xen xen 4.0.0
xen xen 4.0.1
citrix xenserver *
netbsd netbsd *
xen xen 4.0.4
microsoft windows_server_2003 *
illumos illumos *
CVE-2012-0497 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre *
oracle jre 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
CVE-2012-0498 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre *
sun jre *
oracle jre 1.6.0
sun jre 1.6.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2012-0499 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jre 1.4.2_31
oracle javafx 1.2.2
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jre 1.4.2_19
sun jre 1.4.2_17
sun jre 1.4.2_6
oracle javafx 1.2
sun jre *
sun jre 1.4.2_13
oracle javafx 2.0
oracle javafx 1.3.0
oracle javafx 1.3.1
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jre 1.4.2
sun jre 1.4.2_33
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
oracle javafx 1.2.3
sun jre 1.5.0
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jre 1.4.2_32
sun jre 1.4.2_28
sun jre 1.4.2_23
sun jre 1.4.2_8
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jre 1.4.2_10
oracle jre 1.6.0
sun jre 1.4.2_18
oracle javafx *
CVE-2012-0500 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre *
oracle javafx 1.2
oracle jre 1.6.0
oracle javafx *
sun jre 1.6.0
oracle javafx 1.2.3
oracle javafx 2.0
oracle javafx 1.3.0
oracle javafx 1.3.1
oracle javafx 1.2.2
oracle jre 1.7.0
CVE-2012-0501 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jre *
sun jre *
oracle jre 1.6.0
sun jre 1.6.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2012-0502 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jre 1.4.2_31
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jre 1.4.2_19
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_32
sun jre 1.4.2_28
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_23
sun jre 1.4.2_8
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jre 1.4.2_24
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.2_33
sun jre 1.4.2_14
oracle jre *
sun jre 1.4.2_10
sun jre 1.4.2_26
sun jre 1.4.2_30
oracle jre 1.6.0
sun jre 1.4.2_18
sun jre 1.5.0
CVE-2012-0503 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jre 1.4.2_31
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jre 1.4.2_19
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_32
sun jre 1.4.2_28
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_23
sun jre 1.4.2_8
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jre 1.4.2_24
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.2_33
sun jre 1.4.2_14
oracle jre *
sun jre 1.4.2_10
sun jre 1.4.2_26
sun jre 1.4.2_30
oracle jre 1.6.0
sun jre 1.4.2_18
sun jre 1.5.0
CVE-2012-0504 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2012-0505 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jre 1.4.2_31
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jre 1.4.2_19
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_32
sun jre 1.4.2_28
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_23
sun jre 1.4.2_8
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jre 1.4.2_24
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.2_33
sun jre 1.4.2_14
oracle jre *
sun jre 1.4.2_10
sun jre 1.4.2_26
sun jre 1.4.2_30
oracle jre 1.6.0
sun jre 1.4.2_18
sun jre 1.5.0
CVE-2012-0506 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jre 1.4.2_31
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jre 1.4.2_19
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jre 1.4.2_32
sun jre 1.4.2_28
sun jre 1.4.2_4
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_23
sun jre 1.4.2_8
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.6.0
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jre 1.4.2_24
sun jre 1.4.2
sun jre 1.4.2_2
sun jre 1.4.2_33
sun jre 1.4.2_14
oracle jre *
sun jre 1.4.2_10
sun jre 1.4.2_26
sun jre 1.4.2_30
oracle jre 1.6.0
sun jre 1.4.2_18
sun jre 1.5.0
CVE-2012-0507 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,CWE-843,

Products Affected

Vendor Product Version
suse linux_enterprise_software_development_kit 11
sun jre 1.6.0
debian debian_linux 7.0
oracle jre 1.7.0
suse linux_enterprise_server 10
debian debian_linux 6.0
suse linux_enterprise_java 10
suse linux_enterprise_desktop 10
oracle jre 1.6.0
suse linux_enterprise_server 11
sun jre 1.5.0
suse linux_enterprise_java 11
CVE-2012-0539 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2012-0551 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle glassfish_server 3.1.1
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2012-0563 LOW

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
CVE-2012-1681 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-1683 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-1684 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-1687 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2012-1691 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2012-1692 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2012-1694 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2012-1695 HIGH

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 6
oracle fusion_middleware 11.1
sun jre 6
oracle fusion_middleware 11.1.1.1.0
oracle fusion_middleware 11.1.1
oracle fusion_middleware 10.1
oracle fusion_middleware 11.1.1.5.0
oracle fusion_middleware 10.1.3.5.1
oracle fusion_middleware 10.1.3.4.1
oracle fusion_middleware 10.1.3.5
oracle fusion_middleware 10.1.3.3.2
oracle fusion_middleware 9.2.4
oracle fusion_middleware 10.3.5
oracle fusion_middleware 8.3.2.0
oracle fusion_middleware 10.3.3
oracle fusion_middleware 10.1.2.3
oracle fusion_middleware 8.3.5.0
oracle fusion_middleware 11.1.1.4.0
oracle fusion_middleware 11.1.1.3.0
oracle fusion_middleware 11.1.1.2.0
oracle fusion_middleware 7.5.2
oracle fusion_middleware *
oracle fusion_middleware 10.1.4.3
sun jre 5.0
oracle fusion_middleware 10.0.2
sun jdk 5.0
oracle fusion_middleware 10.3.4
CVE-2012-1698 LOW

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2012-1711 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk *
oracle jre *
oracle jdk *
sun jre *
CVE-2012-1713 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk *
oracle jre *
oracle jdk *
sun jre *
oracle javafx *
CVE-2012-1716 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
oracle jre *
oracle jdk *
sun jre *
oracle jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2012-1718 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk *
oracle jre *
oracle jdk *
sun jre *
CVE-2012-1719 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jdk 1.4.2_24
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre *
sun jre 1.4.2_13
sun jdk 1.4.2_5
sun jdk 1.4.2_10
sun jre 1.4.2_4
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
sun jdk *
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
CVE-2012-1720 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk *
oracle jre *
oracle jdk *
sun jre *
CVE-2012-1724 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2012-1725 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
sun jdk *
oracle jre *
oracle jdk *
sun jre *
oracle jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2012-1750 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2012-1752 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-0351 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0398 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2013-0399 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
CVE-2013-0400 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
CVE-2013-0403 LOW

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2013-0404 LOW

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-0405 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2013-0406 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-0407 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
xerox freeflow_print_server 8.0
CVE-2013-0408 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-0409 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-0411 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.8
CVE-2013-0412 LOW

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2013-0413 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2013-0414 LOW

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-0415 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
xerox freeflow_print_server 8.0
CVE-2013-0419 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0423 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0424 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to cross-site scripting (XSS) in the sun.rmi.transport.proxy CGIHandler class that does not properly handle error messages in a (1) command or (2) port number.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0425 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0426 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect "access control checks" in the logging API that allow remote attackers to bypass Java sandbox restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0427 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Libraries. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to interrupt certain threads that should not be interrupted.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-0428 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect checks for proxy classes" in the Reflection API.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0429 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue involves the creation of a single PresentationManager that is shared across multiple thread groups, which allows remote attackers to bypass Java sandbox restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-0430 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0432 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0433 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-0434 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the public declaration of the loadPropertyFile method in the JAXP FuncSystemProperty class, which allows remote attackers to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0435 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAX-WS. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper restriction of com.sun.xml.internal packages and "Better handling of UI elements."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0438 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0440 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to CPU consumption in the SSL/TLS implementation via a large number of ClientHello packets that are not properly handled by (1) ClientHandshaker.java and (2) ServerHandshaker.java.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0441 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-1476 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via certain methods that should not be serialized, aka "missing serialization restriction."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0442 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0443 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect validation of Diffie-Hellman keys, which allows remote attackers to conduct a "small subgroup attack" to force the use of weak session keys or obtain sensitive information about the private key.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-0445 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an improper check of "privileges of the code" that bypasses the sandbox.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-0446 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-0450 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper checks of "access control context" in the JMX RequiredModelMBean class.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-0809 HIGH

Unspecified vulnerability in the 2D component in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1473 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-1475 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-1476 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass Java sandbox restrictions via "certain value handler constructors."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-1478 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" that can trigger an integer overflow and memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-1479 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.0.3
oracle jre 1.6.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
CVE-2013-1480 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
oracle jre 1.7.0
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.7.0
oracle jdk 1.4.2_38
CVE-2013-1481 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.4.2_11
sun jdk 1.4.2_35
sun jre 1.4.2_22
sun jre 1.4.2_27
sun jdk 1.4.2_8
sun jre 1.4.2_31
sun jdk 1.4.2_3
sun jdk 1.4.2_23
sun jre 1.4.2_1
sun jre 1.4.2_16
sun jdk 1.4.2_1
sun jre 1.4.2_35
sun jdk 1.6.0
sun jre 1.4.2_19
sun jdk 1.4.2_6
sun jre 1.4.2_17
sun jre 1.4.2_6
sun jre 1.4.2_13
sun jdk 1.4.2_5
oracle jdk 1.5.0
sun jdk 1.4.2_10
sun jre 1.4.2_4
oracle jre 1.4.2_38
sun jdk 1.4.2_31
sun jre 1.4.2_7
sun jre 1.4.2_25
sun jre 1.4.2_11
sun jre 1.4.2_34
sun jre 1.4.2_3
sun jre 1.4.2_20
sun jre 1.4.2_21
sun jre 1.4.2_36
sun jdk 1.4.2_27
sun jre 1.6.0
sun jdk 1.4.2_19
sun jre 1.4.2_15
sun jre 1.4.2_9
sun jdk 1.4.2_25
sun jdk 1.5.0
sun jre 1.4.2
sun jre 1.4.2_33
sun jdk 1.4.2_9
oracle jre *
sun jre 1.4.2_26
sun jre 1.4.2_30
sun jdk 1.4.2_33
sun jdk 1.4.2_16
sun jre 1.5.0
sun jdk 1.4.2_15
sun jre 1.4.2_5
sun jre 1.4.2_12
sun jdk 1.4.2
sun jdk 1.4.2_7
sun jdk 1.4.2_2
sun jdk 1.4.2_32
sun jdk 1.4.2_17
oracle jre 1.5.0
sun jre 1.4.2_32
sun jdk 1.4.2_12
sun jre 1.4.2_28
sun jdk 1.4.2_18
sun jdk 1.4.2_22
sun jdk 1.4.2_30
sun jre 1.4.2_23
sun jre 1.4.2_37
sun jdk 1.4.2_4
sun jdk 1.4.2_34
sun jre 1.4.2_8
sun jdk 1.4.2_13
sun jdk 1.4.2_26
sun jdk 1.4.2_37
oracle jdk 1.6.0
sun jdk 1.4.2_14
sun jdk 1.4.2_36
sun jre 1.4.2_29
sun jre 1.4.2_24
sun jre 1.4.2_2
sun jre 1.4.2_14
oracle jdk *
sun jre 1.4.2_10
sun jdk 1.4.2_28
oracle jre 1.6.0
sun jre 1.4.2_18
sun jdk 1.4.2_29
oracle jdk 1.4.2_38
CVE-2013-1486 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
sun jre 1.5.0
oracle jre 1.7.0
CVE-2013-1487 HIGH

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-1493 HIGH

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1494 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-1496 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2013-1498 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2013-1499 LOW

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-1500 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1507 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2013-1518 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1530 LOW

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-1537 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to the default java.rmi.server.useCodebaseOnly setting of false, which allows remote attackers to perform "dynamic class downloading" and execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1540 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-1557 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "missing security restrictions" in the LogStream.setDefaultStream method.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1558 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-1563 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
CVE-2013-1569 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "checking of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-1571 MEDIUM

Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Javadoc. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to frame injection in HTML that is generated by Javadoc.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.2.7
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
sun jre 1.5.0
CVE-2013-2383 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "handling of [a] glyph table" in the International Components for Unicode (ICU) Layout Engine before 51.2.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2384 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font layout" in the International Components for Unicode (ICU) Layout Engine before 51.2.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2394 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
sun jre 1.5.0
CVE-2013-2407 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2412 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serviceability. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient indication of an SSL connection failure by JConsole, related to RMI connection dialog box.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2417 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to an information leak involving InetAddress serialization. CVE has not investigated the apparent discrepancy between vendor reports regarding the impact of this issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2418 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2419 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2420 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to insufficient "validation of images" in share/native/sun/awt/image/awt_ImageRep.c, possibly involving offsets.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2422 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper method-invocation restrictions by the MethodUtil trampoline class, which allows remote attackers to bypass the Java sandbox.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2424 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient class access checks" when "creating new instances" using MBeanInstantiator.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2429 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageWriter state corruption" when using native code, which triggers memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2430 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "JPEGImageReader state corruption" when using native code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
sun jre 1.5.0
CVE-2013-2432 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
sun jre 1.5.0
CVE-2013-2433 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2435 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2437 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2439 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
sun jre 1.5.0
CVE-2013-2440 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2442 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2443 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect "checking order" within the AccessControlContext class.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2444 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not "properly manage and restrict certain resources related to the processing of fonts," possibly involving temporary files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle javafx 2.2.4
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2
oracle javafx 2.2.7
oracle javafx 2.0.3
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle javafx *
oracle jdk 1.7.0
oracle javafx 2.0
sun jre 1.5.0
CVE-2013-2445 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Hotspot. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "handling of memory allocation errors."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2446 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly enforce access restrictions for CORBA output streams.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2447 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to obtain a socket's local address via vectors involving inconsistencies between Socket.getLocalAddress and InetAddress.getLocalHost.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2448 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to insufficient "access restrictions" and "robustness of sound classes."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2450 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper handling of circular references in ObjectStreamClass.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2451 LOW

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2452 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "network address handling in virtual machine identifiers" and the lack of "unique and unpredictable IDs" in the java.rmi.dgc.VMID class.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2453 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for "package access" by the MBeanServer Introspector.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2454 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via vectors related to JDBC. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue does not properly restrict access to certain class packages in the SerialJavaObject class, which allows remote attackers to bypass the Java sandbox.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2455 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2443 and CVE-2013-2452. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect access checks by the (1) getEnclosingClass, (2) getEnclosingMethod, and (3) getEnclosingConstructor methods.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2456 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Serialization. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper access checks for subclasses in the ObjectOutputStream class.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2457 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect implementation of "certain class checks" that allows remote attackers to bypass intended class restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2459 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "integer overflow checks."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2461 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass verification of XML signatures via vectors related to a "Missing check for [a] valid DOMCanonicalizationMethod canonicalization algorithm."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jrockit *
oracle openjdk 1.7.0
oracle jdk 1.6.0
oracle jre 1.7.0
CVE-2013-2463 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2464 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2465 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,CWE-693,

Products Affected

Vendor Product Version
suse linux_enterprise_java 10
suse linux_enterprise_software_development_kit 11
suse linux_enterprise_desktop 10
oracle jre 1.5.0
oracle jre 1.6.0
sun jre 1.6.0
suse linux_enterprise_server 11
sun jre 1.5.0
oracle jre 1.7.0
suse linux_enterprise_server 10
suse linux_enterprise_java 11
CVE-2013-2466 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2467 MEDIUM

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jdk 1.5.0
sun jre 1.5.0
CVE-2013-2468 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-2469 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image layout verification" in 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2470 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2471 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect IntegerComponentRaster size checks."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2472 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-2473 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-3743 HIGH

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.6.0
sun jre 1.6.0
sun jre 1.5.0
CVE-2013-3745 LOW

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2013-3748 HIGH

Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Driver/IDM (iSCSI Data Mover).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-3750 HIGH

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-3752 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect integrity via vectors related to Service Management Facility (SMF).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-3753 HIGH

Unspecified vulnerability in Oracle Solaris 11 allows remote attackers to affect availability via vectors related to Kernel/STREAMS framework.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-3757 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
sun sunos 5.8
CVE-2013-3765 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Kernel/VM.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-3786 MEDIUM

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
CVE-2013-3787 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2013-3797 MEDIUM

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2013-3799 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11, when running on AMD64, allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2013-3813 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality and integrity via vectors related to Libraries/PAM-Unix.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-3829 MEDIUM

Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-3837 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2013-3842 LOW

Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-5772 LOW

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5774 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5776 MEDIUM

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5778 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5780 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle jdk 1.7.0
sun jre 1.5.0
oracle jrockit r28.1.1
CVE-2013-5782 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle jdk 1.7.0
sun jre 1.5.0
oracle jrockit r28.1.1
CVE-2013-5783 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5784 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPTING.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5787 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5789, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5789 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5790 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5797 LOW

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle javafx 2.2.4
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle javafx 2.2
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle javafx 2.0
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle javafx 2.2.3
oracle javafx 2.0.2
oracle javafx 2.2.5
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle javafx 2.1
oracle javafx 2.2.7
oracle javafx 2.0.3
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle javafx *
oracle jdk 1.7.0
sun jre 1.5.0
oracle jrockit r28.1.1
oracle javafx 2.2.21
CVE-2013-5801 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5802 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle jdk 1.7.0
sun jre 1.5.0
oracle jrockit r28.1.1
CVE-2013-5803 LOW

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle jdk 1.7.0
sun jre 1.5.0
oracle jrockit r28.1.1
CVE-2013-5804 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
sun jre 1.5.0
oracle jrockit r28.1.1
CVE-2013-5809 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-5829.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5812 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5814 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5817 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5818 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5819 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5831.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5820 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to JAX-WS.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5821 MEDIUM

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
oracle sunos 5.11.1
sun sunos 5.8
CVE-2013-5823 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle jdk 1.7.0
oracle jrockit r28.1.1
CVE-2013-5824 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5825 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jrockit r28.0.0
oracle jrockit r28.0.2
oracle jrockit r28.2.5
oracle jrockit r28.2.3
oracle jrockit r27.7.3
sun jdk 1.6.0
oracle jrockit r27.7.4
oracle jrockit r27.7.5
oracle jrockit r28.1.5
oracle jrockit r28.1.4
oracle jrockit r27.7.2
oracle jre 1.5.0
oracle jdk 1.5.0
oracle jrockit r28.2.2
oracle jrockit r28.0.1
oracle jrockit r28.1.0
oracle jrockit r27.7.1
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
oracle jrockit *
sun jdk 1.5.0
oracle jrockit r28.1.3
oracle jrockit r28.2.6
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jrockit r28.2.4
oracle jdk 1.7.0
sun jre 1.5.0
oracle jrockit r28.1.1
CVE-2013-5831 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5818 and CVE-2013-5819.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5832 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5833 MEDIUM

Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users to affect availability via unknown vectors related to Filesystem.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.8
CVE-2013-5834 MEDIUM

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2013-5839 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2013-5840 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5849 MEDIUM

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5850 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-5842.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
oracle jdk 1.6.0
sun jre 1.6.0
oracle jre 1.7.0
sun jdk 1.6.0
sun jdk 1.5.0
oracle jre *
oracle jdk *
oracle jre 1.5.0
oracle jre 1.6.0
oracle jdk 1.5.0
oracle jdk 1.7.0
sun jre 1.5.0
CVE-2013-5852 HIGH

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun jdk 1.6.0
oracle jre *
oracle jdk *
oracle jre 1.6.0
oracle jdk 1.6.0
sun jre 1.6.0
oracle jdk 1.7.0
oracle jre 1.7.0
CVE-2013-5862 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2013-5864 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2013-5872 LOW

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2013-5876 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2013-5883 LOW

Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.8
CVE-2014-0390 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2014-0421 MEDIUM

Unspecified vulnerability in Oracle Solaris 10, when running on the SPARC64-X Platform, allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2014-0442 MEDIUM

Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
sun sunos 5.11
oracle sunos 5.11.1
CVE-2014-0447 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2014-4215 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
oracle sunos 5.11.1
CVE-2014-4224 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
oracle sunos 5.11.1
sun sunos 5.8
CVE-2014-4225 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2014-4239 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.9
sun sunos 5.10
oracle sunos 5.11.1
sun sunos 5.8
CVE-2014-4275 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-4276 HIGH

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-4277 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-4280 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-4282 HIGH

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-4283 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-4284 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6470 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6473 HIGH

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2014-6481 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2014-6490 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6497 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6501 LOW

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6508 HIGH

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2014-6509 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2014-6510 HIGH

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6518 MEDIUM

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2014-6521 HIGH

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2014-6524 HIGH

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
CVE-2014-6529 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6570 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2014-6575 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2014-6600 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2015-0375 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2015-0397 LOW

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.11
CVE-2015-0428 MEDIUM

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2015-0429 LOW

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2015-0430 LOW

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun sunos 5.10
sun sunos 5.11
CVE-2015-0718 HIGH

Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco unified_computing_system 2.1_1a
cisco unified_computing_system 2.1_1e
cisco unified_computing_system 2.0_1x
cisco unified_computing_system 1.4_1m
cisco unified_computing_system 2.2_2d
cisco unified_computing_system 1.4_4k
cisco unified_computing_system 2.2_1d
cisco unified_computing_system 2.2_2e
cisco unified_computing_system 1.4_1j
cisco unified_computing_system 1.4_4j
cisco unified_computing_system 1.4_3l
cisco unified_computing_system 2.0_1t
cisco unified_computing_system 2.1_1d
cisco unified_computing_system 1.4_3m
cisco unified_computing_system 2.2_1c
cisco unified_computing_system 2.0_2r
cisco unified_computing_system 1.4_4f
cisco unified_computing_system 1.4_4i
cisco unified_computing_system 2.2_1b
cisco unified_computing_system 1.4_3u
cisco unified_computing_system 1.4_1i
cisco unified_computing_system 2.0_5f
cisco unified_computing_system 2.1_3b
cisco unified_computing_system 2.1_3c
cisco unified_computing_system 1.5_base
cisco unified_computing_system 2.1_3d
cisco unified_computing_system 2.0_1q
cisco unified_computing_system 2.0_1s
cisco unified_computing_system 1.4_3y
cisco unified_computing_system 2.0_3a
zyxel gs1900-10hp_firmware *
cisco unified_computing_system 1.4_3i
cisco unified_computing_system 2.1_1f
cisco unified_computing_system 1.4_3q
netgear jr6150_firmware *
cisco unified_computing_system 2.0_5b
cisco unified_computing_system 2.0_3c
cisco unified_computing_system 2.2_1e
cisco unified_computing_system 1.4_4l
cisco unified_computing_system 1.6_base
cisco unified_computing_system 2.0_4d
cisco unified_computing_system 2.1_3e
cisco unified_computing_system 2.1_2a
cisco unified_computing_system 2.0_5d
sun opensolaris snv_124
cisco nx-os base
cisco unified_computing_system 2.0_2m
cisco unified_computing_system 2.0_3b
samsung x14j_firmware t-ms14jakucb-1102.5
cisco unified_computing_system 2.0_1w
cisco unified_computing_system 2.0_5a
cisco unified_computing_system 1.4_3s
cisco unified_computing_system 2.2_2c
zzinc keymouse_firmware 3.08
cisco unified_computing_system 2.1_2d
cisco unified_computing_system 2.1_3f
cisco unified_computing_system 2.1_1b
cisco unified_computing_system 2.0_5e
cisco unified_computing_system 1.4_4g
cisco unified_computing_system 2.1_2c
cisco unified_computing_system 2.1_3a
cisco unified_computing_system 2.0_2q
cisco unified_computing_system 2.0_5c
cisco unified_computing_system 2.0_4a
cisco unified_computing_system 2.0_4b
CVE-2015-6313 HIGH

Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
sun opensolaris snv_124
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
CVE-2015-6319 HIGH

SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
cisco rv_series_router_firmware 1.0.1.9
cisco rv_series_router_firmware 1.0.3.10
cisco rv_series_router_firmware 1.0.4.14
cisco rv_series_router_firmware 1.0.0.2
cisco rv_series_router_firmware 1.0.5.8
cisco rv_series_router_firmware 1.0.5.6
cisco rv_series_router_firmware 1.0.6.6
cisco rv_series_router_firmware 1.0.4.10
sun opensolaris snv_124
cisco rv_series_router_firmware 1.1.0.9
cisco rv_series_router_firmware 1.0.0.30
cisco rv_series_router_firmware 1.0.2.6
cisco rv_series_router_firmware 1.2.0.2
CVE-2016-1290 MEDIUM

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
cisco prime_infrastructure 1.4.2
cisco evolved_programmable_network_manager 1.2.0
cisco prime_infrastructure 2.2
cisco prime_infrastructure 1.2.1
cisco prime_infrastructure 1.4
cisco prime_infrastructure 1.2.0.103
cisco prime_infrastructure 2.1.0
cisco prime_infrastructure 1.3
cisco prime_infrastructure 1.4.1
cisco prime_infrastructure 1.2
sun opensolaris snv_124
cisco prime_infrastructure 1.3.0.20
cisco prime_infrastructure 2.0
cisco prime_infrastructure 1.4.0.45
CVE-2016-1291 HIGH

Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allow remote attackers to execute arbitrary code via crafted deserialized data in an HTTP POST request, aka Bug ID CSCuw03192.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cisco prime_infrastructure 1.4.2
cisco evolved_programmable_network_manager 1.2.0
cisco prime_infrastructure 2.2
cisco prime_infrastructure 1.2.1
cisco prime_infrastructure 1.4
cisco prime_infrastructure 1.2.0.103
cisco prime_infrastructure 2.1.0
cisco prime_infrastructure 1.3
cisco prime_infrastructure 1.4.1
cisco prime_infrastructure 1.2
sun opensolaris snv_124
cisco prime_infrastructure 1.3.0.20
cisco prime_infrastructure 2.0
cisco prime_infrastructure 1.4.0.45
CVE-2016-1302 HIGH

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,

Products Affected

Vendor Product Version
samsung x14j_firmware t-ms14jakucb-1102.5
sun opensolaris snv_124
zzinc keymouse_firmware 3.08
cisco nx-os base
zyxel gs1900-10hp_firmware *
CVE-2016-1306 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun opensolaris snv_124
CVE-2016-1310 MEDIUM

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun opensolaris snv_124
CVE-2016-1314 LOW

Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun opensolaris snv_124
CVE-2016-1319 MEDIUM

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
samsung x14j_firmware t-ms14jakucb-1102.5
sun opensolaris snv_124
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
CVE-2016-1329 HIGH

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
samsung x14j_firmware t-ms14jakucb-1102.5
sun opensolaris snv_124
zzinc keymouse_firmware 3.08
zyxel gs1900-10hp_firmware *
CVE-2016-1331 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sun opensolaris snv_124
CVE-2016-1344 HIGH

The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.9s_3.9.0as
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.3xo_3.3.1xo
cisco ios_xe 3.4s_3.4.6s
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.3s_3.3.2s
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.3sg_3.3.1sg
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.4sg_3.4.7sg
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.4s_3.4.0as
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.3s_3.3.1s
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.7e_3.7.3e
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.5e_3.5.1e
lenovo thinkcentre_e75s_firmware *
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.4sg_3.4.6sg
cisco ios_xe 3.3sg_3.3.2sg
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.9s_3.9.1s
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.14s_3.14.1s
zzinc keymouse_firmware 3.08
cisco ios_xe 3.7s_3.7.3s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.4s_3.4.3s
cisco ios_xe 3.8e_3.8.1e
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.3sg_3.3.0sg
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.4s_3.4.1s
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.15s_3.15.1cs
cisco ios_xe 3.17s_3.17.0s
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.4s_3.4.4s
cisco ios_xe 3.4s_3.4.2s
cisco ios_xe 3.4s_3.4.5s
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.16s_3.16.0s
cisco ios_xe 3.16s_3.16.1as
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.4s_3.4.0s
cisco ios_xe 3.14s_3.14.2s
netgear jr6150_firmware *
cisco ios_xe 3.9s_3.9.0s
cisco ios_xe 3.13s_3.13.4s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.3s_3.3.0s
cisco ios_xe 3.7s_3.7.7s
sun opensolaris snv_124
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.12s_3.12.2s
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.16s_3.16.1s
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.8s_3.8.0s
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.10s_3.10.4s
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.13s_3.13.2as
CVE-2016-1348 HIGH

Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.9s_3.9.0as
cisco ios_xe 3.12s_3.12.3s
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.3xo_3.3.1xo
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.9s_3.9.1as
cisco ios_xe 3.7s_3.7.5s
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.15s_3.15.0s
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.6s_3.6.1s
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.6s_3.6.2s
cisco ios_xe 3.7s_3.7.0s
cisco ios_xe 3.15s_3.15.2s
cisco ios_xe 3.13s_3.13.0as
cisco ios_xe 3.5s_3.5.2s
cisco ios_xe 3.10s_3.10.3s
cisco ios_xe 3.15s_3.15.1cs
cisco ios_xe 3.7s_3.7.4as
cisco ios_xe 3.7s_3.7.6s
cisco ios_xe 3.13s_3.13.2s
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.7e_3.7.0e
cisco ios_xe 3.7s_3.7.2ts
cisco ios_xe 3.16s_3.16.0cs
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.12s_3.12.4s
cisco ios_xe 3.7s_3.7.1s
cisco ios_xe 3.7s_3.7.2s
cisco ios_xe 3.5s_3.5.1s
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.16s_3.16.0s
cisco ios_xe 3.6e_3.6.3e
cisco ios_xe 3.16s_3.16.1as
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.14s_3.14.2s
netgear jr6150_firmware *
cisco ios_xe 3.12s_3.12.0s
cisco ios_xe 3.12s_3.12.1s
cisco ios_xe 3.9s_3.9.0s
cisco ios_xe 3.13s_3.13.4s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.5s_3.5.0s
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.8s_3.8.2s
cisco ios_xe 3.13s_3.13.3s
cisco ios_xe 3.5e_3.5.1e
cisco ios_xe 3.7s_3.7.7s
cisco ios_xe 3.11s_3.11.0s
sun opensolaris snv_124
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.9s_3.9.1s
cisco ios_xe 3.12s_3.12.2s
cisco ios_xe 3.8e_3.8.0e
cisco ios_xe 3.16s_3.16.1s
cisco ios_xe 3.3xo_3.3.2xo
cisco ios_xe 3.14s_3.14.1s
samsung x14j_firmware t-ms14jakucb-1102.5
zzinc keymouse_firmware 3.08
cisco ios_xe 3.8s_3.8.0s
cisco ios_xe 3.9s_3.9.2s
cisco ios_xe 3.8s_3.8.1s
cisco ios_xe 3.7s_3.7.3s
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.14s_3.14.3s
cisco ios_xe 3.10s_3.10.4s
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.6s_3.6.0s
cisco ios_xe 3.7s_3.7.4s
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.13s_3.13.2as
CVE-2016-1349 HIGH

The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.4sg_3.4.4sg
cisco ios_xe 3.2se_3.2.0se
cisco ios_xe 3.2se_3.2.3se
cisco ios_xe 3.3xo_3.3.1xo
netgear jr6150_firmware *
cisco ios_xe 3.4sg_3.4.5sg
cisco ios_xe 3.3se_3.3.5se
cisco ios_xe 3.7e_3.7.1e
cisco ios_xe 3.7e_3.7.2e
cisco ios_xe 3.6e_3.6.1e
cisco ios_xe 3.2se_3.2.2se
cisco ios_xe 3.5e_3.5.1e
sun opensolaris snv_124
cisco ios_xe 3.4sg_3.4.6sg
cisco ios_xe 3.4sg_3.4.3sg
cisco ios_xe 3.5e_3.5.2e
cisco ios_xe 3.4sg_3.4.2sg
cisco ios_xe 3.2ja_3.2.0ja
cisco ios_xe 3.2se_3.2.1se
cisco ios_xe 3.3xo_3.3.2xo
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.5e_3.5.0e
cisco ios_xe 3.7e_3.7.0e
intel core_i5-9400f_firmware -
zzinc keymouse_firmware 3.08
cisco ios_xe 3.4sg_3.4.0sg
cisco ios_xe 3.4sg_3.4.1sg
cisco ios_xe 3.6e_3.6.0e
cisco ios_xe 3.3se_3.3.0se
cisco ios_xe 3.6e_3.6.2ae
cisco ios_xe 3.5e_3.5.3e
cisco ios_xe 3.3xo_3.3.0xo
cisco ios_xe 3.6e_3.6.2e
cisco ios_xe 3.3se_3.3.1se
cisco ios_xe 3.3se_3.3.2se
cisco ios_xe 3.3se_3.3.3se
zyxel gs1900-10hp_firmware *
cisco ios_xe 3.3se_3.3.4se
CVE-2016-1350 HIGH

Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
cisco ios_xe 3.9.0s
cisco ios_xe 3.9.1s
cisco ios_xe 3.9.1as
cisco ios_xe 3.9.2s
cisco ios_xe 3.8.0s
samsung x14j_firmware t-ms14jakucb-1102.5
cisco ios_xe 3.8.1s
zzinc keymouse_firmware 3.08
cisco ios_xe 3.10.2s
cisco ios_xe 3.10.0s
cisco ios_xe 3.10.1s
cisco ios_xe 3.11.0s
cisco ios_xe 3.8.2s
cisco ios_xe 3.10.1xbs
cisco ios_xe 3.9.0as
lenovo thinkcentre_e75s_firmware *
sun opensolaris snv_124
zyxel gs1900-10hp_firmware *
CVE-2020-10508 MEDIUM

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
twcert@cert.org.tw 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
sun ehrd 9
sun ehrd 8
CVE-2020-10509 MEDIUM

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7
twcert@cert.org.tw 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
sun ehrd 9.0
sun ehrd 8.0
CVE-2020-10510 MEDIUM

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
twcert@cert.org.tw 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
sun ehrd 9
sun ehrd 8
CVE-2021-43358 HIGH

Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
twcert@cert.org.tw 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sun ehrd 9
sun ehrd 8
CVE-2021-43359 HIGH

Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-732,NVD-CWE-Other,

Products Affected

Vendor Product Version
sun ehrd 9
sun ehrd 8
CVE-2021-43360 HIGH

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
sun ehrd 9
sun ehrd 8