Search Results (221 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-1083 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters."
CVE-2009-1102 2 Redhat, Sun 3 Enterprise Linux, Rhel Extras, Java 2026-04-23 N/A
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
CVE-2008-5549 1 Sun 1 Java System Portal Server 2026-04-23 N/A
Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."
CVE-2003-1516 1 Sun 1 Java Plug-in 2026-04-16 N/A
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
CVE-2005-1150 1 Sun 1 Java System Web Server 2026-04-16 N/A
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).
CVE-2006-0531 1 Sun 1 Java System Access Manager 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool.
CVE-2004-2216 1 Sun 2 Java System Application Server, Java System Web Server 2026-04-16 N/A
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
CVE-2006-0647 1 Sun 1 Java System Directory Server 2026-04-16 N/A
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.
CVE-2006-3127 1 Sun 2 Java Enterprise System, Java System Directory Server 2026-04-16 N/A
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.
CVE-2005-4804 1 Sun 1 Java System Application Server 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
CVE-1999-0440 2 Netscape, Sun 3 Communicator, Navigator, Java 2026-04-16 N/A
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVE-2005-4805 1 Sun 1 Java System Application Server 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.
CVE-2003-1521 1 Sun 1 Java Plug-in 2026-04-16 N/A
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
CVE-2006-3921 1 Sun 2 Java System Application Server, Java System Web Server 2026-04-16 N/A
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
CVE-2005-0742 1 Sun 1 Java System Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2002-0076 3 Hp, Microsoft, Sun 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more 2026-04-16 N/A
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
CVE-2006-4302 1 Sun 2 J2se, Java Web Start 2026-04-16 N/A
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.
CVE-2006-4353 1 Sun 1 Java System Content Delivery Server 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors.
CVE-2004-1170 3 Gnu, Sun, Suse 3 A2ps, Java Desktop System, Suse Linux 2026-04-16 N/A
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVE-2001-0404 1 Sun 1 Javaserver Web Dev Kit 2026-04-16 N/A
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.