CVSS: 10.0EPSS: 52%CPEs: 238EXPL: 0CVE-2010-0844 – Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0844
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and ... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 15%CPEs: 8EXPL: 0CVE-2010-0843 – Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0843
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound librarie... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 6%CPEs: 133EXPL: 0CVE-2010-0095 – Sun Java Runtime Environment Mutable InetAddress Socket Policy Violation Vulnerability
https://notcve.org/view.php?id=CVE-2010-0095
01 Apr 2010 — Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23 y 1.4.2_25 permite a atacantes remotos afectar a la confidencialidad, integrida... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 9.8EPSS: 3%CPEs: 238EXPL: 0CVE-2010-0088 – OpenJDK Inflater/Deflater clone issues (6745393)
https://notcve.org/view.php?id=CVE-2010-0088
01 Apr 2010 — Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085. Vulnerabilidad no especificada en el componente Java Runtime Environment en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidenc... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 95%CPEs: 238EXPL: 1CVE-2010-0842 – Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0842
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer... • https://www.exploit-db.com/exploits/18485 •
CVSS: 9.8EPSS: 3%CPEs: 238EXPL: 0CVE-2010-0848 – OpenJDK AWT Library Invalid Index Vulnerability (6914823)
https://notcve.org/view.php?id=CVE-2010-0848
01 Apr 2010 — Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java 2D en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 15%CPEs: 133EXPL: 0CVE-2010-0841 – Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0841
01 Apr 2010 — Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contain... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0079
https://notcve.org/view.php?id=CVE-2010-0079
13 Jan 2010 — Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. Múltiples vulnerabilidades en el componente JRockit en BEA Product Suite R27.6.5 utilizado con JRE/JDK v1.4.2, v5, ... • http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html •
CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0CVE-2009-3729 – JRE TrueType font parsing crash (6815780)
https://notcve.org/view.php?id=CVE-2009-3729
09 Nov 2009 — Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service (application crash) via a certain test suite, aka Bug Id 6815780. Vulnerabilidad no especificada en la funcionalidad de análisis sintáctico de fuentes TrueType en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de ... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •
CVSS: 7.5EPSS: 1%CPEs: 39EXPL: 0CVE-2009-3885
https://notcve.org/view.php?id=CVE-2009-3885
09 Nov 2009 — Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445. Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17 en Windows permite a atacantes remotos provocar una denegación de servicio a través de un fichero .BMP que contenga un enlace a un path compartido ... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •