CVSS: 9.8EPSS: 3%CPEs: 238EXPL: 0CVE-2010-0839 – JDK multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0839
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Sound en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 10%CPEs: 133EXPL: 0CVE-2010-0841 – Sun Java Runtime Environment JPEGImageReader stepX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0841
01 Apr 2010 — Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contain... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 91%CPEs: 238EXPL: 1CVE-2010-0842 – Sun Java Runtime Environment MixerSequencer Invalid Array Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0842
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer... • https://www.exploit-db.com/exploits/18485 •
CVSS: 10.0EPSS: 10%CPEs: 8EXPL: 0CVE-2010-0843 – Sun Java Runtime Environment XNewPtr Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0843
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound librarie... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 6%CPEs: 238EXPL: 0CVE-2010-0844 – Sun Java Runtime Environment MIDI File metaEvent Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0844
01 Apr 2010 — Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is for improper parsing of a crafted MIDI stream when creating a MixerSequencer object, which causes a pointer to be corrupted and ... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 10%CPEs: 238EXPL: 0CVE-2010-0846 – Sun Java Runtime Environment JPEGImageEncoderImpl Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0846
01 Apr 2010 — Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and in... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 8.8EPSS: 5%CPEs: 240EXPL: 0CVE-2010-0847 – OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)
https://notcve.org/view.php?id=CVE-2010-0847
01 Apr 2010 — Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows arbitrary code execution via a crafted image. Vulnerabilidad no especificada en el co... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 9.8EPSS: 3%CPEs: 238EXPL: 0CVE-2010-0848 – OpenJDK AWT Library Invalid Index Vulnerability (6914823)
https://notcve.org/view.php?id=CVE-2010-0848
01 Apr 2010 — Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Java 2D en Oracle Java SE y Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25 y 1.3.1_27 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad mediante vectores no desconocidos. • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 10.0EPSS: 6%CPEs: 240EXPL: 0CVE-2010-0849 – Sun Java Runtime Environment JPEGImageDecoderImpl Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0849
01 Apr 2010 — Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via... • http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751 •
CVSS: 9.3EPSS: 14%CPEs: 339EXPL: 0CVE-2009-3868 – java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)
https://notcve.org/view.php?id=CVE-2009-3868
05 Nov 2009 — Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 no analiza adecuadamente el perfil color, lo que pe... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •