Search Results (221 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5117 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Open redirect vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2008-5118 1 Sun 1 Java System Identity Manager 2026-04-23 N/A
Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "frame injection."
CVE-2008-5422 3 Novell, Redhat, Sun 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more 2026-04-23 N/A
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.
CVE-2005-1754 2 Apache Tomcat, Sun 2 Apache Tomcat, Javamail 2026-04-16 N/A
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2004-0802 9 Conectiva, Enlightenment, Imagemagick and 6 more 16 Linux, Imlib, Imlib2 and 13 more 2026-04-16 N/A
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVE-2006-4353 1 Sun 1 Java System Content Delivery Server 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors.
CVE-2005-2530 1 Sun 1 Java 2026-04-16 N/A
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
CVE-2005-1889 1 Sun 1 Java System Web Server 2026-04-16 N/A
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
CVE-2005-0742 1 Sun 1 Java System Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-1232 1 Sun 1 Java System Web Proxy Server 2026-04-16 N/A
Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2006-1830 1 Sun 1 Java Studio Enterprise 2026-04-16 N/A
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
CVE-2001-0404 1 Sun 1 Javaserver Web Dev Kit 2026-04-16 N/A
Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory.
CVE-1999-0440 2 Netscape, Sun 3 Communicator, Navigator, Java 2026-04-16 N/A
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVE-2005-1753 1 Sun 1 Javamail 2026-04-16 N/A
ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2001-1008 1 Sun 2 Java Plug-in, Jre 2026-04-16 N/A
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
CVE-1999-0142 2 Netscape, Sun 2 Navigator, Java 2026-04-16 N/A
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
CVE-2005-3472 1 Sun 1 Java System Communications Express 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
CVE-2006-2501 1 Sun 4 Java System Application Server, Java System Web Server, One Application Server and 1 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.
CVE-2002-0076 3 Hp, Microsoft, Sun 5 Java Jre-jdk, Virtual Machine, Jdk and 2 more 2026-04-16 N/A
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
CVE-2006-4302 1 Sun 2 J2se, Java Web Start 2026-04-16 N/A
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.