All the vulnerabilites related to Sun Microsystems, Inc. - SDK
jvndb-2005-000707
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Fujitsu Java Runtime Environment reflection API vulnerability
Details
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.
This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000707.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.\r\n\r\nThis problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu\u0027s product is modified based on this product and is reported to contain a similar vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000707.html", "sec:cpe": [ { "#text": "cpe:/a:ibm:java_sdk", "@product": "IBM SDK, Java", "@vendor": "IBM Corporation", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000707", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN15972537/index.html", "@id": "JVN#15972537", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3906", "@id": "CVE-2005-3906", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3906", "@id": "CVE-2005-3906", "@source": "NVD" }, { "#text": "http://www.kb.cert.org/vuls/id/974188", "@id": "VU#974188", "@source": "CERT-VN" }, { "#text": "http://secunia.com/advisories/17748/", "@id": "SA17748", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/15615", "@id": "15615", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2005/2636", "@id": "FrSIRT/ADV-2005-2636", "@source": "FRSIRT" } ], "title": "Fujitsu Java Runtime Environment reflection API vulnerability" }
jvndb-2008-000016
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-10-09 13:35
Summary
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Details
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html", "dc:date": "2008-10-09T13:35+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-10-09T13:35+09:00", "description": "The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.\r\n\r\nThe Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux Extras", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_desktop_supplementary", "@product": "RHEL Desktop Supplementary", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_supplementary", "@product": "RHEL Supplementary", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" } ], "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-000016", "sec:references": [ { "#text": "http://jvn.jp/cert/JVNTA08-066A/index.html", "@id": "JVNTA08-066A", "@source": "JVN" }, { "#text": "http://jvn.jp/en/jp/JVN04032535/index.html", "@id": "JVN#04032535", "@source": "JVN" }, { "#text": "http://jvn.jp/tr/TRTA08-066A/index.html", "@id": "TRTA08-066A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187", "@id": "CVE-2008-1187", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187", "@id": "CVE-2008-1187", "@source": "NVD" }, { "#text": "http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.html", "@id": "Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations", "@source": "IPA SECURITY ALERTS" }, { "#text": "https://www.us-cert.gov/cas/alerts/SA08-066A.html", "@id": "SA08-066A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html", "@id": "TA08-066A", "@source": "CERT-TA" }, { "#text": "http://secunia.com/advisories/29273", "@id": "SA29273", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/28083", "@id": "28083", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/41025", "@id": "41025", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1019548", "@id": "1019548", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2008/0770", "@id": "FrSIRT/ADV-2008-0770", "@source": "FRSIRT" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html", "@id": "JVNDB-2008-000016", "@source": "JVNDB_Ja" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations" }
jvndb-2005-000706
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Fujitsu Java Runtime Environment reflection API vulnerability
Details
A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.
This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is modified based on this product and is reported to contain a similar vulnerability.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000706.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions.\r\n\r\nThis problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu\u0027s product is modified based on this product and is reported to contain a similar vulnerability.", "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000706.html", "sec:cpe": [ { "#text": "cpe:/a:ibm:java_sdk", "@product": "IBM SDK, Java", "@vendor": "IBM Corporation", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2005-000706", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN15972537/index.html", "@id": "JVN#15972537", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3905", "@id": "CVE-2005-3905", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3905", "@id": "CVE-2005-3905", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/17748/", "@id": "SA17748", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/15615", "@id": "15615", "@source": "BID" }, { "#text": "http://www.frsirt.com/english/advisories/2005/2636", "@id": "FrSIRT/ADV-2005-2636", "@source": "FRSIRT" } ], "title": "Fujitsu Java Runtime Environment reflection API vulnerability" }
jvndb-2007-000329
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-06-06 16:22
Summary
Java Web Start vulnerable to execution of unauthorized system classes
Details
Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.
Java Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html", "dc:date": "2008-06-06T16:22+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-06-06T16:22+09:00", "description": "Java Web Start, included in the JRE (Java Runtime Environment) from Sun Microsystems and other products, contains a vulnerability allowing unauthorized execution of system classes.\r\n\r\nJava Web Start, included in the JRE (Java Runtime Environment) and other products, is a tool for distributing Java applications over the web. A vulnerability exists in an implementation of Java Web Start which may allow Java Web Start Application including a malformed JAR file to execute an unauthorized system class.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000329.html", "sec:cpe": [ { "#text": "cpe:/a:allied_telesis_k.k.:ssl_vpn-plus", "@product": "SSL VPN-Plus", "@vendor": "Allied Telesis", "@version": "2.2" }, { "#text": "cpe:/a:allied_telesis_k.k.:swimradius", "@product": "SwimRadius", "@vendor": "Allied Telesis", "@version": "2.2" }, { "#text": "cpe:/a:bea:jrockit", "@product": "BEA JRockit", "@vendor": "BEA Systems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:nec:tw703000", "@product": "TW703000", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:nec:websam_deploymentmanager", "@product": "WebSAM DeploymentManager", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/a:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux Extras", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_desktop_supplementary", "@product": "RHEL Desktop Supplementary", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_supplementary", "@product": "RHEL Supplementary", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000329", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN44724673/index.html", "@id": "JVN#44724673", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2435", "@id": "CVE-2007-2435", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2435", "@id": "CVE-2007-2435", "@source": "NVD" }, { "#text": "http://www.jpcert.or.jp/wr/2007/wr071701.txt", "@id": "JPCERT-WR-2007-1701", "@source": "JPCERT-WR" }, { "#text": "http://secunia.com/advisories/25069/", "@id": "SA25069", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/23728", "@id": "23728", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/33984", "@id": "33984", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1017986", "@id": "1017986", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1598", "@id": "FrSIRT/ADV-2007-1598", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Java Web Start vulnerable to execution of unauthorized system classes" }
jvndb-2011-000035
Vulnerability from jvndb
Published
2011-06-10 16:23
Modified
2013-03-26 15:14
Summary
Java Web Start may insecurely load dynamic libraries
Details
Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs.
Java Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Hisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000035.html", "dc:date": "2013-03-26T15:14+09:00", "dcterms:issued": "2011-06-10T16:23+09:00", "dcterms:modified": "2013-03-26T15:14+09:00", "description": "Java Web Start provided Oracle may use unsafe methods for determining how to load DLLs.\r\n\r\nJava Web Start is tool to distribute Java applications over the web and is contained in Java applications such as JRE (Java Runtime Environment) Java Web Start contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nHisashi Kojima of Fujitsu Laboratories, Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendor under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000035.html", "sec:cpe": [ { "#text": "cpe:/a:hp:systems_insight_manager", "@product": "HP Systems Insight Manager", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000035", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN18680611/index.html", "@id": "JVN#18680611", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0866", "@id": "CVE-2011-0866", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0866", "@id": "CVE-2011-0866", "@source": "NVD" }, { "#text": "http://www.ipa.go.jp/security/english/vuln/201106_javaweb_en.html", "@id": "Security Alert for Multiple Vulnerabilities in Java Web Start", "@source": "IPA SECURITY ALERTS" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Java Web Start may insecurely load dynamic libraries" }
jvndb-2011-000020
Vulnerability from jvndb
Published
2011-03-10 16:38
Modified
2018-02-07 17:10
Summary
IBM Tivoli vulnerable to denial-of-service (DoS)
Details
IBM Tivoli contains a denial-of-service (DoS) vulnerability.
IBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).
A wide range of products are affected. For more information, refer to the vendor's website.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000020.html", "dc:date": "2018-02-07T17:10+09:00", "dcterms:issued": "2011-03-10T16:38+09:00", "dcterms:modified": "2018-02-07T17:10+09:00", "description": "IBM Tivoli contains a denial-of-service (DoS) vulnerability.\r\n\r\nIBM Tivoli contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE).\r\n\r\nA wide range of products are affected. For more information, refer to the vendor\u0027s website.", "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000020.html", "sec:cpe": [ { "#text": "cpe:/a:hp:systems_insight_manager", "@product": "HP Systems Insight Manager", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2011-000020", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN81294135/index.html", "@id": "JVN#81294135", "@source": "JVN" }, { "#text": "https://jvn.jp/en/tr/JVNTR-2011-02/index.html", "@id": "JVNTR-2011-02", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476", "@id": "CVE-2010-4476", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4476", "@id": "CVE-2010-4476", "@source": "NVD" }, { "#text": "http://www.securitytracker.com/id?1025062", "@id": "1025062", "@source": "SECTRACK" }, { "#text": "http://secunia.com/advisories/43295", "@id": "SA43295", "@source": "SECUNIA-R" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-189", "@title": "Numeric Errors(CWE-189)" } ], "title": "IBM Tivoli vulnerable to denial-of-service (DoS)" }