cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2010-0843,https://securityvulnerability.io/vulnerability/CVE-2010-0843,,"Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.  NOTE: the previous information was obtained from the March 2010 CPU.  Oracle has not commented on claims from a reliable researcher that this is related to XNewPtr and improper handling of an integer parameter when allocating heap memory in the com.sun.media.sound libraries, which allows remote attackers to execute arbitrary code.",Oracle,"Jre,Jdk,Sdk",,,0.1560799926519394,false,false,false,false,,false,false,2010-04-01T16:00:00.000Z,0
CVE-2009-3875,https://securityvulnerability.io/vulnerability/CVE-2009-3875,,"The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to ""timing attack vulnerabilities,"" aka Bug Id 6863503.",Oracle,"Jdk,Jre,Sdk",,,0.006020000204443932,false,false,false,false,,false,false,2009-11-05T16:00:00.000Z,0
CVE-2009-3876,https://securityvulnerability.io/vulnerability/CVE-2009-3876,,"Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.",Oracle,"Jdk,Jre,Sdk",,,0.1350499987602234,false,false,false,false,,false,false,2009-11-05T16:00:00.000Z,0
CVE-2009-3877,https://securityvulnerability.io/vulnerability/CVE-2009-3877,,"Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.",Oracle,"Jdk,Jre,Sdk",,,0.1216999962925911,false,false,false,false,,false,false,2009-11-05T16:00:00.000Z,0
CVE-2004-2764,https://securityvulnerability.io/vulnerability/CVE-2004-2764,,"Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka ""XML sniffing.""",Oracle,"Jre,Sdk",,,0.009850000031292439,false,false,false,false,,false,false,2009-06-02T10:00:00.000Z,0
CVE-2008-5342,https://securityvulnerability.io/vulnerability/CVE-2008-5342,,"Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.",Oracle,"Jdk,Jre,Sdk",,,0.009390000253915787,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5354,https://securityvulnerability.io/vulnerability/CVE-2008-5354,,Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.,Oracle,"Jdk,Jre,Sdk",,,0.2350900024175644,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5340,https://securityvulnerability.io/vulnerability/CVE-2008-5340,,"Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.",Oracle,"Jdk,Jre,Sdk",,,0.018130000680685043,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5344,https://securityvulnerability.io/vulnerability/CVE-2008-5344,,"Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.",Oracle,"Jdk,Jre,Sdk",,,0.01940000057220459,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5343,https://securityvulnerability.io/vulnerability/CVE-2008-5343,,"Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka ""GIFAR"" and CR 6707535.",Oracle,"Jdk,Jre,Sdk",,,0.02745000086724758,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5356,https://securityvulnerability.io/vulnerability/CVE-2008-5356,,Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.,Oracle,"Jdk,Jre,Sdk",,,0.48598000407218933,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5353,https://securityvulnerability.io/vulnerability/CVE-2008-5353,,"The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by ""deserializing Calendar objects"".",Oracle,"Jdk,Jre,Sdk",,,0.9706000089645386,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5355,https://securityvulnerability.io/vulnerability/CVE-2008-5355,,"The ""Java Update"" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.",Oracle,"Jdk,Jre,Sdk",,,0.14240999519824982,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5351,https://securityvulnerability.io/vulnerability/CVE-2008-5351,,"Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the ""shortest"" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.",Oracle,"Jdk,Jre,Sdk",,,0.023979999125003815,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5341,https://securityvulnerability.io/vulnerability/CVE-2008-5341,,"Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.",Oracle,"Jdk,Jre,Sdk",,,0.009390000253915787,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5350,https://securityvulnerability.io/vulnerability/CVE-2008-5350,,Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.,Oracle,"Jdk,Jre,Sdk",,,0.015209999866783619,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5339,https://securityvulnerability.io/vulnerability/CVE-2008-5339,,"Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.",Oracle,"Jdk,Jre,Sdk",,,0.020519999787211418,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-5348,https://securityvulnerability.io/vulnerability/CVE-2008-5348,,"Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.",Oracle,"Jdk,Jre,Sdk",,,0.04941000044345856,false,false,false,false,,false,false,2008-12-05T11:00:00.000Z,0
CVE-2008-2086,https://securityvulnerability.io/vulnerability/CVE-2008-2086,,"Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka ""Java Web Start File Inclusion"" and CR 6694892.",Oracle,"Jdk,Jre,Sdk",,,0.4655100107192993,false,false,false,false,,false,false,2008-12-05T02:00:00.000Z,0
CVE-2008-3114,https://securityvulnerability.io/vulnerability/CVE-2008-3114,,"Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074.",Oracle,"Jdk,Jre,Sdk",,,0.016300000250339508,false,false,false,false,,false,false,2008-07-09T23:41:00.000Z,0
CVE-2008-3111,https://securityvulnerability.io/vulnerability/CVE-2008-3111,,"Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.",Oracle,"Jdk,Jre,Sdk",,,0.4976400136947632,false,false,false,false,,false,false,2008-07-09T23:41:00.000Z,0
CVE-2008-3112,https://securityvulnerability.io/vulnerability/CVE-2008-3112,,"Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.",Oracle,"Jdk,Jre,Sdk",,,0.03215999901294708,false,false,false,false,,false,false,2008-07-09T23:41:00.000Z,0
CVE-2008-3107,https://securityvulnerability.io/vulnerability/CVE-2008-3107,,"Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.",Oracle,"Jdk,Jre,Sdk",,,0.012649999931454659,false,false,false,false,,false,false,2008-07-09T23:41:00.000Z,0
CVE-2008-3104,https://securityvulnerability.io/vulnerability/CVE-2008-3104,,"Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.",Oracle,"Sdk,Jdk,Jre",,,0.041430000215768814,false,false,false,false,,false,false,2008-07-09T23:41:00.000Z,0
CVE-2008-3113,https://securityvulnerability.io/vulnerability/CVE-2008-3113,,"Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.",Oracle,"Jdk,Jre,Sdk",,,0.016790000721812248,false,false,false,false,,false,false,2008-07-09T23:41:00.000Z,0