The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Sun Java

Windows, Java: poisoning the DNS cache
An attacker can open numerous UDP ports, in order to facilitate a DNS cache poisoning attack...
BID-50281, c03266681, CVE-2010-4448, CVE-2011-3552, HPSBUX02760, javacpuoct2011, RHSA-2012:0006-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100805, VIGILANCE-VUL-11087
Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-49778, BID-50211, BID-50215, BID-50216, BID-50218, BID-50220, BID-50223, BID-50224, BID-50226, BID-50229, BID-50231, BID-50234, BID-50236, BID-50237, BID-50239, BID-50242, BID-50243, BID-50246, BID-50248, BID-50250, c03122753, c03266681, c03316985, c03358587, c03405642, CERTA-2011-AVI-541, CERTA-2011-AVI-580, CERTA-2011-AVI-675, CERTA-2012-AVI-012, CERTA-2012-AVI-045, CERTA-2012-AVI-190, CERTA-2012-AVI-238, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3555, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561, DSA-2356-1, DSA-2358-1, ESX400-201209001, ESX400-201209401-SG, ESX400-201209402-SG, ESX400-201209404-SG, FEDORA-2011-14638, FEDORA-2011-14648, FEDORA-2011-15555, HPSBMU02797, HPSBMU02799, HPSBUX02730, HPSBUX02760, HPSBUX02777, javacpuoct2011, MDVSA-2011:170, openSUSE-SU-2011:1196-1, RHSA-2011:1380-01, RHSA-2011:1384-01, RHSA-2011:1478-01, RHSA-2012:0006-01, RHSA-2012:0034-01, RHSA-2012:0343-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100710, SSRT100805, SSRT100854, SSRT100867, SUSE-SU-2011:1298-1, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, VIGILANCE-VUL-11072, VMSA-2012-0003, VMSA-2012-0003.1, VMSA-2012-0005.3, VMSA-2012-0008.1, VMSA-2012-0013.1, VU#864643, ZDI-11-305, ZDI-11-306, ZDI-11-307
SSL, TLS: obtaining HTTPS Cookies, BEAST
An attacker, who can control HTTPS connections of victim's web browser and which has a sufficient bandwidth, can use several SSL sessions in order to compute HTTP headers, such as cookies...
2588513, 2643584, 2655992, AST-2016-001, BID-49778, BID-54304, c03122753, CERTA-2012-AVI-381, CERTFR-2016-AVI-046, CERTFR-2019-AVI-311, CVE-2004-2770-REJECT, CVE-2011-3389, CVE-2012-1870, DSA-2368-1, DSA-2398-1, DSA-2398-2, FEDORA-2012-5916, FEDORA-2012-5924, FEDORA-2012-9135, FEDORA-2014-13764, FEDORA-2014-13777, HPSBUX02730, javacpuoct2011, MDVSA-2012:058, MDVSA-2012:096, MDVSA-2012:096-1, MDVSA-2012:097, MS12-006, MS12-049, openSUSE-SU-2012:0030-1, openSUSE-SU-2012:0063-1, openSUSE-SU-2012:0199-1, openSUSE-SU-2012:0229-1, openSUSE-SU-2012:0667-1, openSUSE-SU-2020:0086-1, RHSA-2012:0034-01, RHSA-2013:1455-01, RHSA-2013:1456-01, sk74100, sk86440, SOL13400, SSA-556833, SSRT100710, SUSE-SU-2012:0114-1, SUSE-SU-2012:0114-2, SUSE-SU-2012:0122-1, SUSE-SU-2012:0122-2, SUSE-SU-2020:0114-1, SUSE-SU-2020:0234-1, swg21568229, VIGILANCE-VUL-11014, VU#864643
Java JRE: code execution via .hotspotrc
An attacker can invite the victim to open an HTML page calling a Java applet located on a network share, in order to execute code on is computer...
VIGILANCE-VUL-10825
Java JRE/JDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-48133, BID-48134, BID-48135, BID-48136, BID-48137, BID-48138, BID-48139, BID-48140, BID-48141, BID-48142, BID-48143, BID-48144, BID-48145, BID-48146, BID-48147, BID-48148, BID-48149, c02945548, c03316985, c03358587, c03405642, CERTA-2003-AVI-005, CERTA-2011-AVI-336, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873, DSA-2311-1, DSA-2358-1, FEDORA-2011-8003, FEDORA-2011-8020, FEDORA-2011-8028, HPSBMU02797, HPSBMU02799, HPSBUX02697, HPSBUX02777, javacpujune2011, MDVSA-2011:126, openSUSE-SU-2011:0633-1, openSUSE-SU-2011:0706-1, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2011:0856-01, RHSA-2011:0857-01, RHSA-2011:0860-01, RHSA-2011:0938-01, RHSA-2011:1087-01, RHSA-2011:1159-01, RHSA-2011:1265-01, RHSA-2013:1455-01, RHSA-2013:1456-01, SSRT100591, SSRT100854, SSRT100867, SUSE-SA:2011:030, SUSE-SA:2011:032, SUSE-SA:2011:036, SUSE-SU-2011:0632-1, SUSE-SU-2011:0807-1, SUSE-SU-2011:0863-1, SUSE-SU-2011:0863-2, SUSE-SU-2011:0966-1, SUSE-SU-2011:1082-1, TPTI-11-06, VIGILANCE-VUL-10722, VMSA-2011-0013.1, ZDI-11-182, ZDI-11-183, ZDI-11-184, ZDI-11-185, ZDI-11-186, ZDI-11-187, ZDI-11-188, ZDI-11-189, ZDI-11-190, ZDI-11-191, ZDI-11-192, ZDI-11-199
Java JRE/JDK/SDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-46091, BID-46386, BID-46387, BID-46388, BID-46391, BID-46393, BID-46394, BID-46395, BID-46397, BID-46398, BID-46399, BID-46400, BID-46401, BID-46402, BID-46403, BID-46404, BID-46405, BID-46406, BID-46407, BID-46409, BID-46410, BID-46411, c02775276, c03316985, c03358587, c03405642, CERTA-2003-AVI-001, CERTA-2011-AVI-079, CERTA-2011-AVI-093, CERTA-2011-AVI-118, CERTA-2011-AVI-196, CERTA-2011-AVI-197, CERTA-2011-AVI-219, CERTA-2011-AVI-474, CERTA-2011-AVI-483, CERTA-2012-AVI-286, CERTA-2012-AVI-395, CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451, CVE-2010-4452, CVE-2010-4454, CVE-2010-4462, CVE-2010-4463, CVE-2010-4465, CVE-2010-4466, CVE-2010-4467, CVE-2010-4468, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4473, CVE-2010-4474, CVE-2010-4475, CVE-2010-4476, DSA-2224-1, FEDORA-2011-1631, FEDORA-2011-1645, HPSBMU02797, HPSBMU02799, HPSBUX02685, HPSBUX02777, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, openSUSE-SU-2011:0155-1, RHSA-2011:0281-01, RHSA-2011:0282-01, RHSA-2011:0335-01, RHSA-2011:0357-01, RHSA-2011:0364-01, RHSA-2011:0490-01, RHSA-2011:0870-01, RHSA-2011:0880-01, SSRT100505, SSRT100854, SSRT100867, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SA:2011:024, SUSE-SR:2011:008, SUSE-SU-2011:0490-1, SUSE-SU-2011:0823-1, VIGILANCE-VUL-10368, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2011-0013.1, VMSA-2012-0005, ZDI-11-082, ZDI-11-083, ZDI-11-084, ZDI-11-085, ZDI-11-086
Java: file access via JFileChooser
A malicious applet can use javax.swing.JFileChooser, in order to automatically access to files...
BID-46223, VIGILANCE-VUL-10337
Java JRE: denial of service via a real
An attacker can use a special double floating point number, in order to create an infinite loop in Java programs...
1468291, BID-46091, c02729756, c02738573, c02746026, c02752210, c02775276, c02826781, c02906075, c03090723, c03316985, CERTA-2002-AVI-271, CERTA-2012-AVI-286, cpuapr2011, CVE-2010-4476, DSA-2161-1, DSA-2161-2, FEDORA-2011-1231, FEDORA-2011-1263, HPSBMU02690, HPSBTU02684, HPSBUX02633, HPSBUX02641, HPSBUX02642, HPSBUX02645, HPSBUX02685, HPSBUX02725, HPSBUX02777, IZ94331, javacpufeb2011, MDVSA-2011:054, openSUSE-SU-2011:0126-1, PM32175, PM32177, PM32184, PM32192, PM32194, RHSA-2011:0210-01, RHSA-2011:0211-01, RHSA-2011:0212-01, RHSA-2011:0213-01, RHSA-2011:0214-01, RHSA-2011:0282-01, RHSA-2011:0290-01, RHSA-2011:0291-01, RHSA-2011:0292-01, RHSA-2011:0299-01, RHSA-2011:0333-01, RHSA-2011:0334-01, RHSA-2011:0336-01, RHSA-2011:0348-01, RHSA-2011:0349-01, RHSA-2011:0880-01, SSRT100387, SSRT100390, SSRT100412, SSRT100415, SSRT100505, SSRT100569, SSRT100627, SSRT100854, SUSE-SA:2011:010, SUSE-SA:2011:014, SUSE-SR:2011:008, SUSE-SU-2011:0823-1, swg21469266, swg24030066, swg24030067, VIGILANCE-VUL-10321
Java JRE/JDK/SDK: several vulnerabilities
Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code...
BID-43965, BID-43971, BID-43979, BID-43985, BID-43988, BID-43992, BID-43994, BID-43999, BID-44009, BID-44011, BID-44012, BID-44013, BID-44014, BID-44016, BID-44017, BID-44020, BID-44021, BID-44023, BID-44024, BID-44026, BID-44027, BID-44028, BID-44030, BID-44032, BID-44035, BID-44038, BID-44040, c02616748, c03405642, CERTA-2009-AVI-528, CERTA-2010-AVI-149, CERTA-2010-AVI-196, CERTA-2010-AVI-219, CERTA-2010-AVI-239, CERTA-2010-AVI-241, CERTA-2010-AVI-365, CERTA-2010-AVI-500, CERTA-2010-AVI-513, CERTA-2010-AVI-573, CERTA-2011-AVI-253, CERTA-2011-AVI-400, CERTA-2012-AVI-241, CERTA-2012-AVI-395, CVE-2009-3555, CVE-2010-1321, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574, FEDORA-2010-16240, FEDORA-2010-16294, FEDORA-2010-16312, HPSBMU02799, HPSBUX02608, openSUSE-SU-2010:0754-1, openSUSE-SU-2010:0957-1, RHSA-2010:0768-01, RHSA-2010:0770-01, RHSA-2010:0786-01, RHSA-2010:0807-01, RHSA-2010:0865-02, RHSA-2010:0873-02, RHSA-2010:0935-01, RHSA-2010:0986-01, RHSA-2010:0987-01, RHSA-2011:0152-01, RHSA-2011:0169-01, RHSA-2011:0880-01, SSRT100333, SSRT100867, SUSE-SA:2010:061, SUSE-SA:2011:006, SUSE-SA:2011:014, SUSE-SR:2010:019, VIGILANCE-VUL-10040, VMSA-2011-0003, VMSA-2011-0003.1, VMSA-2011-0003.2, VMSA-2011-0004.2, VMSA-2011-0005.3, VMSA-2011-0012.1, VMSA-2011-0013, VMSA-2012-0005, ZDI-10-202, ZDI-10-203, ZDI-10-204, ZDI-10-205, ZDI-10-206, ZDI-10-207, ZDI-10-208
Java JRE/JDK 6: code execution via Java Plug-in
An attacker can create an HTML page containing a malicious Java applet, in order to execute code on victim's computer...
BID-39492, CVE-2010-0887, RHSA-2010:0356-02, RHSA-2010:0549-01, VIGILANCE-VUL-9594
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Java: