本页列出影响 sun java 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2010-0887 | Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | [email protected] | 10.0 | 7.61% | 2010-04-20 | 2026-04-29 |
| CVE-2009-1107 | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | [email protected] | 4.3 | 3.47% | 2009-03-25 | 2026-04-23 |
| CVE-2009-1105 | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | [email protected] | 7.5 | 8.03% | 2009-03-25 | 2026-04-23 |
| CVE-2009-1104 | The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vec | [email protected] | 5.8 | 1.66% | 2009-03-25 | 2026-04-23 |
| CVE-2009-1103 | Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. | [email protected] | 6.4 | 5.15% | 2009-03-25 | 2026-04-23 |
| CVE-2009-1102 | Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | [email protected] | 6.4 | 5.51% | 2009-03-25 | 2026-04-23 |
| CVE-2008-3440 | Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | [email protected] | 7.5 | 0.70% | 2008-08-01 | 2026-04-23 |
| CVE-2005-2738 | Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. | [email protected] | 5.0 | 0.53% | 2005-12-31 | 2026-04-16 |
| CVE-2005-2530 | Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." | [email protected] | 10.0 | 0.81% | 2005-12-31 | 2026-04-16 |
| CVE-2005-2529 | Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | [email protected] | 10.0 | 0.68% | 2005-12-31 | 2026-04-16 |
| CVE-2005-2527 | Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. | [email protected] | 1.2 | 0.04% | 2005-12-31 | 2026-04-16 |
| CVE-2003-1134 | Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception. | [email protected] | 2.1 | 0.34% | 2003-12-31 | 2026-04-16 |
| CVE-1999-0440 | The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. | [email protected] | 7.5 | 1.62% | 1999-03-01 | 2026-04-16 |
| CVE-1999-0142 | The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts. | [email protected] | 7.5 | 1.17% | 1996-03-01 | 2026-04-16 |