VMSA-2009-0014: JRE Security Update (CVE-2009-1099)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | March 25, 2009 | December 17, 2012 | February 13, 2015 |
Description
Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
Solution
vmware-esx35-upgrade-199239Related Vulnerabilities
- JRE Temporary Font Files Denial of Service
- SUSE Linux Security Advisory: SUSE-SA:2009:016
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1107)
- SUSE Linux Security Vulnerability: CVE-2009-1105
- VMSA-2009-0014: JRE Security Update (CVE-2009-1101)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1094)
- Apple Java security update for CVE-2009-1094
- SUSE Linux Security Vulnerability: CVE-2009-1104
- Apple Java security update for CVE-2009-1097
- Java CPU July 2009 unspecified vulnerability
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1105)
- SUSE Linux Security Vulnerability: CVE-2009-1093
- RHSA-2009:0394: java-1.5.0-sun security update
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1093)
- Gentoo Linux: CVE-2009-1100: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1102)
- Gentoo Linux: CVE-2009-1107: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1104)
- SUSE Linux Security Vulnerability: CVE-2009-1095
- VMSA-2009-0014: JRE Security Update (CVE-2009-1105)
- RHSA-2009:0377: java-1.6.0-openjdk security update
- Apple Java security update for CVE-2009-1103
- Apple Java security update for CVE-2009-1096
- RHSA-2009:0392: java-1.6.0-sun security update
- Gentoo Linux: CVE-2009-1105: Sun JDK/JRE: Multiple vulnerabilities
- SUSE Linux Security Vulnerability: CVE-2009-1107
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1098)
- Apple Java security update for CVE-2009-1095
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1097)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1101)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1106)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1093)
- Apple Java security update for CVE-2009-1100
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1099)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1097)
- Java CPU July 2009 unspecified vulnerability
- VMSA-2009-0014: JRE Security Update (CVE-2009-1106)
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- JRE Code Generation
- Gentoo Linux: CVE-2009-1103: Sun JDK/JRE: Multiple vulnerabilities
- Apple Java security update for CVE-2009-1098
- SUSE Linux Security Vulnerability: CVE-2009-1102
- VMSA-2009-0014: JRE Security Update (CVE-2009-1093)
- JRE Unpack200 Memory Corruption Vulnerabilities
- JRE Multiple Java Plug-in Vulnerabilities
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1100)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1100)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1106)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1097)
- SUSE Linux Security Vulnerability: CVE-2009-1099
- Apple Java security update for CVE-2009-1107
- SUSE Linux Security Vulnerability: CVE-2009-1094
- Gentoo Linux: CVE-2009-1101: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1102)
- Java CPU July 2009 unspecified vulnerability
- Gentoo Linux: CVE-2009-1095: Sun JDK/JRE: Multiple vulnerabilities
- JRE Image and Font Processing Vulnerabilities
- Gentoo Linux: CVE-2009-1102: Sun JDK/JRE: Multiple vulnerabilities
- Cent OS: CVE-2009-1098: CESA-2009:0377 (java-1.6.0-openjdk)
- SUSE Linux Security Vulnerability: CVE-2009-1096
- SUSE Linux Security Vulnerability: CVE-2009-1106
- Gentoo Linux: CVE-2009-1094: Sun JDK/JRE: Multiple vulnerabilities
- JRE LDAP Remote Code Execution
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1094)
- VMSA-2009-0014: JRE Security Update (CVE-2009-1095)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1101)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1105)
- Java CPU July 2009 unspecified vulnerability
- VMSA-2009-0014: JRE Security Update (CVE-2009-1096)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1105)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1107)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1099)
- Apple Java security update for CVE-2009-1101
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1095)
- Gentoo Linux: CVE-2009-1104: Sun JDK/JRE: Multiple vulnerabilities
- Cent OS: CVE-2009-1094: CESA-2009:0377 (java-1.6.0-openjdk)
- JRE HTTP Server File Descriptor Leak
- Cent OS: CVE-2009-1096: CESA-2009:0377 (java-1.6.0-openjdk)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1100)
- Apple Java security update for CVE-2009-1106
- RHSA-2009:1038: java-1.5.0-ibm security update
- RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
- Gentoo Linux: CVE-2009-1099: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1106)
- VMSA-2009-0016.5: JRE Security Update (CVE-2009-1096)
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1107)
- Gentoo Linux: CVE-2009-1096: Sun JDK/JRE: Multiple vulnerabilities
- VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1104)
- Cent OS: CVE-2009-1095: CESA-2009:0377 (java-1.6.0-openjdk)
- USN-748-1: OpenJDK vulnerabilities
- VMSA-2009-0014: JRE Security Update (CVE-2009-1104)
- VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-1096)
- Java CPU July 2009 unspecified vulnerability
- Java CPU July 2009 unspecified vulnerability
- Gentoo Linux: CVE-2009-1097: Sun JDK/JRE: Multiple vulnerabilities
- Java CPU July 2009 unspecified vulnerability
- SUSE Linux Security Vulnerability: CVE-2009-1097