CVE-2009-2716

CVE-2009-2716 is referenced by multiple vulnerability feeds as addressed by Java/JRE updates in VMware advisories (VMSA-2009-0016, VMSA-2010-0002) and by OpenVAS entries. The linked documents confirm that CVE-2009-2716 is among the CVEs fixed in JRE/JDK updates, specifically in Sun Java JRE 1.5.x...

CVE-2009-2719

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException via a crafted .jnlp file, as demonstrated by the jnlpfile/appletDesc/index.htmlmisc test in the Technology Compatibility Kit TCK for the Java...

CVE-2009-2721

Technical details for CVE-2009-2721 are not provided in the supplied documents. The entry notes unspecified vulnerabilities in Sun Java SE 5.0 before Update 20. Monitor for updates and refer to official advisories for affected versions and fixes.

CVE-2009-2723

CVE-2009-2723 is described as an unspecified vulnerability in deserialization in the Provider class of Sun Java SE 5.0 prior to Update 20, with unknown impact and attack vectors. The provided documents confirm the affected product (Sun Java SE 5.0) and the module (deserialization via the Provider...

CVE-2009-2717

The CVE-2009-2717 entry concerns Sun Java SE 6 on Windows 2000 Professional prior to Update 15, where the AWT implementation lacks a Security Warning Icon. This omission can enable context-dependent attackers to trick users into interacting with an untrusted applet. Affected component: AWT in Jav...

CVE-2009-2724

Technical details for CVE-2009-2724 are not provided in the supplied documents; while references exist, they do not describe affected product/version or impact. Monitor for updates.

CVE-2009-2724

Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."...

CVE-2009-2716

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors...

CVE-2009-2722

Technical details about CVE-2009-2722 are not disclosed in the provided documents; affected products, impact and remediation are not specified. Monitor for updates.

CVE-2009-2723

Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262...

Design/Logic Flaw

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted 1 applet or 2 application...

CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted 1 applet or 2 application...

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted 1 applet or 2 application...

Design/Logic Flaw

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...

CVE-2009-2689

CVE-2009-2689 affects OpenJDK and Sun Java Runtime (J2SE 5.0 pre-Update 20 and 6 pre-Update 15). The root cause is that JDK13Services can grant full privileges to certain object types, enabling a context‑dependent attacker using an untrusted applet or application to bypass access restrictions. Th...

CVE-2009-2476

The Java Management Extensions JMX implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged...

CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted 1 applet or 2 application...

CVE-2009-2690

CVE-2009-2690 affects Sun Java SE 6 before Update 15 and OpenJDK. The issue is an information disclosure where the encoder grants read access to private variables with unspecified names, potentially leaking sensitive data via a trusted applet or application. Related vulnerability discussions are ...

CVE-2009-2475

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to 1 LayoutQueue, 2 Cursor.predefined, 3...

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted 1 applet or 2 application...