Lucene search
K

138 matches found

Prion
Prion
added 2009/08/10 8:30 p.m.19 views

Design/Logic Flaw

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an...

6.8CVSS6.3AI score0.01715EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2009/08/10 8:30 p.m.17 views

CVE-2009-2716

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors...

7.5CVSS6.3AI score0.01287EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2009/08/10 8:30 p.m.33 views

CVE-2009-2719

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException via a crafted .jnlp file, as demonstrated by the jnlpfile/appletDesc/index.htmlmisc test in the Technology Compatibility Kit TCK for the Java...

5CVSS6.3AI score0.02027EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2009/08/10 8:30 p.m.29 views

CVE-2009-2718

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an...

6.8CVSS6.3AI score0.01715EPSS
Exploits0References2
Prion
Prion
added 2009/08/10 8:30 p.m.19 views

Design/Logic Flaw

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet...

6.8CVSS6.8AI score0.0133EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2009/08/10 8:30 p.m.24 views

CVE-2009-2720

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException in the Jemmy library via unknown vectors...

5CVSS6.3AI score0.02EPSS
Exploits0References2
Prion
Prion
added 2009/08/10 8:30 p.m.13 views

Design/Logic Flaw

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors...

7.5CVSS7.1AI score0.01287EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2009/08/10 8:30 p.m.32 views

CVE-2009-2717

The Abstract Window Toolkit AWT implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet...

6.8CVSS6.3AI score0.0133EPSS
Exploits0References1
CVE
CVE
added 2009/08/10 8:0 p.m.64 views

CVE-2009-2717

The CVE-2009-2717 entry concerns Sun Java SE 6 on Windows 2000 Professional prior to Update 15, where the AWT implementation lacks a Security Warning Icon. This omission can enable context-dependent attackers to trick users into interacting with an untrusted applet. Affected component: AWT in Jav...

6.8CVSS6.5AI score0.0133EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2009/08/10 8:0 p.m.27 views

CVE-2009-2716

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors...

7.8AI score0.01287EPSS
Exploits0References7
Cvelist
Cvelist
added 2009/08/10 8:0 p.m.36 views

CVE-2009-2719

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service NullPointerException via a crafted .jnlp file, as demonstrated by the jnlpfile/appletDesc/index.htmlmisc test in the Technology Compatibility Kit TCK for the Java...

7AI score0.02027EPSS
Exploits0References7
CVE
CVE
added 2009/08/10 8:0 p.m.106 views

CVE-2009-2719

CVE-2009-2719: In Sun Java SE 6, the Java Web Start implementation before Update 15 is vulnerable to a DoS via a crafted JNLP file, causing a NullPointerException. The issue is evidenced by the TCK test at jnlp_file/appletDesc/index.html#misc. Affected software is Java Web Start in Java SE 6 prio...

5CVSS6.8AI score0.02027EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2009/08/10 6:30 p.m.18 views

Code injection

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted 1 applet or 2 application...

5CVSS5.8AI score0.02579EPSS
Exploits0References17Affected Software1
NVD
NVD
added 2009/08/10 6:30 p.m.22 views

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted 1 applet or 2 application...

10CVSS6.1AI score0.02839EPSS
Exploits0References19
Prion
Prion
added 2009/08/10 6:30 p.m.25 views

Design/Logic Flaw

The Java Management Extensions JMX implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged...

10CVSS6.5AI score0.02877EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2009/08/10 6:0 p.m.26 views

CVE-2009-2476

The Java Management Extensions JMX implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged...

5.3AI score0.02877EPSS
Exploits0References17
Cvelist
Cvelist
added 2009/08/10 6:0 p.m.26 views

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted 1 applet or 2 application...

5.5AI score0.02839EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2009/08/10 12:0 a.m.27 views

CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted 1 applet or 2 application...

5CVSS5.9AI score0.02579EPSS
Exploits0References3
Rows per page
Query Builder