1772 matches found
CVE-2009-3729
Unspecified vulnerability in the TrueType font parsing functionality in Sun Java SE 5.0 before Update 22 and 6 before Update 17 allows remote attackers to cause a denial of service application crash via a certain test suite, aka Bug Id 6815780...
CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650...
CVE-2009-3885
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium ICC profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445...
CVE-2009-3880
The Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the...
CVE-2009-3883
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel PL&F feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug...
CVE-2009-3879
Multiple unspecified vulnerabilities in the 1 X11 and 2 Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug I...
CVE-2009-3884
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo aka tz files, aka Bug Id 6824265...
Design/Logic Flaw
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel PL&F feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug...
Design/Logic Flaw
The Abstract Window Toolkit AWT in Java Runtime Environment JRE in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the...
CVE-2009-3883
CVE-2009-3883 affects Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17 (OpenJDK) in the Swing PL&F implementation. The issue involves information leaks in mutable variables within Swing, enabling potential remote disclosure with partial confidentiality, integrity, and availability ...
CVE-2009-3882
CVE-2009-3882 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), as well as OpenJDK. Root cause is an information leak in mutable variables (Bug 6657026) in the Swing implementation. Consequences include potential information disclosure and related partial impacts to con...
CVE-2009-3881
CVE-2009-3881 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), and OpenJDK. The issue is that class loader hierarchy can allow children of a resurrected ClassLoader to exist, enabling a remote attacker to gain privileges via unspecified vectors (information leak vulner...
CVE-2009-3883
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel PL&F feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug...
CVE-2009-3882
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026...
CVE-2009-3886
The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP 1 application or 2 applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531...
CVE-2009-3884
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo aka tz files, aka Bug Id 6824265...
CVE-2009-3885
Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows allows remote attackers to cause a denial of service via a BMP file containing a link to a UNC share pathname for an International Color Consortium ICC profile file, probably a related issue to CVE-2007-2789, aka Bug Id 6632445...
CVE-2009-3879
CVE-2009-3879 affects Sun Java SE 5.0 (before Update 22) and 6 (before Update 17) and OpenJDK, in the X11GraphicsDevice and related components. The issue stems from failure to clone arrays returned by getConfigurations, potentially exposing sensitive information or allowing unintended access to g...
CVE-2009-3886
CVE-2009-3886 concerns the Java Web Start implementation in Sun Java SE 6 before Update 17, where the interaction between a signed JAR and a JNLP application or applet is not handled correctly. The entry notes a regression (Bug 6870531) as the underlying issue, but the provided documents do not s...
CVE-2009-3879
Multiple unspecified vulnerabilities in the 1 X11 and 2 Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug I...