14 matches found
CVE-2009-2676
CVE-2009-2676 describes an unspecified vulnerability in Sun Java SE/JDK/JRE (up to 6 Update 14, 5.0 Update 19, and 1.4.2_21) involving the JNLPAppletLauncher. Affected component is the JNLPAppletLauncher exposed to untrusted applets; the root cause is an issue in how an old launcher can be access...
CVE-2009-2475
CVE-2009-2475 affects Sun Java SE 5.0 before Update 20 and Java SE 6 before Update 15, and OpenJDK. The issue arises from context-dependent attackers exploiting static variables declared without the final keyword in multiple components (e.g., LayoutQueue, Cursor.predefined, AccessibleResourceBund...
CVE-2009-2476
CVE-2009-2476 affects Sun Java SE 6 prior to Update 15 and OpenJDK. The issue is a bypass of OpenType checks, allowing a context-dependent attacker to obtain a reference to a privileged object via finalizer resurrection, effectively bypassing access restrictions. Impact is described as complete c...
CVE-2009-2720
CVE-2009-2720 affects Sun Java SE 6 Swing (javax.swing.plaf.synth.SynthContext.isSubregion). The vulnerability can cause a denial of service via a NullPointerException in the Jemmy library and is triggered by unspecified vectors. A patch exists in Sun Java SE 6, Update 15 or newer; upgrading to U...
CVE-2009-2718
The CVE-2009-2718 issue affects Sun Java SE 6 on X11 where the AWT security warning icon distance constraint was not enforced. This makes context-dependent users more susceptible to social-engineering via untrusted applets. The vulnerability is tied to the Java AWT component; remediation noted in...
CVE-2009-2721
Technical details for CVE-2009-2721 are not provided in the supplied documents. The entry notes unspecified vulnerabilities in Sun Java SE 5.0 before Update 20. Monitor for updates and refer to official advisories for affected versions and fixes.
CVE-2009-2719
CVE-2009-2719: In Sun Java SE 6, the Java Web Start implementation before Update 15 is vulnerable to a DoS via a crafted JNLP file, causing a NullPointerException. The issue is evidenced by the TCK test at jnlp_file/appletDesc/index.html#misc. Affected software is Java Web Start in Java SE 6 prio...
CVE-2009-2716
CVE-2009-2716 is referenced by multiple vulnerability feeds as addressed by Java/JRE updates in VMware advisories (VMSA-2009-0016, VMSA-2010-0002) and by OpenVAS entries. The linked documents confirm that CVE-2009-2716 is among the CVEs fixed in JRE/JDK updates, specifically in Sun Java JRE 1.5.x...
CVE-2009-2723
CVE-2009-2723 is described as an unspecified vulnerability in deserialization in the Provider class of Sun Java SE 5.0 prior to Update 20, with unknown impact and attack vectors. The provided documents confirm the affected product (Sun Java SE 5.0) and the module (deserialization via the Provider...
CVE-2009-2724
Technical details for CVE-2009-2724 are not provided in the supplied documents; while references exist, they do not describe affected product/version or impact. Monitor for updates.
CVE-2009-2689
CVE-2009-2689 affects OpenJDK and Sun Java Runtime (J2SE 5.0 pre-Update 20 and 6 pre-Update 15). The root cause is that JDK13Services can grant full privileges to certain object types, enabling a context‑dependent attacker using an untrusted applet or application to bypass access restrictions. Th...
CVE-2009-2722
Technical details about CVE-2009-2722 are not disclosed in the provided documents; affected products, impact and remediation are not specified. Monitor for updates.
CVE-2009-2690
CVE-2009-2690 affects Sun Java SE 6 before Update 15 and OpenJDK. The issue is an information disclosure where the encoder grants read access to private variables with unspecified names, potentially leaking sensitive data via a trusted applet or application. Related vulnerability discussions are ...
CVE-2009-2717
The CVE-2009-2717 entry concerns Sun Java SE 6 on Windows 2000 Professional prior to Update 15, where the AWT implementation lacks a Security Warning Icon. This omission can enable context-dependent attackers to trick users into interacting with an untrusted applet. Affected component: AWT in Jav...