Java Se@6 Security Vulnerabilities and Issues — Java Se@6 CVE List

SunJava Se6

9 matches found

CVE•added 2009/08/10 6:0 p.m.•116 views

CVE-2009-2475

CVE-2009-2475 affects Sun Java SE 5.0 before Update 20 and Java SE 6 before Update 15, and OpenJDK. The issue arises from context-dependent attackers exploiting static variables declared without the final keyword in multiple components (e.g., LayoutQueue, Cursor.predefined, AccessibleResourceBund...

7.8CVSS5.8AI score0.14277EPSS

CVE•added 2009/08/10 6:0 p.m.•112 views

CVE-2009-2476

CVE-2009-2476 affects Sun Java SE 6 prior to Update 15 and OpenJDK. The issue is a bypass of OpenType checks, allowing a context-dependent attacker to obtain a reference to a privileged object via finalizer resurrection, effectively bypassing access restrictions. Impact is described as complete c...

10CVSS5.2AI score0.0172EPSS

CVE•added 2009/08/10 8:0 p.m.•107 views

CVE-2009-2720

CVE-2009-2720 affects Sun Java SE 6 Swing (javax.swing.plaf.synth.SynthContext.isSubregion). The vulnerability can cause a denial of service via a NullPointerException in the Jemmy library and is triggered by unspecified vectors. A patch exists in Sun Java SE 6, Update 15 or newer; upgrading to U...

5CVSS6.9AI score0.00643EPSS

CVE•added 2009/08/10 8:0 p.m.•105 views

CVE-2009-2718

The CVE-2009-2718 issue affects Sun Java SE 6 on X11 where the AWT security warning icon distance constraint was not enforced. This makes context-dependent users more susceptible to social-engineering via untrusted applets. The vulnerability is tied to the Java AWT component; remediation noted in...

6.8CVSS7.1AI score0.00527EPSS

CVE•added 2009/08/10 8:0 p.m.•104 views

CVE-2009-2719

CVE-2009-2719: In Sun Java SE 6, the Java Web Start implementation before Update 15 is vulnerable to a DoS via a crafted JNLP file, causing a NullPointerException. The issue is evidenced by the TCK test at jnlp_file/appletDesc/index.html#misc. Affected software is Java Web Start in Java SE 6 prio...

5CVSS6.8AI score0.00643EPSS

CVE•added 2009/08/10 8:0 p.m.•100 views

CVE-2009-2716

CVE-2009-2716 is referenced by multiple vulnerability feeds as addressed by Java/JRE updates in VMware advisories (VMSA-2009-0016, VMSA-2010-0002) and by OpenVAS entries. The linked documents confirm that CVE-2009-2716 is among the CVEs fixed in JRE/JDK updates, specifically in Sun Java JRE 1.5.x...

7.5CVSS7.7AI score0.00302EPSS

CVE•added 2009/08/10 6:0 p.m.•94 views

CVE-2009-2689

CVE-2009-2689 affects OpenJDK and Sun Java Runtime (J2SE 5.0 pre-Update 20 and 6 pre-Update 15). The root cause is that JDK13Services can grant full privileges to certain object types, enabling a context‑dependent attacker using an untrusted applet or application to bypass access restrictions. Th...

10CVSS5.4AI score0.07506EPSS

CVE•added 2009/08/10 6:0 p.m.•88 views

CVE-2009-2690

CVE-2009-2690 affects Sun Java SE 6 before Update 15 and OpenJDK. The issue is an information disclosure where the encoder grants read access to private variables with unspecified names, potentially leaking sensitive data via a trusted applet or application. Related vulnerability discussions are ...

5CVSS5AI score0.04366EPSS

CVE•added 2009/08/10 8:0 p.m.•62 views

CVE-2009-2717

The CVE-2009-2717 entry concerns Sun Java SE 6 on Windows 2000 Professional prior to Update 15, where the AWT implementation lacks a Security Warning Icon. This omission can enable context-dependent attackers to trick users into interacting with an untrusted applet. Affected component: AWT in Jav...

6.8CVSS6.5AI score0.00327EPSS