Java Se@6 Security Vulnerabilities and Issues — Java Se@6 CVE List

Lucene search

SunJava Se6

9 matches found

CVE•added 2009/08/10 6:30 p.m.•97 views

CVE-2009-2475

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResource...

7.8CVSS5.8AI score0.11393EPSS

CVE•added 2009/08/10 6:30 p.m.•94 views

CVE-2009-2476

The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged o...

10CVSS5.2AI score0.01825EPSS

CVE•added 2009/08/10 8:30 p.m.•94 views

CVE-2009-2718

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an ...

6.8CVSS7.1AI score0.00527EPSS

CVE•added 2009/08/10 8:30 p.m.•87 views

CVE-2009-2716

The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors.

7.5CVSS7.7AI score0.00302EPSS

CVE•added 2009/08/10 8:30 p.m.•85 views

CVE-2009-2719

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Jav...

5CVSS6.8AI score0.00643EPSS

CVE•added 2009/08/10 8:30 p.m.•85 views

CVE-2009-2720

Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.

5CVSS6.9AI score0.00643EPSS

CVE•added 2009/08/10 6:30 p.m.•79 views

CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

10CVSS5.4AI score0.07928EPSS

CVE•added 2009/08/10 6:30 p.m.•73 views

CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.

5CVSS5AI score0.04366EPSS

CVE•added 2009/08/10 8:30 p.m.•50 views

CVE-2009-2717

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.

6.8CVSS6.5AI score0.0035EPSS