Lucene search
K
SunOpenjdk

16 matches found

CVE
CVE
added 2009/11/09 7:0 p.m.125 views

CVE-2009-3884

CVE-2009-3884 is an information-leak vulnerability in the TimeZone.getTimeZone handling for zoneinfo files used by Sun Java/OpenJDK JRE/OpenJDK (Sun JRE 5.0/6, Update 22/17 or prior, and OpenJDK). The issue allows a remote attacker to probe the local filesystem by observing how tz files are proce...

5CVSS5.8AI score0.02951EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.121 views

CVE-2009-3728

The CVE-2009-3728 entry refers to a directory traversal vulnerability in the ICC_Profile.getInstance method of the Java Runtime Environment (JRE). Affected products include Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17, as well as OpenJDK. The root cause is an insecure pathname ...

5CVSS5.8AI score0.03751EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.120 views

CVE-2009-2475

CVE-2009-2475 affects Sun Java SE 5.0 before Update 20 and Java SE 6 before Update 15, and OpenJDK. The issue arises from context-dependent attackers exploiting static variables declared without the final keyword in multiple components (e.g., LayoutQueue, Cursor.predefined, AccessibleResourceBund...

7.8CVSS5.8AI score0.02318EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.115 views

CVE-2009-2476

CVE-2009-2476 affects Sun Java SE 6 prior to Update 15 and OpenJDK. The issue is a bypass of OpenType checks, allowing a context-dependent attacker to obtain a reference to a privileged object via finalizer resurrection, effectively bypassing access restrictions. Impact is described as complete c...

10CVSS5.2AI score0.02877EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.115 views

CVE-2009-3880

CVE-2009-3880 affects Sun Java SE 5.0 and 6 (OpenJDK) where the JRE improperly restricts objects sent to logging, allowing information leakage via logging of Component/KeyboardFocusManager objects. Impact is information disclosure; no exploitation details described beyond this in the sources, and...

5CVSS5.4AI score0.01788EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.113 views

CVE-2009-3883

CVE-2009-3883 affects Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17 (OpenJDK) in the Swing PL&F implementation. The issue involves information leaks in mutable variables within Swing, enabling potential remote disclosure with partial confidentiality, integrity, and availability ...

7.5CVSS6.3AI score0.02034EPSS
CVE
CVE
added 2009/03/23 2:0 p.m.108 views

CVE-2009-0723

CVE-2009-0723 affects LittleCMS (lcms/liblcms) before 1.18beta2. The vulnerability comprises multiple integer overflows that, when processing crafted image files, can trigger a heap-based buffer overflow. This issue is noted to be exploitable in contexts where LittleCMS is used (e.g., in Firefox ...

9.3CVSS7.9AI score0.05027EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.108 views

CVE-2009-3881

CVE-2009-3881 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), and OpenJDK. The issue is that class loader hierarchy can allow children of a resurrected ClassLoader to exist, enabling a remote attacker to gain privileges via unspecified vectors (information leak vulner...

7.5CVSS6.4AI score0.02666EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.105 views

CVE-2009-3879

CVE-2009-3879 affects Sun Java SE 5.0 (before Update 22) and 6 (before Update 17) and OpenJDK, in the X11GraphicsDevice and related components. The issue stems from failure to clone arrays returned by getConfigurations, potentially exposing sensitive information or allowing unintended access to g...

7.5CVSS6.2AI score0.02342EPSS
CVE
CVE
added 2009/03/23 2:0 p.m.104 views

CVE-2009-0733

LittleCMS (lcms/liblcms) contains multiple stack-based buffer overflows in ReadSetOfCurves, affecting versions before 1.18beta2. The flaw allows context-dependent attackers to execute arbitrary code via a crafted image file with a large integer value for the input or output channel, tied to ReadL...

9.3CVSS7.8AI score0.05534EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.103 views

CVE-2009-3882

CVE-2009-3882 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), as well as OpenJDK. Root cause is an information leak in mutable variables (Bug 6657026) in the Swing implementation. Consequences include potential information disclosure and related partial impacts to con...

7.5CVSS6.3AI score0.02034EPSS
CVE
CVE
added 2009/04/09 3:0 p.m.102 views

CVE-2009-0793

CVE-2009-0793 affects LittleCMS (lcms) 1.18, specifically cmsxform.c handling transformations of monochrome profiles. The issue enables a remote attacker to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers incorrect code execution in mon...

4.3CVSS6.6AI score0.04834EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.98 views

CVE-2009-2689

CVE-2009-2689 affects OpenJDK and Sun Java Runtime (J2SE 5.0 pre-Update 20 and 6 pre-Update 15). The root cause is that JDK13Services can grant full privileges to certain object types, enabling a context‑dependent attacker using an untrusted applet or application to bypass access restrictions. Th...

10CVSS5.4AI score0.02839EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.90 views

CVE-2009-2690

CVE-2009-2690 affects Sun Java SE 6 before Update 15 and OpenJDK. The issue is an information disclosure where the encoder grants read access to private variables with unspecified names, potentially leaking sensitive data via a trusted applet or application. Related vulnerability discussions are ...

5CVSS5AI score0.02579EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.71 views

CVE-2009-1896

The CVE-2009-1896 entry concerns the Java Web Start framework in OpenJDK via IcedTea. Affected: OpenJDK/OpenJDK with Java Web Start on Fedora 10/11 (before 1.6.0.0-20.b16.fc10 and before 1.6.0.0-27.b16.fc11, respectively). Root cause: the framework trusts an entire application if any one of the l...

10CVSS7.2AI score0.03031EPSS
CVE
CVE
added 2009/04/13 4:0 p.m.67 views

CVE-2009-0794

CVE-2009-0794 is an integer overflow in the PulseAudioTargetDataL class used by Pulse-Java (PulseAudio source data line) in OpenJDK 1.6.0.0 and related products, allowing remote attackers to trigger a denial of service (applet crash). Connected advisories indicate patches for java-1.6.0-openjdk w...

5CVSS6.5AI score0.03024EPSS