16 matches found
CVE-2009-3884
CVE-2009-3884 is an information-leak vulnerability in the TimeZone.getTimeZone handling for zoneinfo files used by Sun Java/OpenJDK JRE/OpenJDK (Sun JRE 5.0/6, Update 22/17 or prior, and OpenJDK). The issue allows a remote attacker to probe the local filesystem by observing how tz files are proce...
CVE-2009-3728
The CVE-2009-3728 entry refers to a directory traversal vulnerability in the ICC_Profile.getInstance method of the Java Runtime Environment (JRE). Affected products include Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17, as well as OpenJDK. The root cause is an insecure pathname ...
CVE-2009-2475
CVE-2009-2475 affects Sun Java SE 5.0 before Update 20 and Java SE 6 before Update 15, and OpenJDK. The issue arises from context-dependent attackers exploiting static variables declared without the final keyword in multiple components (e.g., LayoutQueue, Cursor.predefined, AccessibleResourceBund...
CVE-2009-2476
CVE-2009-2476 affects Sun Java SE 6 prior to Update 15 and OpenJDK. The issue is a bypass of OpenType checks, allowing a context-dependent attacker to obtain a reference to a privileged object via finalizer resurrection, effectively bypassing access restrictions. Impact is described as complete c...
CVE-2009-3880
CVE-2009-3880 affects Sun Java SE 5.0 and 6 (OpenJDK) where the JRE improperly restricts objects sent to logging, allowing information leakage via logging of Component/KeyboardFocusManager objects. Impact is information disclosure; no exploitation details described beyond this in the sources, and...
CVE-2009-3883
CVE-2009-3883 affects Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17 (OpenJDK) in the Swing PL&F implementation. The issue involves information leaks in mutable variables within Swing, enabling potential remote disclosure with partial confidentiality, integrity, and availability ...
CVE-2009-0723
CVE-2009-0723 affects LittleCMS (lcms/liblcms) before 1.18beta2. The vulnerability comprises multiple integer overflows that, when processing crafted image files, can trigger a heap-based buffer overflow. This issue is noted to be exploitable in contexts where LittleCMS is used (e.g., in Firefox ...
CVE-2009-3881
CVE-2009-3881 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), and OpenJDK. The issue is that class loader hierarchy can allow children of a resurrected ClassLoader to exist, enabling a remote attacker to gain privileges via unspecified vectors (information leak vulner...
CVE-2009-3879
CVE-2009-3879 affects Sun Java SE 5.0 (before Update 22) and 6 (before Update 17) and OpenJDK, in the X11GraphicsDevice and related components. The issue stems from failure to clone arrays returned by getConfigurations, potentially exposing sensitive information or allowing unintended access to g...
CVE-2009-0733
LittleCMS (lcms/liblcms) contains multiple stack-based buffer overflows in ReadSetOfCurves, affecting versions before 1.18beta2. The flaw allows context-dependent attackers to execute arbitrary code via a crafted image file with a large integer value for the input or output channel, tied to ReadL...
CVE-2009-3882
CVE-2009-3882 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), as well as OpenJDK. Root cause is an information leak in mutable variables (Bug 6657026) in the Swing implementation. Consequences include potential information disclosure and related partial impacts to con...
CVE-2009-0793
CVE-2009-0793 affects LittleCMS (lcms) 1.18, specifically cmsxform.c handling transformations of monochrome profiles. The issue enables a remote attacker to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers incorrect code execution in mon...
CVE-2009-2689
CVE-2009-2689 affects OpenJDK and Sun Java Runtime (J2SE 5.0 pre-Update 20 and 6 pre-Update 15). The root cause is that JDK13Services can grant full privileges to certain object types, enabling a context‑dependent attacker using an untrusted applet or application to bypass access restrictions. Th...
CVE-2009-2690
CVE-2009-2690 affects Sun Java SE 6 before Update 15 and OpenJDK. The issue is an information disclosure where the encoder grants read access to private variables with unspecified names, potentially leaking sensitive data via a trusted applet or application. Related vulnerability discussions are ...
CVE-2009-1896
The CVE-2009-1896 entry concerns the Java Web Start framework in OpenJDK via IcedTea. Affected: OpenJDK/OpenJDK with Java Web Start on Fedora 10/11 (before 1.6.0.0-20.b16.fc10 and before 1.6.0.0-27.b16.fc11, respectively). Root cause: the framework trusts an entire application if any one of the l...
CVE-2009-0794
CVE-2009-0794 is an integer overflow in the PulseAudioTargetDataL class used by Pulse-Java (PulseAudio source data line) in OpenJDK 1.6.0.0 and related products, allowing remote attackers to trigger a denial of service (applet crash). Connected advisories indicate patches for java-1.6.0-openjdk w...