Lucene search
K

11 matches found

CVE
CVE
added 2009/11/09 7:0 p.m.125 views

CVE-2009-3884

CVE-2009-3884 is an information-leak vulnerability in the TimeZone.getTimeZone handling for zoneinfo files used by Sun Java/OpenJDK JRE/OpenJDK (Sun JRE 5.0/6, Update 22/17 or prior, and OpenJDK). The issue allows a remote attacker to probe the local filesystem by observing how tz files are proce...

5CVSS5.8AI score0.02951EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.121 views

CVE-2009-2475

CVE-2009-2475 affects Sun Java SE 5.0 before Update 20 and Java SE 6 before Update 15, and OpenJDK. The issue arises from context-dependent attackers exploiting static variables declared without the final keyword in multiple components (e.g., LayoutQueue, Cursor.predefined, AccessibleResourceBund...

7.8CVSS5.8AI score0.02318EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.121 views

CVE-2009-3728

The CVE-2009-3728 entry refers to a directory traversal vulnerability in the ICC_Profile.getInstance method of the Java Runtime Environment (JRE). Affected products include Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17, as well as OpenJDK. The root cause is an insecure pathname ...

5CVSS5.8AI score0.03751EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.116 views

CVE-2009-3880

CVE-2009-3880 affects Sun Java SE 5.0 and 6 (OpenJDK) where the JRE improperly restricts objects sent to logging, allowing information leakage via logging of Component/KeyboardFocusManager objects. Impact is information disclosure; no exploitation details described beyond this in the sources, and...

5CVSS5.4AI score0.01788EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.115 views

CVE-2009-2476

CVE-2009-2476 affects Sun Java SE 6 prior to Update 15 and OpenJDK. The issue is a bypass of OpenType checks, allowing a context-dependent attacker to obtain a reference to a privileged object via finalizer resurrection, effectively bypassing access restrictions. Impact is described as complete c...

10CVSS5.2AI score0.02877EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.114 views

CVE-2009-3883

CVE-2009-3883 affects Sun Java SE 5.0 before Update 22 and Java SE 6 before Update 17 (OpenJDK) in the Swing PL&F implementation. The issue involves information leaks in mutable variables within Swing, enabling potential remote disclosure with partial confidentiality, integrity, and availability ...

7.5CVSS6.3AI score0.02034EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.108 views

CVE-2009-3881

CVE-2009-3881 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), and OpenJDK. The issue is that class loader hierarchy can allow children of a resurrected ClassLoader to exist, enabling a remote attacker to gain privileges via unspecified vectors (information leak vulner...

7.5CVSS6.4AI score0.02666EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.105 views

CVE-2009-3879

CVE-2009-3879 affects Sun Java SE 5.0 (before Update 22) and 6 (before Update 17) and OpenJDK, in the X11GraphicsDevice and related components. The issue stems from failure to clone arrays returned by getConfigurations, potentially exposing sensitive information or allowing unintended access to g...

7.5CVSS6.2AI score0.02342EPSS
CVE
CVE
added 2009/11/09 7:0 p.m.103 views

CVE-2009-3882

CVE-2009-3882 affects Sun Java SE 5.0 (before Update 22) and Java SE 6 (before Update 17), as well as OpenJDK. Root cause is an information leak in mutable variables (Bug 6657026) in the Swing implementation. Consequences include potential information disclosure and related partial impacts to con...

7.5CVSS6.3AI score0.02034EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.98 views

CVE-2009-2689

CVE-2009-2689 affects OpenJDK and Sun Java Runtime (J2SE 5.0 pre-Update 20 and 6 pre-Update 15). The root cause is that JDK13Services can grant full privileges to certain object types, enabling a context‑dependent attacker using an untrusted applet or application to bypass access restrictions. Th...

10CVSS5.4AI score0.02839EPSS
CVE
CVE
added 2009/08/10 6:0 p.m.91 views

CVE-2009-2690

CVE-2009-2690 affects Sun Java SE 6 before Update 15 and OpenJDK. The issue is an information disclosure where the encoder grants read access to private variables with unspecified names, potentially leaking sensitive data via a trusted applet or application. Related vulnerability discussions are ...

5CVSS5AI score0.02579EPSS