Vulnerabilities > SUN > Openjdk
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-11-09 | CVE-2009-3884 | Unspecified vulnerability in SUN JRE and Openjdk The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. | 5.0 |
2009-11-09 | CVE-2009-3883 | Information Exposure vulnerability in SUN Jdk, JRE and Openjdk Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. | 7.5 |
2009-11-09 | CVE-2009-3882 | Information Exposure vulnerability in SUN Jdk, JRE and Openjdk Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. | 7.5 |
2009-11-09 | CVE-2009-3881 | Information Exposure vulnerability in SUN JRE and Openjdk Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. | 7.5 |
2009-11-09 | CVE-2009-3880 | Permissions, Privileges, and Access Controls vulnerability in SUN JRE and Openjdk The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. | 5.0 |
2009-11-09 | CVE-2009-3879 | Unspecified vulnerability in SUN JRE and Openjdk Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. | 7.5 |
2009-11-09 | CVE-2009-3728 | Path Traversal vulnerability in SUN JRE and Openjdk Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. | 5.0 |
2009-08-10 | CVE-2009-2690 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | 5.0 |
2009-08-10 | CVE-2009-2689 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | 10.0 |
2009-08-10 | CVE-2009-2476 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | 10.0 |