Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-05 | CVE-2009-3868 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. | 9.3 |
| 2009-11-05 | CVE-2009-3867 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. | 9.3 |
| 2009-11-05 | CVE-2009-3866 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. | 9.3 |
| 2009-11-05 | CVE-2009-3865 | Code Injection vulnerability in SUN JDK and JRE The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | 9.3 |
| 2009-11-05 | CVE-2009-3864 | Multiple Security vulnerability in Sun Java SE November 2009 The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. | 7.5 |
| 2009-11-03 | CVE-2009-3851 | Denial-Of-Service vulnerability in SUN Solaris 10.0 Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which makes it easier for physically proximate attackers to access an unattended workstation for which the intended screen locking did not occur, related to the "restart daemon." | 7.2 |
| 2009-11-02 | CVE-2009-3839 | Remote Privilege Escalation vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server. network sun | 6.8 |
| 2009-10-30 | CVE-2009-3549 | Improper Input Validation vulnerability in Wireshark 1.2/1.2.0/1.2.1 packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. | 5.0 |
| 2009-10-22 | CVE-2009-3746 | Configuration vulnerability in SUN Solaris 10 XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711. | 1.9 |
| 2009-10-16 | CVE-2009-3706 | Unspecified vulnerability in SUN Opensolaris and Solaris Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via certain uses of the chown system call. local sun | 4.4 |