Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-10 | CVE-2009-2720 | Unspecified vulnerability in SUN Java SE Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors. | 5.0 |
| 2009-08-10 | CVE-2009-2719 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Java SE The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). | 5.0 |
| 2009-08-10 | CVE-2009-2718 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE 6 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | 6.8 |
| 2009-08-10 | CVE-2009-2717 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. | 6.8 |
| 2009-08-10 | CVE-2009-2716 | Unspecified vulnerability in SUN Java SE The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors. | 7.5 |
| 2009-08-10 | CVE-2009-2690 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | 5.0 |
| 2009-08-10 | CVE-2009-2689 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | 10.0 |
| 2009-08-10 | CVE-2009-2476 | Permissions, Privileges, and Access Controls vulnerability in SUN Java SE and Openjdk The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. | 10.0 |
| 2009-08-10 | CVE-2009-2475 | Information Exposure vulnerability in SUN Java SE and Openjdk Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. | 7.8 |
| 2009-08-10 | CVE-2009-1896 | Permissions, Privileges, and Access Controls vulnerability in SUN Openjdk The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX. | 10.0 |