Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-07 | CVE-2009-2715 | Improper Input Validation vulnerability in SUN Virtualbox 2.2/3.0.2 Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction. | 4.9 |
| 2009-08-07 | CVE-2009-2714 | Local Denial Of Service vulnerability in SUN Virtualbox 3.0.0/3.0.2 Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors. | 4.9 |
| 2009-08-07 | CVE-2009-2713 | Information Disclosure vulnerability in SUN Java System Access Manager and Java System web Server The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. network sun | 4.3 |
| 2009-08-07 | CVE-2009-2712 | Permissions, Privileges, and Access Controls vulnerability in SUN products Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. | 2.1 |
| 2009-08-07 | CVE-2009-2711 | Information Exposure vulnerability in multiple products XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and X11 6.4.1 for Solaris 8, when the Xorg or Xnewt server is used, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276. | 4.9 |
| 2009-08-05 | CVE-2009-2676 | Unspecified vulnerability in SUN products Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. network sun | 6.8 |
| 2009-08-05 | CVE-2009-2675 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | 10.0 |
| 2009-08-05 | CVE-2009-2674 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | 7.5 |
| 2009-08-05 | CVE-2009-2673 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | 7.5 |
| 2009-08-05 | CVE-2009-2672 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | 7.5 |