Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-05-21 | CVE-2009-1729 | Cross-Site Scripting vulnerability in SUN Java System Communications Express 6.2/6.3 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. | 4.3 |
| 2009-05-18 | CVE-2009-1673 | Local Denial Of Service vulnerability in SUN Solaris 9 The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD. | 4.9 |
| 2009-05-06 | CVE-2009-1554 | Cross-Site Scripting vulnerability in SUN Woodstock 4.2 Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF. | 4.3 |
| 2009-04-29 | CVE-2009-1478 | Local Denial of Service vulnerability in SUN Opensolaris and Solaris Multiple unspecified vulnerabilities in the DTrace ioctl handlers in Sun Solaris 10, and OpenSolaris before snv_114, allow local users to cause a denial of service (panic) via unknown vectors. | 4.9 |
| 2009-04-27 | CVE-2009-1190 | Resource Management Errors vulnerability in SUN JDK Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540. | 5.0 |
| 2009-04-23 | CVE-2009-1357 | Improper Input Validation vulnerability in SUN Java System Delegated Administrator 6.2/6.3/6.4 CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter. | 6.8 |
| 2009-04-22 | CVE-2009-1359 | Local Denial Of Service vulnerability in Sun OpenSolaris SCTP Sockets Unspecified vulnerability in the SCTP sockets implementation in Sun OpenSolaris snv_106 through snv_107 allows local users to cause a denial of service (panic) via unknown vectors. | 4.9 |
| 2009-04-17 | CVE-2009-1332 | Information Disclosure vulnerability in Sun Java System Directory Server 5.0/5.2 The Online Help feature in Sun Java System Directory Server 5.2 and Enterprise Edition 5 allows remote attackers to determine the existence of files and directories, and possibly obtain partial contents of files, via unspecified vectors. | 5.0 |
| 2009-04-15 | CVE-2009-1006 | Multiple vulnerability in Oracle April 2009 Critical Patch Update Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
| 2009-04-09 | CVE-2009-1276 | Information Exposure vulnerability in SUN Opensolaris and Solaris XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. | 2.1 |