Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-01 | CVE-2009-1219 | Improper Input Validation vulnerability in SUN Java System Calendar Server and ONE Calendar Server Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. | 5.0 |
| 2009-04-01 | CVE-2009-1218 | Cross-Site Scripting vulnerability in SUN Java System Calendar Server and ONE Calendar Server Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via (1) the fmt-out parameter to login.wcap or (2) the date parameter to command.shtml. | 4.3 |
| 2009-04-01 | CVE-2009-1207 | Race Condition vulnerability in SUN Opensolaris and Solaris Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. | 4.4 |
| 2009-03-30 | CVE-2009-1170 | Local Privilege Escalation vulnerability in SUN Opensolaris Snv100/Snv101 Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process. local sun | 6.9 |
| 2009-03-25 | CVE-2009-1107 | Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. network sun | 4.3 |
| 2009-03-25 | CVE-2009-1106 | Improper Input Validation vulnerability in SUN JDK and JRE The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. | 6.4 |
| 2009-03-25 | CVE-2009-1105 | Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. | 7.5 |
| 2009-03-25 | CVE-2009-1104 | Configuration vulnerability in SUN Java The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. | 5.8 |
| 2009-03-25 | CVE-2009-1103 | Multiple Security vulnerability in Sun Java Runtime Environment and Java Development Kit Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. | 6.4 |
| 2009-03-25 | CVE-2009-1102 | Code Injection vulnerability in SUN Java Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | 6.4 |