CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2009-2690 – OpenJDK private variable information disclosure (6777487)
https://notcve.org/view.php?id=CVE-2009-2690
10 Aug 2009 — The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. The codificador en Sun Java SE v6 anteriores a Update 15, y OpenJDK, permite acceso de lectura a variables privadas con nombres no especificados, permitiendo a atacantes dependientes del contexto obtener información sensible mediante (1) un applet o (2) una aplicació... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-2475 – OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
https://notcve.org/view.php?id=CVE-2009-2475
10 Aug 2009 — Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslI... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2476 – OpenJDK OpenType checks can be bypassed (6736293)
https://notcve.org/view.php?id=CVE-2009-2476
10 Aug 2009 — The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. La implementación de Java Management Extensions (JMX) en Sun Java SE v6 anteriores a Update 15, y en OpenJDK, no refuerza adecuadamente las validaciones OpenType, permitiendo a los atacantes dependientes de... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •