Page 2 of 13 results (0.014 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). La implementación de Java Web Start en Sun Java SE v6 anteriores a Update 15 permite a los atacantes dependientes del contexto provocar una denegación de servicio (excepción de puntero nulo) mediante un fichero .jnlp modificado, como se ha demostrado al probar jnlp_file/appletDesc/index.html#misc en el Technology Compatibility Kit (TCK) para el Java Network Launching Protocol (JNLP). • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2719 https://bugzilla.redhat.com/show_bug.cgi?id=516820 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262. Vulnerabilidad sin especificar en la deserialización en la clase Provider en Sun Java SE v5.0 anterior a la actualización 20, tiene un impacto y vectores de ataque desconocidos, también conocido como BufId 6444262 • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advis •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." Condición de carrera en el paquete java.lang en Sun Java SE v5.0 anterior a la actualización 20 tiene un impacto y vectores de ataque desconocidos, relacionados con "Condición de carrera 3Y en comprobaciones de reflexión". • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2724 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para X11 no impone la restricción de distancia prevista desde el borde de la ventana al Security Warning Icon, facilitando a atacantes dependientes del contexto que engañen a un usuario para interactuar sin seguridad con un applet no confiable. • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2718 https://bugzilla.redhat.com/show_bug.cgi?id=516815 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspector class and a cache of BeanInfo, and (12) JAX-WS, a different vulnerability than CVE-2009-2673. Sun Java SE v5.0 anterior a la actualización 20 y v6 anterior a la actualización 15, y OpenJDK, pueden permitir a atacantes dependientes del contexto obtener información confidencial a través de vectores de ataque relacionados con variables estáticas que son declaradas sin la palabra clave "final" relacionadas con (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) los complementos ("plugins") imageio, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslImpl.logger, (10) Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) la clase "Introspector" y una caché de BeanInfo, y (12) JAX-WS, una vulnerabilidad diferente de CVE-2009-2673. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36199 http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •