CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2720 – JDK DoS with Swing Synthcontext implementation
https://notcve.org/view.php?id=CVE-2009-2720
Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors. Vulnerabilidad no especificada en el método javax.swing.plaf.synth.SynthContext.isSubregion en la implementación de Swing en Sun Java SE v6 anteriores a Update 15 permite a los atacantes dependientes del contexto provocar una denegación de servicio (excepción de puntero nulo en la biblioteca Jemmy) mediante vectores desconocidos. • http://java.sun.com/javase/6/webnotes/6u15.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2720 https://bugzilla.redhat.com/show_bug.cgi?id=516823 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2721 – JDK Multiple unspecified vulnerabilities in Provider class
https://notcve.org/view.php?id=CVE-2009-2721
Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003. Múltiples vulnerabilidades no especificadas en la clase "Provider" en Sun Java SE v5.0 anteriores a Update 20 tienen un impacto y vectores de ataque desconocidos, también conocido como BugId 6406003. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2721 •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2009-2722 – JDK Multiple unspecified vulnerabilities in Provider class (incorrect fix)
https://notcve.org/view.php?id=CVE-2009-2722
Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003. Múltiples vulnerabilidades sin especificar en la clase Provider en Sun Java SE v5.0 anterior a la actualización 20, tiene un impacto y vectores de ataque desconocidos, también conocido como BugId 6429594. NOTA: esta vulnerabilidad existe por una incorrecta corrección del BugId 6406003. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advis •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2723 – JDK unspecified deserialization in Provider class
https://notcve.org/view.php?id=CVE-2009-2723
Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262. Vulnerabilidad sin especificar en la deserialización en la clase Provider en Sun Java SE v5.0 anterior a la actualización 20, tiene un impacto y vectores de ataque desconocidos, también conocido como BufId 6444262 • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advis •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2724 – JDK race condition vulnerability reflection checks
https://notcve.org/view.php?id=CVE-2009-2724
Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." Condición de carrera en el paquete java.lang en Sun Java SE v5.0 anterior a la actualización 20 tiene un impacto y vectores de ataque desconocidos, relacionados con "Condición de carrera 3Y en comprobaciones de reflexión". • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37460 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-21-118667-22-1 http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2009/3316 https://access.redhat.com/security/cve/CVE-2009-2724 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •