CVSS: 9.8EPSS: 1%CPEs: 38EXPL: 0CVE-2009-3881 – OpenJDK resurrected classloaders can still have children (6636650)
https://notcve.org/view.php?id=CVE-2009-3881
09 Nov 2009 — Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. Sun Java SE v5.0 anterior a Update 22 y 6 anterior a Update 17, y OpenJDK, no previene la existencia de procesos hijo en un ClassLoader resucitada, lo que permite a atacantes remotos obtener privilegios a través de vectores no ... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-3880 – OpenJDK UI logging information leakage(6664512)
https://notcve.org/view.php?id=CVE-2009-3880
09 Nov 2009 — The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. El Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en Sun Java SE v5.0 anteriores a Update 22 y 6 ant... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-3884 – OpenJDK zoneinfo file existence information leak (6824265)
https://notcve.org/view.php?id=CVE-2009-3884
09 Nov 2009 — The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. El método TimeZone.getTimeZone en Sun Java SE 5.0 antes de Update22, Sun Java SE 6.0 antes de la actualización 17, y OpenJDK, permite a atacantes remotos determinar la existencia de archivos locales a través de vectores relacionados con el manejo de ficheros zo... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-3879 – OpenJDK GraphicsConfiguration information leak(6822057)
https://notcve.org/view.php?id=CVE-2009-3879
09 Nov 2009 — Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. Múltiples vulnerabilidades no específicas en los subsistemas (1) X11 y (2) Win32GraphicsDevice en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, tienen impacto y vector... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •
CVSS: 7.5EPSS: 0%CPEs: 79EXPL: 0CVE-2009-3882 – OpenJDK information leaks in mutable variables (6657026,6657138)
https://notcve.org/view.php?id=CVE-2009-3882
09 Nov 2009 — Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. Múltiples vulnerabilidades no especificadas en la implementación Swing en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, tiene un impacto desconocido vectores de ataque remoto, relacionado con "debilidad de información en ... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 79EXPL: 0CVE-2009-3883 – OpenJDK information leaks in mutable variables (6657026,6657138)
https://notcve.org/view.php?id=CVE-2009-3883
09 Nov 2009 — Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657138. Múltiples vulnerabilidades no especificadas en la funcionalidad Windows Pluggable Look and Feel (PL&F) de la implementación de Swing en Sun Java SE 5.0 antes de Update 22, Sun Java SE 6.0 antes de la ... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2009-3886 – REGRESSION: have problem to run JNLP app and applets with signed Jar files (6870531)
https://notcve.org/view.php?id=CVE-2009-3886
09 Nov 2009 — The Java Web Start implementation in Sun Java SE 6 before Update 17 does not properly handle the interaction between a signed JAR file and a JNLP (1) application or (2) applet, which has unspecified impact and attack vectors, related to a "regression," aka Bug Id 6870531. La implementación de Java Web Start en Sun Java SE v6 antes de la Update17 no controla correctamente la interacción entre un archivo JAR firmado y (1) una aplicación JNLP o (2) un applet JNLP, lo que tiene un impacto no especificado y vect... • http://java.sun.com/javase/6/webnotes/6u17.html •
CVSS: 9.3EPSS: 1%CPEs: 339EXPL: 0CVE-2009-3868 – java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)
https://notcve.org/view.php?id=CVE-2009-3868
05 Nov 2009 — Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 no analiza adecuadamente el perfil color, lo que pe... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 339EXPL: 0CVE-2009-3873 – OpenJDK JPEG Image Writer quantization problem (6862968)
https://notcve.org/view.php?id=CVE-2009-3873
05 Nov 2009 — The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. El JPEG Image Writer en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos obtener privilegios a través de un archivo de imagen m... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 12%CPEs: 212EXPL: 0CVE-2009-3877 – OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
https://notcve.org/view.php?id=CVE-2009-3877
05 Nov 2009 — Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. Vulnerabilidad no especificada en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE v6 anteriores a Update 17, SDK y JRE v1.3.x... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-399: Resource Management Errors •