CVSS: 9.8EPSS: 0%CPEs: 212EXPL: 0CVE-2009-3875 – OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
https://notcve.org/view.php?id=CVE-2009-3875
05 Nov 2009 — The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. La función MessageDigest.isEqual en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE v5.... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 1%CPEs: 339EXPL: 0CVE-2009-3872 – JRE JPEG JFIF Decoder issue (6862969)
https://notcve.org/view.php?id=CVE-2009-3872
05 Nov 2009 — Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. Vulnerabilidad no especificada en el JPEG JFIF Decoder en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anterio... • http://java.sun.com/javase/6/webnotes/6u17.html •
CVSS: 7.5EPSS: 13%CPEs: 212EXPL: 0CVE-2009-3876 – OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
https://notcve.org/view.php?id=CVE-2009-3876
05 Nov 2009 — Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. Vulnerabilidad no especificada en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE v6 anteriores a Update 17, SDK y JRE v1... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 37%CPEs: 339EXPL: 0CVE-2009-3874 – Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3874
04 Nov 2009 — Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Desbordamiento de entero en la implementacion JPEGImageReader en el componente ImageI/O en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK ... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 35%CPEs: 339EXPL: 0CVE-2009-3871 – Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3871
04 Nov 2009 — Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. Desbordamiento de búfer basado en memoria dinámica en la función setBytePixels en Abstract Window Toolkit (AWT) en Java Runtime Enviro... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 92%CPEs: 339EXPL: 3CVE-2009-3867 – Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3867
04 Nov 2009 — Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. Desbordamiento de búfer basado en pila en la función HsbParser.getSoundBank en Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.... • https://www.exploit-db.com/exploits/33315 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 92%CPEs: 339EXPL: 1CVE-2009-3869 – Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3869
04 Nov 2009 — Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. Desbordamiento de búfer basado en pila en la función setDiffICM en Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en S... • https://www.exploit-db.com/exploits/16298 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 2%CPEs: 61EXPL: 0CVE-2009-2673 – OpenJDK proxy mechanism allows non-authorized socket connections (6801497)
https://notcve.org/view.php?id=CVE-2009-2673
05 Aug 2009 — The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. El mecanismo proxy implementado en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anteriores Update v15, y JDK y JRE v5.0 anteriores Update v20, permite a atacantes remotos evitar las rest... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 61EXPL: 0CVE-2009-2670 – OpenJDK Untrusted applet System properties access (6738524)
https://notcve.org/view.php?id=CVE-2009-2670
05 Aug 2009 — The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. El sistema de audio en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, no previene el acceso a las prop... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 3%CPEs: 138EXPL: 0CVE-2009-2676 – JRE applet launcher vulnerability
https://notcve.org/view.php?id=CVE-2009-2676
05 Aug 2009 — Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. Vulnerabilidad no especificada en JNLPAppletlauncher en Sun Java SE, y SE Business, en JDK y JRE 6v Update v14 y anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html •