Page 34 of 205 results (0.015 seconds)

CVSS: 7.5EPSS: 2%CPEs: 61EXPL: 0

CVE-2009-2673 – OpenJDK proxy mechanism allows non-authorized socket connections (6801497)

https://notcve.org/view.php?id=CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. El mecanismo proxy implementado en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anteriores Update v15, y JDK y JRE v5.0 anteriores Update v20, permite a atacantes remotos evitar las restricciones de acceso previstas y conectarse a sitios a su elección a través de vectores no especificados, relacionados con una declaración que carece de clave final. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://osvdb.org/56785 http&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 3%CPEs: 61EXPL: 0

CVE-2009-2672 – OpenJDK Proxy mechanism information leaks (6801071)

https://notcve.org/view.php?id=CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. El mecanismo proxy implementado en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, no previene el acceso a las cookies del buscador por (1) applets y (2) aplicaciones Java Web Start no confiables, que permiten a atacantes remotos secuestrar las sesiones web a través de vectores no especificados. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0

CVE-2009-2674 – Java Web Start Buffer JPEG processing integer overflow (6823373)

https://notcve.org/view.php?id=CVE-2009-2674

Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en el archivo javaws.exe en Sun Java Web Start en Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 anterior a Update 15, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de una imagen JPEG creada que no se maneja apropiadamente durante la visualización de una imagen de bienvenida, que desencadena un desbordamiento de búfer basado en la región heap de la memoria. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories/36162 http://secunia.com/advisories/36176 http://secunia.com/advisories/36180 http://secunia.com/advisories/36248 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 1%CPEs: 61EXPL: 0

CVE-2009-2670 – OpenJDK Untrusted applet System properties access (6738524)

https://notcve.org/view.php?id=CVE-2009-2670

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. El sistema de audio en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, no previene el acceso a las propiedades java.lang.System (1) applets and (2)aplicaciones Java Web Start no confiables, permitiendo a atacantes dependientes del contexto obtener información sensible por la lectura de esas propiedades. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://osvdb.org/56788 http&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 0

CVE-2009-2671 – OpenJDK Proxy mechanism information leaks (6801071)

https://notcve.org/view.php?id=CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. El SOCKS proxy implementado en Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, permite a atacantes remotos descubrir la cuenta de usuario que invoca un (1) applet o (2)aplicación Java Web Start no confiable a través de vectores no especificados. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 http://java.sun.com/javase/6/webnotes/6u15.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://marc.info/?l=bugtraq&m=125787273209737&w=2 http://secunia.com/advisories •