CVSS: 9.8EPSS: 85%CPEs: 339EXPL: 1CVE-2009-3869 – Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3869
04 Nov 2009 — Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. Desbordamiento de búfer basado en pila en la función setDiffICM en Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en S... • https://www.exploit-db.com/exploits/16298 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 10%CPEs: 339EXPL: 0CVE-2009-3871 – Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3871
04 Nov 2009 — Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. Desbordamiento de búfer basado en memoria dinámica en la función setBytePixels en Abstract Window Toolkit (AWT) en Java Runtime Enviro... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 6%CPEs: 339EXPL: 0CVE-2009-3874 – Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3874
04 Nov 2009 — Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Desbordamiento de entero en la implementacion JPEGImageReader en el componente ImageI/O en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK ... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 89%CPEs: 339EXPL: 3CVE-2009-3867 – Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3867
04 Nov 2009 — Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. Desbordamiento de búfer basado en pila en la función HsbParser.getSoundBank en Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.... • https://www.exploit-db.com/exploits/33315 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2716 – JDK improper version selection
https://notcve.org/view.php?id=CVE-2009-2716
10 Aug 2009 — The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors. La funcionalidad de plugin en Sun Java SE v6 versiones anteriores a Update 15 no implementa adecuadamente la selección de versión, permitiendo a atacantes dependientes del contexto aprovechar vulnerabilidades en "gestión antigua de ficheros zip... • http://java.sun.com/javase/6/webnotes/6u15.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2717
https://notcve.org/view.php?id=CVE-2009-2717
10 Aug 2009 — The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para Windows 2000 Professional no proporciona un Security Warning Icon, facilitando a atacantes dependientes del contexto que engañen a un usuar... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2718 – JDK reposition of untrusted applet security icon in X11
https://notcve.org/view.php?id=CVE-2009-2718
10 Aug 2009 — The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet. La implementación de Abstract Window Toolkit (AWT) en Sun Java SE v6 anteriores a Update 15 para X11 no impone la restricción de distancia prevista desde el borde de la ventana al Security Warnin... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2719 – JDK DoS with crafted .jnlp file
https://notcve.org/view.php?id=CVE-2009-2719
10 Aug 2009 — The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP). La implementación de Java Web Start en Sun Java SE v6 anteriores a Update 15 permite a los atacantes dependientes del contexto provocar una denegación de servicio (excepción de... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2720 – JDK DoS with Swing Synthcontext implementation
https://notcve.org/view.php?id=CVE-2009-2720
10 Aug 2009 — Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors. Vulnerabilidad no especificada en el método javax.swing.plaf.synth.SynthContext.isSubregion en la implementación de Swing en Sun Java SE v6 anteriores a Update 15 permite a los atacantes dependientes del contexto provocar una denegac... • http://java.sun.com/javase/6/webnotes/6u15.html •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2009-2721 – JDK Multiple unspecified vulnerabilities in Provider class
https://notcve.org/view.php?id=CVE-2009-2721
10 Aug 2009 — Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003. Múltiples vulnerabilidades no especificadas en la clase "Provider" en Sun Java SE v5.0 anteriores a Update 20 tienen un impacto y vectores de ataque desconocidos, también conocido como BugId 6406003. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •