CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2009-2722 – JDK Multiple unspecified vulnerabilities in Provider class (incorrect fix)
https://notcve.org/view.php?id=CVE-2009-2722
10 Aug 2009 — Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003. Múltiples vulnerabilidades sin especificar en la clase Provider en Sun Java SE v5.0 anterior a la actualización 20, tiene un impacto y vectores de ataque desconocidos, también conocido como BugId 6429594. NOTA: esta vulnerabilidad existe por una incorrecta corrección del BugId 6406003. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2009-2723 – JDK unspecified deserialization in Provider class
https://notcve.org/view.php?id=CVE-2009-2723
10 Aug 2009 — Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262. Vulnerabilidad sin especificar en la deserialización en la clase Provider en Sun Java SE v5.0 anterior a la actualización 20, tiene un impacto y vectores de ataque desconocidos, también conocido como BufId 6444262 • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2724 – JDK race condition vulnerability reflection checks
https://notcve.org/view.php?id=CVE-2009-2724
10 Aug 2009 — Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks." Condición de carrera en el paquete java.lang en Sun Java SE v5.0 anterior a la actualización 20 tiene un impacto y vectores de ataque desconocidos, relacionados con "Condición de carrera 3Y en comprobaciones de reflexión". • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 0CVE-2009-2689 – OpenJDK JDK13Services grants unnecessary privileges (6777448)
https://notcve.org/view.php?id=CVE-2009-2689
10 Aug 2009 — JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. JDK13Services.getProviders en Sun Java SE v5.0 anteriores a Update 20 y v6 anteriores a Update 15, y en OpenJDK, proporciona privilegios completos a instancias de tipos de objeto no especificadas, permitiendo a atacante... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 0CVE-2009-2690 – OpenJDK private variable information disclosure (6777487)
https://notcve.org/view.php?id=CVE-2009-2690
10 Aug 2009 — The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. The codificador en Sun Java SE v6 anteriores a Update 15, y OpenJDK, permite acceso de lectura a variables privadas con nombres no especificados, permitiendo a atacantes dependientes del contexto obtener información sensible mediante (1) un applet o (2) una aplicació... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-2475 – OpenJDK information leaks in mutable variables (6588003,6656586,6656610,6656625,6657133,6657619,6657625,6657695,6660049,6660539,6813167)
https://notcve.org/view.php?id=CVE-2009-2475
10 Aug 2009 — Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYPE, (5) ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7) DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9) AbstractSaslI... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2476 – OpenJDK OpenType checks can be bypassed (6736293)
https://notcve.org/view.php?id=CVE-2009-2476
10 Aug 2009 — The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object. La implementación de Java Management Extensions (JMX) en Sun Java SE v6 anteriores a Update 15, y en OpenJDK, no refuerza adecuadamente las validaciones OpenType, permitiendo a los atacantes dependientes de... • http://java.sun.com/javase/6/webnotes/6u15.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2009-2712
https://notcve.org/view.php?id=CVE-2009-2712
07 Aug 2009 — Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. Sun Java System Access Manager v6.3 2005Q1, v7.0 2005Q4, y v7.1; y OpenSSO Enterprise v8.0; cuando AMConfig.properties permite a la marca de depuración, permite a los usuarios locales descubrir contraseñas en texto claro mediante la lectura de archivos de depuración. • http://osvdb.org/56815 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2009-2713
https://notcve.org/view.php?id=CVE-2009-2713
07 Aug 2009 — The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 and 7.1, when Cross Domain Single Sign On (CDSSO) is enabled, does not ensure that "policy advice" is presented to the correct client, which allows remote attackers to obtain sensitive information via unspecified vectors. El componente CDCServlet en Sun Java System Access Manager v7.0 2005Q4 y v7.1, cuando Cross Domain Single Sign On (CDSSO) está habilitado, no garantiza que "policy advice" (aviso de políticas) se presenta al cliente corr... • http://secunia.com/advisories/36167 •
CVSS: 9.1EPSS: 13%CPEs: 138EXPL: 0CVE-2009-2676 – JRE applet launcher vulnerability
https://notcve.org/view.php?id=CVE-2009-2676
05 Aug 2009 — Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. Vulnerabilidad no especificada en JNLPAppletlauncher en Sun Java SE, y SE Business, en JDK y JRE 6v Update v14 y anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html •