CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4211
https://notcve.org/view.php?id=CVE-2009-4211
04 Dec 2009 — The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program. El script Security Readiness Review (SRR) de la U.S. Defense Information Systems Agency (DISA) para la plataforma Solaris x86 ejecuta ficheros como root en direct... • http://securitytracker.com/id?1023265 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0CVE-2009-4187
https://notcve.org/view.php?id=CVE-2009-4187
03 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el componente Gateway en Sun Java System Portal Server v6.3.1, v7.1, y v7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria. • http://securitytracker.com/id?1023260 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 52EXPL: 0CVE-2009-4075
https://notcve.org/view.php?id=CVE-2009-4075
25 Nov 2009 — Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread." Vulnerabilidad inespecífica en el mecanismo de tiempo limite en sshd en Sun Solaris v10, y OpenSolaris desde snv_99 hasta snv_123, permite a atacantes remotos producir una denegación de servicio (agotamiento de demonio) a través de vectores desconocid... • http://osvdb.org/60498 •
CVSS: 7.8EPSS: 2%CPEs: 78EXPL: 0CVE-2009-3899
https://notcve.org/view.php?id=CVE-2009-3899
06 Nov 2009 — Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Fallo de memoria en el controlador de Sockets Direct Protocol (SDP) en Sun Solaris v10, y OpenSolaris snv_57 hasta snv_94, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante vectores no especificados. • http://securitytracker.com/id?1023124 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 14%CPEs: 339EXPL: 0CVE-2009-3868 – java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970)
https://notcve.org/view.php?id=CVE-2009-3868
05 Nov 2009 — Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. Sun Java SE en JDK y JRE 5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 no analiza adecuadamente el perfil color, lo que pe... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 13%CPEs: 339EXPL: 0CVE-2009-3872 – JRE JPEG JFIF Decoder issue (6862969)
https://notcve.org/view.php?id=CVE-2009-3872
05 Nov 2009 — Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. Vulnerabilidad no especificada en el JPEG JFIF Decoder en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anterio... • http://java.sun.com/javase/6/webnotes/6u17.html •
CVSS: 9.3EPSS: 9%CPEs: 339EXPL: 0CVE-2009-3873 – OpenJDK JPEG Image Writer quantization problem (6862968)
https://notcve.org/view.php?id=CVE-2009-3873
05 Nov 2009 — The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. El JPEG Image Writer en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos obtener privilegios a través de un archivo de imagen m... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 212EXPL: 0CVE-2009-3875 – OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)
https://notcve.org/view.php?id=CVE-2009-3875
05 Nov 2009 — The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. La función MessageDigest.isEqual en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE v5.... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 11%CPEs: 212EXPL: 0CVE-2009-3876 – OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
https://notcve.org/view.php?id=CVE-2009-3876
05 Nov 2009 — Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. Vulnerabilidad no especificada en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE v6 anteriores a Update 17, SDK y JRE v1... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 7%CPEs: 212EXPL: 0CVE-2009-3877 – OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
https://notcve.org/view.php?id=CVE-2009-3877
05 Nov 2009 — Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. Vulnerabilidad no especificada en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE v6 anteriores a Update 17, SDK y JRE v1.3.x... • http://java.sun.com/javase/6/webnotes/6u17.html • CWE-399: Resource Management Errors •