CVSS: 7.5EPSS: 0%CPEs: 79EXPL: 0CVE-2009-3882 – OpenJDK information leaks in mutable variables (6657026,6657138)
https://notcve.org/view.php?id=CVE-2009-3882
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026. Múltiples vulnerabilidades no especificadas en la implementación Swing en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, tiene un impacto desconocido vectores de ataque remoto, relacionado con "debilidad de información en variables mutables" también conocidos como Bug ID 6657026. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530175 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841 htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2009-3880 – OpenJDK UI logging information leakage(6664512)
https://notcve.org/view.php?id=CVE-2009-3880
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager, aka Bug Id 6664512. El Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, no restringen de forma adecuada los objetos que se pueden enviar a los usuarios que se loguean, lo que permite a atacantes remotos obtener información sensible a través de vectores relativos a la implementación del componente KeyboardFocusManager, y DefaultKeyboardFocusManager, también conocido como Bug Id 6664512. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530296 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10761 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7316 ht • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0CVE-2009-3881 – OpenJDK resurrected classloaders can still have children (6636650)
https://notcve.org/view.php?id=CVE-2009-3881
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650. Sun Java SE v5.0 anterior a Update 22 y 6 anterior a Update 17, y OpenJDK, no previene la existencia de procesos hijo en un ClassLoader resucitada, lo que permite a atacantes remotos obtener privilegios a través de vectores no especificados, relacionado con una vulnerabilidad de debilidad de información., también conocido como Bug Id 6636650. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530173 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6906 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-3879 – OpenJDK GraphicsConfiguration information leak(6822057)
https://notcve.org/view.php?id=CVE-2009-3879
Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057. Múltiples vulnerabilidades no específicas en los subsistemas (1) X11 y (2) Win32GraphicsDevice en Sun Java SE v5.0 anteriores a Update 22 y 6 anteriores a Update 17, y OpenJDK, tienen impacto y vectores de ataque desconocidos, relacionado como el fallo de copiado de tablas que son devueltos por la función getConfiguración, también conocido como Bug Id 6822057. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:084 https://bugzilla.redhat.com/show_bug.cgi?id=530297 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568 htt •
CVSS: 5.0EPSS: 0%CPEs: 38EXPL: 0CVE-2009-3884 – OpenJDK zoneinfo file existence information leak (6824265)
https://notcve.org/view.php?id=CVE-2009-3884
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265. El método TimeZone.getTimeZone en Sun Java SE 5.0 antes de Update22, Sun Java SE 6.0 antes de la actualización 17, y OpenJDK, permite a atacantes remotos determinar la existencia de archivos locales a través de vectores relacionados con el manejo de ficheros zoneinfo (aliasa TZ). Se trata del Bug ID 6824265. • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://secunia.com/advisories/37386 http://secunia.com/advisories/37581 http://security.gentoo.org/glsa/glsa-200911-02.xml http://support.apple.com/kb/HT3969 http://support.apple.com/kb/HT3970 http://www.mandriva.com/security •