CVSS: 7.5EPSS: 13%CPEs: 9EXPL: 3CVE-2009-1219 – Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service
https://notcve.org/view.php?id=CVE-2009-1219
01 Apr 2009 — Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter. Sun Calendar Express Web Server en Sun ONE Calendar Server v6.0 y Sun Java System Calendar Server 6 2004Q2 hasta 6.3-7.01 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de múltiples ... • https://www.exploit-db.com/exploits/32860 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 0CVE-2009-1099 – OpenJDK: Type1 font processing buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2009-1099
25 Mar 2009 — Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow. Un error de firma de enteros en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) versiones 5.0 Update 17 y anteriores, y versiones 6 Update 12 y anteriores, permite a l... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2009-1102 – OpenJDK code generation vulnerability (6636360)
https://notcve.org/view.php?id=CVE-2009-1102
25 Mar 2009 — Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." Vulnerabilidad sin especificar en la Máquina Virtual de Java en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 6 Update 12 y anteriores, permite a atacantes remotos acceder a ficheros y ejecutar código de su elección a través de vectores ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 0CVE-2009-1103 – OpenJDK: Files disclosure, arbitrary code execution via "deserializing applets" (6646860)
https://notcve.org/view.php?id=CVE-2009-1103
25 Mar 2009 — Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. Vulnerabilidad sin especificar en el Plug-in Java enn Java SE Development Kit (JDK) y Java Runtime Environment (JRE) 5.0 Update 17 y anteriores; 6 Update 12 y a... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2009-1104 – OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)
https://notcve.org/view.php?id=CVE-2009-1104
25 Mar 2009 — The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors. El plug... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 • CWE-16: Configuration •
CVSS: 9.1EPSS: 8%CPEs: 1EXPL: 0CVE-2009-1105 – OpenJDK: Possibility of trusted applet run in older, vulnerable version of JRE (6706490)
https://notcve.org/view.php?id=CVE-2009-1105
25 Mar 2009 — The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490. El plug-in en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update 12, 11 y 10 permite a atacantes remotos asistidos por usuarios locales, provocar una que un applet de confianza ejecutarse en una versió... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2009-1107 – OpenJDK: Signed applet remote misuse possibility (6782871)
https://notcve.org/view.php?id=CVE-2009-1107
25 Mar 2009 — The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. El plugin de Java de Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v6 Update 12 y anteriores, y v5.0 Update 17 y anteriores, permite a atacantes ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1079
https://notcve.org/view.php?id=CVE-2009-1079
25 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager (IdM) v7.0 hasta v8.0 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados, también conocido como Bug IDs 19659, 19660, y 19... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1080
https://notcve.org/view.php?id=CVE-2009-1080
25 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033. Vulnerabilidad múltiple de ejecución de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Identity Manager (IdM) 7.0 hasta 8.0 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados, también conoci... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1081
https://notcve.org/view.php?id=CVE-2009-1081
25 Mar 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager (IdM) v7.0 a v8.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores sin especificar, también conocido como Bug IDs ... • http://blogs.sun.com/security/entry/sun_alert_253267_sun_java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •