CVSS: 9.1EPSS: 3%CPEs: 138EXPL: 0CVE-2009-2676 – JRE applet launcher vulnerability
https://notcve.org/view.php?id=CVE-2009-2676
05 Aug 2009 — Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. Vulnerabilidad no especificada en JNLPAppletlauncher en Sun Java SE, y SE Business, en JDK y JRE 6v Update v14 y anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.html •
CVSS: 7.5EPSS: 1%CPEs: 61EXPL: 0CVE-2009-2671 – OpenJDK Proxy mechanism information leaks (6801071)
https://notcve.org/view.php?id=CVE-2009-2671
05 Aug 2009 — The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. El SOCKS proxy implementado en Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, permite a atacantes remotos descubrir la cuenta de usuario que invoca un ... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 •
CVSS: 9.8EPSS: 9%CPEs: 27EXPL: 0CVE-2009-2674 – Java Web Start Buffer JPEG processing integer overflow (6823373)
https://notcve.org/view.php?id=CVE-2009-2674
05 Aug 2009 — Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en el archivo javaws.exe en Sun Java Web Start en Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 anterior a Update 15, permite a los atacantes dependien... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 14%CPEs: 61EXPL: 0CVE-2009-2672 – OpenJDK Proxy mechanism information leaks (6801071)
https://notcve.org/view.php?id=CVE-2009-2672
05 Aug 2009 — The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. El mecanismo proxy implementado en Sun Java Runtime Environment (JRE) en JDK y JRE v6 anterior Update v15, y JDK y JRE v5.0 anterior Update v20, no previene el acceso a las cookies de... • http://java.sun.com/j2se/1.5.0/ReleaseNotes.html#150_20 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 8%CPEs: 61EXPL: 0CVE-2009-2675 – Sun Java Pack200 Decoding Inner Class Count Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-2675
05 Aug 2009 — Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. Un desbordamiento de enteros en la utilidad unpack200 en Sun Java Runtime Environment (JRE) en JDK y JRE versión 6 anterior a Update 15, y JDK y JRE versión 5.0 ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=814 • CWE-190: Integer Overflow or Wraparound CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 22%CPEs: 39EXPL: 0CVE-2009-1719 – Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-1719
16 Jun 2009 — The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. Aqua Look and Feel para la implementación de Java en Java v1.5 en Mac OS X 10.5 permite a atacantes remotos ejecutar código arbitrario a través de una llamada a los indocumentados. El constructor apple.laf.CColourUIResource con un valo... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 114EXPL: 0CVE-2004-2764
https://notcve.org/view.php?id=CVE-2004-2764
02 Jun 2009 — Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." Sun SDK y Java Runtime Environment (JRE) desde la v1.4.2 hasta la v1.4.2_04, desde la v1.4.1 hasta la v1.4.1_07, y la v1.4.0 hasta la v1.4.0_04 permite a applets sin confianza y servlets sin privilegios co... • http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2009-1671 – Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1671
18 May 2009 — Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method. Múltiple desbordamiento de búfer en el control ActiveX Deployment Toolkit en deploytk.dll v6.0.130.3 en Sun Java SE Runtime Environment (también conocido como JRE) v6 ... • https://www.exploit-db.com/exploits/8665 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2009-1672 – Java SE Runtime Environment JRE 6 Update 13 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1672
18 May 2009 — The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method. El control ActiveX Deployment Toolkit en deploytk.dll v6.0.130.3 en Sun Java SE Runtime Environment (también conocido como JRE) v6 Update 13 permite a atacan... • https://www.exploit-db.com/exploits/8665 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 21EXPL: 0CVE-2009-1006
https://notcve.org/view.php?id=CVE-2009-1006
15 Apr 2009 — Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente JRockit de BEA Product Suite R27.6.2 y anteriores, con SDK/JRE v1.4.2, JRE/JDK v5 y JRE/JDK v6; permite a atacantes remotos comprometer la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html •