Max CVSS | 10.0 | Min CVSS | 5.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-2625 | 5.0 |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop a
|
13-05-2022 - 14:44 | 06-08-2009 - 15:30 | |
CVE-2009-2674 | 7.5 |
Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during dis
|
30-10-2018 - 16:25 | 05-08-2009 - 19:30 | |
CVE-2009-0217 | 5.0 |
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLog
|
12-10-2018 - 21:49 | 14-07-2009 - 23:30 | |
CVE-2009-2723 | 10.0 |
Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262.
|
10-10-2018 - 19:42 | 10-08-2009 - 20:30 | |
CVE-2009-2722 | 10.0 |
Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003.
|
10-10-2018 - 19:42 | 10-08-2009 - 20:30 | |
CVE-2009-2671 | 5.0 |
The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2)
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2670 | 5.0 |
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2675 | 10.0 |
Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2672 | 7.5 |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications,
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2673 | 7.5 |
The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspec
|
10-10-2018 - 19:41 | 05-08-2009 - 19:30 | |
CVE-2009-2689 | 10.0 |
JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via a
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-2690 | 5.0 |
The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-2476 | 10.0 |
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer res
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-2475 | 7.8 |
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQue
|
19-09-2017 - 01:29 | 10-08-2009 - 18:30 | |
CVE-2009-2205 | 6.8 |
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
|
19-09-2009 - 05:30 | 09-09-2009 - 22:30 |