Filtered by vendor Sun
Subscribe
Total
1712 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2704 | 1 Sun | 1 J2ee | 2024-11-21 | 4.3 MEDIUM | N/A |
| CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte). | |||||
| CVE-2009-2690 | 1 Sun | 2 Java Se, Openjdk | 2024-11-21 | 5.0 MEDIUM | N/A |
| The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application. | |||||
| CVE-2009-2689 | 1 Sun | 2 Java Se, Openjdk | 2024-11-21 | 10.0 HIGH | N/A |
| JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application. | |||||
| CVE-2009-2676 | 1 Sun | 4 Java Se, Jdk, Jre and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher. | |||||
| CVE-2009-2675 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 10.0 HIGH | N/A |
| Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a Pack200-compressed JAR file, which leads to a heap-based buffer overflow during decompression. | |||||
| CVE-2009-2674 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | |||||
| CVE-2009-2673 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unspecified vectors, related to a declaration that lacks the final keyword. | |||||
| CVE-2009-2672 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| The proxy mechanism implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted (1) applets and (2) Java Web Start applications, which allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2009-2671 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | |||||
| CVE-2009-2670 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
| The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties. | |||||
| CVE-2009-2652 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris 10, and OpenSolaris snv_37 through snv_120, allows remote attackers to cause a denial of service (panic) via vectors involving the parsing of labeled packets. | |||||
| CVE-2009-2644 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.9 MEDIUM | N/A |
| Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds." | |||||
| CVE-2009-2597 | 1 Sun | 2 Java System Access Manager Policy Agent, Java System Web Proxy Server | 2024-11-21 | 7.8 HIGH | N/A |
| The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server 4.0 allows remote attackers to cause a denial of service (daemon crash) via a GET request. | |||||
| CVE-2009-2596 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to fad_aupath structure members. | |||||
| CVE-2009-2491 | 1 Sun | 1 Ray Server Software | 2024-11-21 | 4.4 MEDIUM | N/A |
| The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to "resource leaks." | |||||
| CVE-2009-2490 | 1 Sun | 1 Ray Server Software | 2024-11-21 | 1.9 LOW | N/A |
| Unspecified vulnerability in the utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to cause a denial of service (audio outage) or possibly gain privileges via unknown vectors related to "resource leaks." | |||||
| CVE-2009-2489 | 1 Sun | 1 Ray Server Software | 2024-11-21 | 2.1 LOW | N/A |
| Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. | |||||
| CVE-2009-2488 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the NFSv4 module in the kernel in Sun Solaris 10, and OpenSolaris snv_102 through snv_119, allows local users to cause a denial of service (client panic) via vectors involving "file operations." | |||||
| CVE-2009-2487 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 7.8 HIGH | N/A |
| Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45 through snv_110, allows remote attackers to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2009-2486 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a denial of service (panic) via unspecified packets. | |||||