- EPSS 3.75%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:14
Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local Internation...
CVE-2009-3879
- EPSS 2.34%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:33
Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are re...
- EPSS 1.79%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:33
The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitiv...
CVE-2009-3881
- EPSS 2.67%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:33
Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak v...
CVE-2009-3882
- EPSS 2.03%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:34
Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6...
CVE-2009-3883
- EPSS 2.03%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:34
Multiple unspecified vulnerabilities in the Windows Pluggable Look and Feel (PL&F) feature in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to ...
- EPSS 2.95%
- Veröffentlicht 09.11.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:34
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo (aka tz) files, aka Bug Id 6824265.
- EPSS 3.03%
- Veröffentlicht 10.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:18
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent...
CVE-2009-2475
- EPSS 2.32%
- Veröffentlicht 10.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:31
Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQue...
- EPSS 2.88%
- Veröffentlicht 10.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:31
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer res...