Sun Java Se vulnerabilities

CVE-2009-2722 [CRITICAL] CVE-2009-2722: Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003.

CVE-2009-2724 [CRITICAL] CWE-362 CVE-2009-2724: Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and a Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."

CVE-2009-2689 [CRITICAL] CWE-264 CVE-2009-2689: JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, grants full privileges to instances of unspecified object types, which allows context-dependent attackers to bypass intended access restrictions via an untrusted (1) applet or (2) application.

CVE-2009-2476 [CRITICAL] CWE-264 CVE-2009-2476: The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.

CVE-2009-2723 [CRITICAL] CVE-2009-2723: Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262.

CVE-2009-2721 [CRITICAL] CVE-2009-2721: Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003.

CVE-2009-2716 [HIGH] CVE-2009-2716: The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selec The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors.

CVE-2009-2475 [HIGH] CWE-200 CVE-2009-2475: Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, might allow context-dependent attackers to obtain sensitive information via vectors involving static variables that are declared without the final keyword, related to (1) LayoutQueue, (2) Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4) ImageReaderSpi.STANDARD_INPUT_TYP

CVE-2009-2718 [MEDIUM] CWE-264 CVE-2009-2718: The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not i The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.

CVE-2009-2690 [MEDIUM] CWE-264 CVE-2009-2690: The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application.

CVE-2009-2719 [MEDIUM] CWE-119 CVE-2009-2719: The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attacke The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).

CVE-2009-2717 [MEDIUM] CWE-264 CVE-2009-2717: The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 P The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.

CVE-2009-2720 [MEDIUM] CVE-2009-2720: Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.