Sun

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2139 1Sun 1Openoffice.org Apr 23, 2026 Sep 8, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code...Show more Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.Show less
CVE-2009-3101 1Sun 1Opensolaris Apr 23, 2026 Sep 8, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and co...Show more xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and OpenSolaris snv_109 through snv_122, does not properly handle Trusted Extensions, which allows local users to cause a denial of service (CPU consumption and console hang) by locking the screen, related to a regression in certain Solaris and OpenSolaris patches.Show less
CVE-2009-3100 2Sun X.org 3Opensolaris SolarisX11 Apr 23, 2026 Sep 8, 2009 N/A· v4 N/A· v3 4.0 MEDIUM· v2 xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of...Show more xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.Show less
CVE-2009-3000 1Sun 2Opensolaris Solaris Apr 23, 2026 Aug 28, 2009 N/A· v4 N/A· v3 7.1 HIGH· v2 The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecif...Show more The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."Show less
CVE-2009-2972 1Sun 1Solaris Apr 23, 2026 Aug 27, 2009 N/A· v4 N/A· v3 7.8 HIGH· v2 in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
CVE-2009-2952 1Sun 2Opensolaris Solaris Apr 23, 2026 Aug 24, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
CVE-2009-2912 1Sun 2Opensolaris Solaris Apr 23, 2026 Aug 21, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
CVE-2009-2856 1Sun 1Virtual Desktop Infrastructure Apr 23, 2026 Aug 18, 2009 N/A· v4 N/A· v3 3.5 LOW· v2 Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to r...Show more Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.Show less
CVE-2009-2416 11Apple CanonicalDebian+8 more 19Chrome Debian LinuxEnterprise Linux+16 more Apr 23, 2026 Aug 11, 2009 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notatio...Show more Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.Show less
CVE-2009-2705 2Broadcom Sun 2J2ee Siteminder Apr 23, 2026 Aug 11, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
CVE-2009-2704 1Sun 1J2ee Apr 23, 2026 Aug 11, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
CVE-2009-2724 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."
CVE-2009-2723 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in deserialization in the Provider class in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, aka BugId 6444262.
CVE-2009-2722 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 640...Show more Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6429594. NOTE: this issue exists because of an incorrect fix for BugId 6406003.Show less
CVE-2009-2721 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple unspecified vulnerabilities in the Provider class in Sun Java SE 5.0 before Update 20 have unknown impact and attack vectors, aka BugId 6406003.
CVE-2009-2720 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullP...Show more Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors.Show less
CVE-2009-2719 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/applet...Show more The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).Show less
CVE-2009-2718 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for...Show more The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.Show less
CVE-2009-2717 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a u...Show more The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on Windows 2000 Professional does not provide a Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.Show less
CVE-2009-2716 1Sun 1Java Se Apr 23, 2026 Aug 10, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and hav...Show more The plugin functionality in Sun Java SE 6 before Update 15 does not properly implement version selection, which allows context-dependent attackers to leverage vulnerabilities in "old zip and certificate handling" and have unspecified other impact via unknown vectors.Show less

Previous 1...293031...81 Next