[USN-923-1] OpenJDK vulnerabilities
openjdk-6 vulnerabilities
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a machine-in-the-middle attack at the
start of a TLS connection, the attacker could inject arbitrary content
at the beginning of the user's session. (CVE-2009-3555)
It was discovered that Loader-constraint table, Policy/PolicyFile,
Inflater/Deflater, drag/drop access, and deserialization did not correctly
handle certain sensitive objects. If a user were tricked into running a
specially crafted applet, private information could be leaked to a remote
attacker, leading to a loss of privacy. (CVE-2010-0082, CVE-2010-0084,
CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0094)
It was discovered that AtomicReferenceArray, System.arraycopy,
InetAddress, and HashAttributeSet did not correctly handle certain
situations. If a remote attacker could trigger specific error conditions,
a Java application could crash, leading to a denial of service.
(CVE-2010-0092, CVE-2010-0093, CVE-2010-0095, CVE-2010-0845)
It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and
the AWT library did not correctly check buffer lengths. If a user or
automated system were tricked into handling specially crafted JAR files or
images, a remote attacker could crash the Java application or possibly
gain user privileges (CVE-2010-0837, CVE-2010-0838, CVE-2010-0847,
CVE-2010-0848).
It was discovered that applets did not correctly handle certain trust
chains. If a user were tricked into running a specially crafted applet,
a remote attacker could possibly run untrusted code with user privileges.
(CVE-2010-0840)
- ID
- USN-923-1
- Severity
- critical
- Severity from
- CVE-2010-0840
- URL
- https://ubuntu.com/security/notices/USN-923-1
- Published
-
2010-04-07T02:59:42
(14 years ago) - Modified
-
2010-04-07T02:59:42
(14 years ago) - Other Advisories
-
- CISA-2022:0525
- CISCO-SA-20091105-CVE-2009-3555
- CISCO-SA-20091109-TLS
- DSA-3253-1
- ELSA-2009-1579
- ELSA-2010-0162
- ELSA-2010-0164
- ELSA-2010-0165
- ELSA-2010-0166
- ELSA-2010-0339
- ELSA-2010-0768
- FEDORA-2009-12229
- FEDORA-2009-12305
- FEDORA-2009-12604
- FEDORA-2009-12606
- FEDORA-2009-12747
- FEDORA-2009-12750
- FEDORA-2009-12775
- FEDORA-2009-12782
- FEDORA-2009-12968
- FEDORA-2009-13236
- FEDORA-2009-13250
- FEDORA-2010-1127
- FEDORA-2010-15989
- FEDORA-2010-16240
- FEDORA-2010-16294
- FEDORA-2010-16312
- FEDORA-2010-17220
- FEDORA-2010-17826
- FEDORA-2010-3905
- FEDORA-2010-3929
- FEDORA-2010-3956
- FEDORA-2010-5357
- FEDORA-2010-5942
- FEDORA-2010-6025
- FEDORA-2010-6039
- FEDORA-2010-6055
- FEDORA-2010-6131
- FEDORA-2010-6279
- FEDORA-2010-8742
- FEDORA-2010-9421
- FEDORA-2010-9487
- FEDORA-2010-9518
- FEDORA-2010-9639
- FREEBSD:9CCFEE39-3C3B-11DF-9EDC-000F20797EDE
- GLSA-200912-01
- GLSA-201006-18
- GLSA-201110-05
- GLSA-201203-22
- GLSA-201206-18
- GLSA-201301-01
- GLSA-201309-15
- GLSA-201311-13
- GLSA-201406-32
- MAVEN:GHSA-F7W7-6PJC-WWM6
- NGINX:CVE-2009-3555
- RHSA-2010:0865
- RHSA-2010:0987
- SECADV-20091105-1
- SSA:2009-320-01
- SSA:2010-067-01
- USN-1010-1
- USN-860-1
- USN-927-1
- USN-927-4
- USN-927-6
- USN-990-1
- USN-990-2
- VU:120541
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |