
CVE-2008-3114 – Java Web Start, untrusted application may determine Cache Location (6704074)
https://notcve.org/view.php?id=CVE-2008-3114
09 Jul 2008 — Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 6 versiones anteriores a Update 7, JDK y JRE 5.0 versiones anteriores a Update 16, y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes depen... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2008-1187 – Untrusted applet and application XSLT processing privilege escalation
https://notcve.org/view.php?id=CVE-2008-1187
06 Mar 2008 — Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. Una vulnerabilidad no especificada en Sun Java Runtime Environment (JRE) y JDK versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, permite a atacante... • http://dev2dev.bea.com/pub/advisory/277 • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2008-1185 – Untrusted applet and application privilege escalation (CVE-2008-1186)
https://notcve.org/view.php?id=CVE-2008-1185
06 Mar 2008 — Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue." Una vulnerabilidad no especificada en la Máquina Virtual para Sun Java Runtime Environment (JRE) y JDK versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versió... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2008-1186 – Untrusted applet and application privilege escalation (CVE-2008-1186)
https://notcve.org/view.php?id=CVE-2008-1186
06 Mar 2008 — Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue." Una vulnerabilidad no especificada en la Máquina Virtual para Sun Java Runtime Environment (JRE) y JDK versión 5.0 Update 13 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, permite a atacantes remotos al... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2008-1189 – Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
https://notcve.org/view.php?id=CVE-2008-1189
06 Mar 2008 — Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue. El desbordamiento de búfer en Java Web Start en JDK y JRE versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, de Sun, permite a los atacantes remotos ejecutar código arbitrario por medi... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2008-1190 – Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
https://notcve.org/view.php?id=CVE-2008-1190
06 Mar 2008 — Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. Una vulnerabilidad no especificada en Java Web Start en Sun JDK y JRE versión 6 Update 4 y versiones anteriores, versión 5.0 Update 14 y versiones anteriores, y SDK/JRE versión 1.4.2_16 y versiones anteriores, permite a atacantes ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2008-1192 – Java Plugin same-origin-policy bypass
https://notcve.org/view.php?id=CVE-2008-1192
06 Mar 2008 — Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. Una vulnerabilidad no especificada en el Plug-in de Java para Sun JDK y JRE versión 6 Update 4 y anteriores, y versión 5.0 Update 14 y anteriores; y SDK y JRE versión 1.4.2_16 y anteriores, y versión 1.3.1_21 y anter... • http://dev2dev.bea.com/pub/advisory/277 • CWE-254: 7PK - Security Features •

CVE-2008-1195 – Java-API calls in untrusted Javascript allow network privilege escalation
https://notcve.org/view.php?id=CVE-2008-1195
06 Mar 2008 — Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. Vulnerabilidad sin especificar en Sun JDK y Java Runtime Environment (JRE) 6 Actualización 4 y anteriores y 5.0 Update 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos acceder a... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-254: 7PK - Security Features •

CVE-2008-1196 – Buffer overflow security vulnerabilities in Java Web Start
https://notcve.org/view.php?id=CVE-2008-1196
06 Mar 2008 — Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. Desbordamiento de búfer basado en pila en Java Web Start (javaws.exe) en Sun JDK y JRE 6 Actualización 4 y anteriores y 5.0 Actualización 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un arc... • http://download.novell.com/Download?buildid=q5exhSqeBjA~ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2007-5689 – java-jre: Applet Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5689
29 Oct 2007 — The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. La Máquina Virtual de java (JVM) de Sun Java Runtime Environment (JRE) de SDK y JRE 1.3.x hasta 1.3.1_20 y 1.4.x hasta 1.4.2_15, y JDK y JRE 5.x hata 5.0 Update 12 y 6.... • http://dev2dev.bea.com/pub/advisory/272 •