CVSS: 9.8EPSS: 1%CPEs: 116EXPL: 0CVE-2008-1192 – Java Plugin same-origin-policy bypass
https://notcve.org/view.php?id=CVE-2008-1192
06 Mar 2008 — Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. Una vulnerabilidad no especificada en el Plug-in de Java para Sun JDK y JRE versión 6 Update 4 y anteriores, y versión 5.0 Update 14 y anteriores; y SDK y JRE versión 1.4.2_16 y anteriores, y versión 1.3.1_21 y anter... • http://dev2dev.bea.com/pub/advisory/277 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 20%CPEs: 76EXPL: 0CVE-2008-1195 – Java-API calls in untrusted Javascript allow network privilege escalation
https://notcve.org/view.php?id=CVE-2008-1195
06 Mar 2008 — Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. Vulnerabilidad sin especificar en Sun JDK y Java Runtime Environment (JRE) 6 Actualización 4 y anteriores y 5.0 Update 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos acceder a... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 13%CPEs: 72EXPL: 0CVE-2008-1196 – Buffer overflow security vulnerabilities in Java Web Start
https://notcve.org/view.php?id=CVE-2008-1196
06 Mar 2008 — Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. Desbordamiento de búfer basado en pila en Java Web Start (javaws.exe) en Sun JDK y JRE 6 Actualización 4 y anteriores y 5.0 Actualización 14 y anteriores; y SDK y JRE 1.4.2_16 y anteriores; permite a atacantes remotos ejecutar código de su elección a través de un arc... • http://download.novell.com/Download?buildid=q5exhSqeBjA~ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 64EXPL: 0CVE-2007-5689 – java-jre: Applet Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-5689
29 Oct 2007 — The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves. La Máquina Virtual de java (JVM) de Sun Java Runtime Environment (JRE) de SDK y JRE 1.3.x hasta 1.3.1_20 y 1.4.x hasta 1.4.2_15, y JDK y JRE 5.x hata 5.0 Update 12 y 6.... • http://dev2dev.bea.com/pub/advisory/272 •
CVSS: 7.5EPSS: 1%CPEs: 69EXPL: 0CVE-2007-5274 – Anti-DNS Pinning and Java Applets with Opera and Firefox
https://notcve.org/view.php?id=CVE-2007-5274
08 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution ... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2007-5273 – Anti-DNS Pinning and Java Applets with HTTP proxy
https://notcve.org/view.php?id=CVE-2007-5273
08 Oct 2007 — Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a differe... • http://crypto.stanford.edu/dns/dns-rebinding.pdf •
CVSS: 9.8EPSS: 5%CPEs: 64EXPL: 0CVE-2007-5240 – Applets or Applications are allowed to display an oversized window
https://notcve.org/view.php?id=CVE-2007-5240
06 Oct 2007 — Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. Vulnerabilidad de truncamiento visual en Java Runtime Environment en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 hasta la 12 y anteriores, SDK y J... • http://dev2dev.bea.com/pub/advisory/272 •
CVSS: 7.1EPSS: 13%CPEs: 64EXPL: 0CVE-2007-5239 – Untrusted Application or Applet May Move or Copy Arbitrary Files
https://notcve.org/view.php?id=CVE-2007-5239
06 Oct 2007 — Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. Java Web Start en Sun JDK y JR... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 16%CPEs: 64EXPL: 0CVE-2007-5238 – Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache
https://notcve.org/view.php?id=CVE-2007-5238
06 Oct 2007 — Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." Java Web Start en Sun JDK y JRE 6 Update 2 y anteriores, JDK y JRE 5.0 Update 12 yearlier, y SDK y JRE 1.4.2_15 y anteriores no hace ... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 0CVE-2007-5236
https://notcve.org/view.php?id=CVE-2007-5236
06 Oct 2007 — Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an untrusted application. Java Web Start en Sun JDK y JRE 5.0 Update 12 y anteriores, y SDK y JRE 1.4.2_15 y anteriores, sobre Windows no hace cumplir de forma adecuada las restricciones de acceso para aplicaciones no válidas, lo cual permite a atacantes remot... • http://dev2dev.bea.com/pub/advisory/272 • CWE-264: Permissions, Privileges, and Access Controls •