CVSS: 9.3EPSS: 19%CPEs: 20EXPL: 0CVE-2008-5358 – OpenJDK Buffer Overflow in GIF image processing (6766136)
https://notcve.org/view.php?id=CVE-2008-5358
05 Dec 2008 — Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. Java Runtime Environment (JRE) en Sun JDK and JRE v6 Update 10 y anteriores permite a atacantes remotos ejecutar código de su elección mediante un fichero GIF manipulado que provoca una corrupción de memoria durante la visualación de la imagen de bienv... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 16%CPEs: 91EXPL: 0CVE-2008-2086 – Java Web Start File Inclusion via System Properties Override
https://notcve.org/view.php?id=CVE-2008-2086
05 Dec 2008 — Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. Sun Java Web Start y Java Plug-in para JDK y JRE v6 Update 10 y anteriores;JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anterior... • http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 1%CPEs: 91EXPL: 0CVE-2008-5339 – Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5339
04 Dec 2008 — Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite ... • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html •
CVSS: 9.8EPSS: 24%CPEs: 42EXPL: 0CVE-2008-3103 – OpenJDK JMX allows illegal operations with local monitoring (6332953)
https://notcve.org/view.php?id=CVE-2008-3103
09 Jul 2008 — Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. Vulnerabilidad sin especificar en el agente de administración de Java Management Extensions (JMX) en Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 6 y anteriores y JDK y JRE 5.0 U... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 26%CPEs: 102EXPL: 0CVE-2008-3104 – Java RE allows Same Origin Policy to be Bypassed (6687932)
https://notcve.org/view.php?id=CVE-2008-3104
09 Jul 2008 — Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet. Múltiples vulnerabilidades sin especificar en Sun Java Runtime Environment (JRE) en JDK y JRE 6 antes de Update 7, JDK y JR... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.3EPSS: 25%CPEs: 12EXPL: 0CVE-2008-3105 – OpenJDK JAX-WS unauthorized URL access (6542088)
https://notcve.org/view.php?id=CVE-2008-3105
09 Jul 2008 — Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application. Vulnerabilidad no especificada en el cliente y servicio JAX-WS de Sun Java Runtime Environment (JRE), de JDK y JRE 6 Update 6 y anteriores permite a atacantes remotos acceder a URLs o provocar una denegación de servicio mediante... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 17%CPEs: 42EXPL: 0CVE-2008-3106
https://notcve.org/view.php?id=CVE-2008-3106
09 Jul 2008 — Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. Vulnerabilidad no especificada en Sun Java Runtime Environment (JRE), JDK y JRE 6 Update 6 y anteriores y JDK and JRE 5.0 Update 15 y anteriores permite a atacantes remotos acceder a ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 14%CPEs: 77EXPL: 0CVE-2008-3107 – JDK untrusted applet/application privilege escalation (6661918)
https://notcve.org/view.php?id=CVE-2008-3107
09 Jul 2008 — Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Vulnerabilidad no especificada en la Máquina Virtual de Sun J... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 6%CPEs: 12EXPL: 0CVE-2008-3109 – Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
https://notcve.org/view.php?id=CVE-2008-3109
09 Jul 2008 — Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) de JDK y JRE 6 Update ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 12EXPL: 0CVE-2008-3110
https://notcve.org/view.php?id=CVE-2008-3110
09 Jul 2008 — Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 y versiones anteriores permite a atacantes remotos obtener información sensible utilizando un applet para leer información de otra applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •