CVSS: 10.0EPSS: 14%CPEs: 77EXPL: 0CVE-2008-3107 – JDK untrusted applet/application privilege escalation (6661918)
https://notcve.org/view.php?id=CVE-2008-3107
09 Jul 2008 — Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Vulnerabilidad no especificada en la Máquina Virtual de Sun J... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 6%CPEs: 12EXPL: 0CVE-2008-3109 – Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
https://notcve.org/view.php?id=CVE-2008-3109
09 Jul 2008 — Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) de JDK y JRE 6 Update ... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 12EXPL: 0CVE-2008-3110
https://notcve.org/view.php?id=CVE-2008-3110
09 Jul 2008 — Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 y versiones anteriores permite a atacantes remotos obtener información sensible utilizando un applet para leer información de otra applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 8%CPEs: 77EXPL: 0CVE-2008-3112 – Sun Java Web Start Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2008-3112
09 Jul 2008 — Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 6 versiones anteriores a Update 7, JDK y JRE 5.0 versiones anteriores a Update 16, y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes remotos cre... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 23%CPEs: 66EXPL: 0CVE-2008-3113 – Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
https://notcve.org/view.php?id=CVE-2008-3113
09 Jul 2008 — Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 5.0 versiones anteriores a Update 16 y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes remotos crear o borrar ficheros de su elección a través de aplicaciones no confiables, también conocido como CR... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 3%CPEs: 77EXPL: 0CVE-2008-3114 – Java Web Start, untrusted application may determine Cache Location (6704074)
https://notcve.org/view.php?id=CVE-2008-3114
09 Jul 2008 — Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 6 versiones anteriores a Update 7, JDK y JRE 5.0 versiones anteriores a Update 16, y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes depen... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 28%CPEs: 32EXPL: 0CVE-2008-3115
https://notcve.org/view.php?id=CVE-2008-3115
09 Jul 2008 — Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. Secure Static Versioning de Sun Java JDK y JRE 6 Update 6 y versiones anteriores, y 5.0 Update 6 hasta 15, no previene adecuadamente la ejecución de applets en versiones anteriores de JRE, lo cual puede permitir a atacantes remotos explotar vulnerabilid... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html • CWE-16: Configuration •
CVSS: 9.8EPSS: 21%CPEs: 70EXPL: 0CVE-2008-1187 – Untrusted applet and application XSLT processing privilege escalation
https://notcve.org/view.php?id=CVE-2008-1187
06 Mar 2008 — Unspecified vulnerability in Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to cause a denial of service (JRE crash) and possibly execute arbitrary code via unknown vectors related to XSLT transforms. Una vulnerabilidad no especificada en Sun Java Runtime Environment (JRE) y JDK versión 6 Update 4 y anteriores, versión 5.0 Update 14 y anteriores, y SDK/JRE versión 1.4.2_16 y anteriores, permite a atacante... • http://dev2dev.bea.com/pub/advisory/277 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 9%CPEs: 2EXPL: 0CVE-2008-1191 – Untrusted Java Web Start arbitrary file creation
https://notcve.org/view.php?id=CVE-2008-1191
06 Mar 2008 — Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier allows remote attackers to create arbitrary files via an untrusted application, a different issue than CVE-2008-1190, aka "The fifth issue." Una vulnerabilidad no especificada en Java Web Start en Sun JDK y JRE versión 6 Update 4 y anteriores, permite a atacantes remotos crear archivos arbitrarios por medio de una aplicación no confiable, un problema diferente de CVE-2008-1190, también se conoce como "The fifth issue". • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2008-0657 – java-1.5.0 Privilege escalation via unstrusted applet and application
https://notcve.org/view.php?id=CVE-2008-0657
07 Feb 2008 — Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Múltiples vulnerabilidades no especificadas en el Java Runtime Environment en Sun JDK y JRE 6 Update 1 y version... • http://dev2dev.bea.com/pub/advisory/277 • CWE-264: Permissions, Privileges, and Access Controls •