CVE-2008-3114 – Java Web Start, untrusted application may determine Cache Location (6704074)
https://notcve.org/view.php?id=CVE-2008-3114
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 6 versiones anteriores a Update 7, JDK y JRE 5.0 versiones anteriores a Update 16, y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes dependientes de contexto obtener información sensible (la localización de la caché) a través de una aplicación no confiable, también conocido como CR 6704074. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-3108 – Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)
https://notcve.org/view.php?id=CVE-2008-3108
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. Desbordamiento de búfer en Sun Java Runtime Environment (JRE) de JDK y JRE 5.0 versiones anteriores a Update 10, SDK y JRE 1.4.x versiones anteriores a 1.4.2_18, y SDK y JRE 1.3.x versiones anteriores a 1.3.1_23 permite a atacantes dependientes de contexto conseguir privilegios a través de vectores no especificados relacionados con el procesado de fuentes. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31320 http://secunia.com/advisories/31497 http://secunia.com/advisories/316 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3109 – Security Vulnerabilities in the Java Runtime Environment Scripting Language Support (6529568, 6529579)
https://notcve.org/view.php?id=CVE-2008-3109
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) de JDK y JRE 6 Update 6 y versiones anteriores permite a atacantes dependientes de contexto conseguir privilegios a través de (1) aplicaciones o (2) applet no confiables, como lo demostrado por una aplicación o applet que se otorga privilegios de (a) lectura de ficheros locales, (b) escritura de ficheros locales, o (c) ejecutar programas locales. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31600 http://secunia.com/advisories/32018 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://secunia.com/advisories/32436 http://secunia.com/advisories/33238 http://secunia.com/advisories& • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3103 – OpenJDK JMX allows illegal operations with local monitoring (6332953)
https://notcve.org/view.php?id=CVE-2008-3103
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. Vulnerabilidad sin especificar en el agente de administración de Java Management Extensions (JMX) en Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 6 y anteriores y JDK y JRE 5.0 Update 15 y anteriores, cuando la monitorización local está habilitada, permite a atacantes remotos "realizar operaciones no autorizadas" mediante vectores no especificados. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31055 http://secunia.com/advisories/31497 http://secunia.com/advisories/31600 http://secunia.com/advisories/32018 http://secunia.com/advisories/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3115
https://notcve.org/view.php?id=CVE-2008-3115
Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases. Secure Static Versioning de Sun Java JDK y JRE 6 Update 6 y versiones anteriores, y 5.0 Update 6 hasta 15, no previene adecuadamente la ejecución de applets en versiones anteriores de JRE, lo cual puede permitir a atacantes remotos explotar vulnerabilidades en esas versiones anteriores. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31600 http://secunia.com/advisories/32018 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://s • CWE-16: Configuration •