CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2008-3110
https://notcve.org/view.php?id=CVE-2008-3110
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 y versiones anteriores permite a atacantes remotos obtener información sensible utilizando un applet para leer información de otra applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31600 http://secunia.com/advisories/32018 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://secunia.com/advisories/32436 http://secunia.com/advisories/33238 http://secunia.com/advisories& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 114EXPL: 0CVE-2008-3108 – Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)
https://notcve.org/view.php?id=CVE-2008-3108
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing. Desbordamiento de búfer en Sun Java Runtime Environment (JRE) de JDK y JRE 5.0 versiones anteriores a Update 10, SDK y JRE 1.4.x versiones anteriores a 1.4.2_18, y SDK y JRE 1.3.x versiones anteriores a 1.3.1_23 permite a atacantes dependientes de contexto conseguir privilegios a través de vectores no especificados relacionados con el procesado de fuentes. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31320 http://secunia.com/advisories/31497 http://secunia.com/advisories/316 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 42EXPL: 0CVE-2008-3103 – OpenJDK JMX allows illegal operations with local monitoring (6332953)
https://notcve.org/view.php?id=CVE-2008-3103
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. Vulnerabilidad sin especificar en el agente de administración de Java Management Extensions (JMX) en Sun Java Runtime Environment (JRE) en JDK y JRE 6 Update 6 y anteriores y JDK y JRE 5.0 Update 15 y anteriores, cuando la monitorización local está habilitada, permite a atacantes remotos "realizar operaciones no autorizadas" mediante vectores no especificados. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31055 http://secunia.com/advisories/31497 http://secunia.com/advisories/31600 http://secunia.com/advisories/32018 http://secunia.com/advisories/ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 66EXPL: 0CVE-2008-3113 – Java Web Start arbitrary file creation/deletion file with user permissions (6704077)
https://notcve.org/view.php?id=CVE-2008-3113
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 5.0 versiones anteriores a Update 16 y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes remotos crear o borrar ficheros de su elección a través de aplicaciones no confiables, también conocido como CR 6704077. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 77EXPL: 0CVE-2008-3114 – Java Web Start, untrusted application may determine Cache Location (6704074)
https://notcve.org/view.php?id=CVE-2008-3114
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 6 versiones anteriores a Update 7, JDK y JRE 5.0 versiones anteriores a Update 16, y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes dependientes de contexto obtener información sensible (la localización de la caché) a través de una aplicación no confiable, también conocido como CR 6704074. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •