security flaw

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet...

Sun Java multiple security vulnerabilities

8 different vulnerabilities, including privilege escalation, sandbox protection bypass and code excutions...

US-CERT Technical Cyber Security Alert TA08-193A -- Sun Java Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-193A Sun Java Updates for Multiple Vulnerabilities Original release date: July 11, 2008 Last revised: Source: US-CERT Systems Affected Sun Java Runtime Environment versions JDK and JRE 6...

Sun Java SE多个未明同源策略冲突漏洞

BUGTRAQ ID: 30140 CNCAN ID：CNCAN-2008071006 Solaris系统的Java运行实时环境为JAVA应用程序提供可靠的运行环境。 Java运行实时环境存在同源策略绕过问题，远程攻击者可以利用漏洞绕过网络访问限制，与部分受限服务建立套接字连接。 攻击者可以构建不可信的Applet，诱使用户装载来触发。 Sun SDK Windows Production Release 1.4.217 Sun SDK Windows Production Release 1.3.122 Sun SDK Solaris Production Release 1.3.1 ...

CVE-2008-3104

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

CVE-2008-3106

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

CVE-2008-3114

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to obtain sensitive information the cache location via an untrusted application, aka CR 6704074...

Code injection

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.218 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077...

Buffer overflow

Buffer overflow in Sun Java Runtime Environment JRE in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing...

CVE-2008-3115

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

Information disclosure

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to obtain sensitive information the cache location via an untrusted application, aka CR 6704074...

Code injection

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

Design/Logic Flaw

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

CVE-2008-3104

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

CVE-2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...

CVE-2008-3108

Buffer overflow in Sun Java Runtime Environment JRE in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing...

Stack overflow

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by a an application that grants itself...

Design/Logic Flaw

Unspecified vulnerability in the Java Management Extensions JMX management agent in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via...

Design/Logic Flaw

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted 1 application or 2 applet, as demonstrated by an application or applet that grants itself...