PT-2026-38695

Vulnerability in the Java SE product of Oracle Java SE component: JavaFX. The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human...

PT-2026-37783

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaFX. Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated...

CVE-1999-0142

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts...

EUVD-2002-1270

Malware in sbrugna...

EUVD-2007-5253

Malware in sbrugna...

EUVD-2007-3906

Malware in sbrugna...

EUVD-1999-0142

Malware in sbrugna...

EUVD-2002-1278

Malware in sbrugna...

EUVD-2009-2664

Malware in sbrugna...

EUVD-2025-14352

Malicious code in bioql PyPI...

CVE-2020-27181

A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files...

SUSE CVE-2011-3377

The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...

Security update for icedtea-web (important)

The icedtea-web java plugin was updated to 1.6.1. Changes included: Enabled Entry-Point attribute check permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService comments in deployment.properties now should...

OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)

An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

Oracle Updates Java 7

Oracle released on Tuesday the Java standard edition version 7 update 40. Java 7u40 includes fixes for a long list of bugs and a number of new features as well. The most notable security patch appears to be a fix for a plugin deployment bug that failed to block expired certificates for users that...

Java Multiple Issues

Hi all and sorry for cross post, after several months since I contacted Oracle informing them about ten issues on Java applet security, they finally released an Java 6 update 22 which fixes several security issues In particular the issues are the following, sorted by impact: Information Disclosur...

Java RE allows Same Origin Policy to be Bypassed (6687932)

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

Java RE allows Same Origin Policy to be Bypassed (6687932)

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...

Fujitsu Java Runtime Environment reflection API vulnerability

Overview A vulnerability exists in the reflection API in the Java Runtime Environment that may allow a Java applet to elevate its privileges bypassing its security restrictions. This problem was reported by Sun Microsystems as a vulnerability in Java Runtime Environment. Fujitsu's product is...