Oracle Java JDK / JRE 7 < Update 17 Remote Code Execution (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 7.x installed on the remote host is earlier than Update 17. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 5 < Update 41 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 5.x installed on the remote host is earlier than Update 41. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Windows)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 43. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Oracle Java JDK / JRE 6 < Update 43 Remote Code Execution (Unix)

The version of Oracle formerly Sun Java Runtime Environment JRE 6.x installed on the remote host is earlier than Update 43. It, therefore, potentially can allow remote code execution due to the following vulnerabilities related to the '2D' sub-component : - An integer overflow error exists relate...

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Java MBeanInstantiator findClass and Introspector Sandbox Escape

Added: 03/04/2013 CVE: CVE-2013-0431 BID: 57726 OSVDB: 89613 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java SE 7 < Update 11 Multiple Vulnerabilities (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues : - An unspecified issue exists in the Libraries component. CVE-2012-3174 - An error exists in the...

Oracle Java contains multiple vulnerabilities

Overview Java 7 Update 11, Java 6 Update 38, and earlier versions of Java contain vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Oracle Java Runtime Environment JRE allows users to run Java applications in a...

RHEL 5 : java-1.6.0-sun (RHSA-2008:0594)

Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Ubuntu Update for openjdk-7 USN-1693-1

Check for the Version of openjdk-7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16931.nasl 7958 2017-12-01 06:47:47Z santu $ Ubuntu Update for openjdk-7 USN-1693-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Fedora 17 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc17 (2013-0868)

This update fixes rhbz895035 , which consists of a set of flaws that potentially allow arbitrary code execution including remotely via applets. It is strongly recommended that all Java users in Fedora immediately update to this release. Note that Tenable Network Security has extracted the precedi...

Fedora 18 : java-1.7.0-openjdk-1.7.0.9-2.3.4.fc18 (2013-0853)

This update fixes rhbz895035 , which consists of a set of flaws that potentially allow arbitrary code execution including remotely via applets. It is strongly recommended that all Java users in Fedora immediately update to this release. Note that Tenable Network Security has extracted the precedi...

USN-1693-1: OpenJDK 7 vulnerabilities

It was discovered that OpenJDK 7's security mechanism could be bypassed via Java applets. If a user were tricked into opening a malicious website, a remote attacker could exploit this to perform arbitrary code execution as the user invoking the program...

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA13-010A Oracle Java 7 Security Manager Bypass Vulnerability Original release date: January 10, 2013 Last revised: -- Systems Affected Any system using Oracle Java 7 1.7, 1.7.0 including Java Platform...

Oracle Java SE 7 < Update 11 Multiple Vulnerabilities

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is earlier than 7 Update 11 and is, therefore, potentially affected by the following security issues : - An unspecified issue exists in the Libraries component. CVE-2012-3174 - An error exists in the...

Oracle Adds Ability to Prevent Java Apps From Running in Browsers

Oracle has released a new version of the Java Development Kit which includes a number of security improvements. The major change in JDK 7u10 is the ability to prevent any Java application from running in the browser, a big shift for the Java environment, which is a constant target of attacks. The...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

[USN-1625-1] Icedtea-Web vulnerability

========================================================================= Ubuntu Security Notice USN-1625-1 November 07, 2012 icedtea-web vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

USN-1625-1: Icedtea-Web vulnerability

Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20121017) (ROBOT)

Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. CVE-2012-5086, CVE-2012-5084, CVE-2012-5089 Multiple improper permission check issues we...