Security Bulletin: Rational Performance Tester Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Summary IBM Rational Performance Tester Java API Documentation contains a frame injection vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--...

Security Bulletin: IBM Rational Build Forge Java API Documentation Frame Injection Vulnerability (CVE-2013-1571)

Summary Java API Documentation contains a frame injection vulnerability. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more information requires login with your IBM ID ---|--- CVEID: CVE-2013-1571...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2017-18570)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE is an acronym for Java Platform Standard Edition based on the JDK and JRE for developing and deploying Java applications on desktops and servers as well as embedded devices and real-time environments. A security...

[SECURITY] Fedora 23 Update: springframework-social-1.0.3-3.fc23

The Spring Social project allows you to integrate the APIs exposed by Software-as-a-Service SaaS providers such as Facebook and Twitter into your applications. It consists of a service provider 'connect' framework, sign-in support, and strongly-typed Java API bindings...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

KLA10628 Multiple vulnerabilities in Adobe Acrobat

Multiple serious vulnerabilities have been found in Adobe Acrobat. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1...

[SECURITY] Fedora 20 Update: apache-poi-3.10.1-2.fc20

The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...

ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-096: EMC Avamar Sensitive Information Disclosure Vulnerability EMC Identifier: ESA-2014-096 CVE Identifier: CVE-2014-4624 Severity Rating: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected products: • EMC Avamar Data Store ADS and Avamar Virtual Editio...

CVE-2014-4624

EMC Avamar Data Store ADS and Avamar Virtual Edition AVE 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call...

Authentication flaw

EMC Avamar Data Store ADS and Avamar Virtual Edition AVE 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call...

CVE-2014-4624

EMC Avamar Data Store ADS and Avamar Virtual Edition AVE 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call...

VMSA-2014-0011:VMware vSphere Data Protection product update addresses a CRITICAL information disclosure vulnerability.

VMSA-2014-0011 VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0011 VMware Security Advisory Synopsis: VMware vSphere Data Protection product update addresses a critic...

[SECURITY] Fedora 20 Update: apache-poi-3.10.1-1.fc20

The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...

Apple Quicktime for Java 7 - Memory Access

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.2.4 update (Moderate) (RHSA-2014:0798)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0798 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an op...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.4 and fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.4 and fix multiple security issues, several bugs, and add various enhancements are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security...

[oCERT-2014-002] Xalan-Java insufficient secure processing

2014-002 Xalan-Java insufficient secure processing Description: The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing JAXP which supports a secure processing feature for interpretive and XSLCT processors. The...

Oracle Javadoc HTML frame injection vulnerability

Overview Javadoc HTML pages that were created by Javadoc 7 Update 21 and before, 6 Update 45 and before, 5.0 Update 45 and before, JavaFX 2.2.21 and before contain a frame injection vulnerability that could allow an attacker to replace a Javadoc web page frame with a malicious page. Description...

Java JAX-WS statistics.impl package sandbox breach

Added: 02/07/2013 CVE: CVE-2012-5076 BID: 56054 OSVDB: 86350 Background Java API for XML Web Services JAX-WS is a technology for developing web services in Java. It is included in the Java EE 5 platform. Problem A vulnerability in JAX-WS when handling the...