407 matches found
CVE-2015-0192
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...
JDK: unspecified Java sandbox restrictions bypass
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...
Thermostat User Certificate Acquisition Vulnerability
Thermostat is a suite of monitoring instrumentation tools that support monitoring multiple JVM instances in OpenJDK HotSpot virtual machines. Thermostat failed to properly set web.xml file permissions, allowing a local attacker to obtain user credentials by reading the file...
thermostat: world-readable configuration file containing credentials
It was discovered that the Thermostat web application stored database authentication credentials in a world-readable configuration file. A local user on a system running the Thermostat web application could use this flaw to access and modify monitored JVM data, or perform actions on connected JVM...
ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...
JDK: unspecified Java sandbox restrictions bypass
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...
JDK: unspecified Java sandbox restrictions bypass
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...
JDK: unspecified partial Java sandbox restrictions bypass
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine...
JDWP 代码执行漏洞
JPDAJava Platform Debugger Architecture 是 Java 平台调试体系结构的缩写,通过 JPDA 提供的 API,开发人员可以方便灵活的搭建 Java 调试应用程序。JPDA 主要由三个部分组成:Java虚拟机工具接口(JVMTI),Java 调试线协议(JDWP),以及 Java 调试接口(JDI)。JDWP协议可以支持远程调试,当次接口未授权访问时,可以执行Java代码,造成代码执行,获取服务器权限。服务端监听80端口记录访问: 使用jdwp-shellifier,执行系统命令:python jdwp-shellifier.py -t...
JDK: unspecified Java sandbox restrictions bypass
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...
JDK: unspecified partial Java sandbox restrictions bypass
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine...
JDK: unspecified partial Java sandbox restrictions bypass
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine...
JDK: unspecified Java sandbox restrictions bypass
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine...
PT-2015-4518
Name of the Vulnerable Software and Affected Versions IBM Java versions prior to 8 SR1 IBM Java 7 R1 versions prior to SR2 FP11 IBM Java 7 versions prior to SR9 IBM Java 6 R1 versions prior to SR8 FP4 IBM Java 6 versions prior to SR16 FP4 IBM Java 5.0 versions prior to SR16 FP10 Description The...
IBM JDK Java Virtual Machine Elevation of Privilege Vulnerability
IBM Java is a JRE runtime environment. An unspecified security vulnerability exists in the IBM JDK Java virtual machine, which allows attackers to exploit the vulnerability to execute malicious code with elevated privileges...
IBM JDK Java Information Disclosure Vulnerability
IBM Java is a JRE runtime environment. An information disclosure vulnerability exists in the IBM JDK Java virtual machine, which allows attackers to exploit the vulnerability to bypass privilege checks and gain access to sensitive information...
Unspecified Vulnerability in Oracle Database Server VM Component
Oracle Database Server is a relational database management system. A security vulnerability exists in the JAVA VM component of Oracle Database Server, which can be exploited by remote attackers to compromise system confidentiality, integrity, and availability...
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/srpm/x86_64 (20150415)
An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...
Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20150415)
An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...
MGASA-2015-0158 Updated java-1.7.0-openjdk packages fix security vulnerabilities
Updated java-1.7.0 packages fix security vulnerabilities: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrust...