407 matches found
OpenJDK: incorrect handling of phantom references (Hotspot, 8071931)
A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...
Oracle Patch Update Delivers 98 Fixes
Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few. One of the most pressing issues the update resolves is...
java security update
CentOS Errata and Security Advisory CESA-2015:0807 Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS...
java security update
CentOS Errata and Security Advisory CESA-2015:0809 Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System...
Security feature bypass
Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...
CVE-2014-8892
CVE-2014-8892 affects IBM SDK/JVM used by Tivoli Storage Productivity Center (IBM Java Technology Edition). The IBM security bulletin describes the vulnerability as a bypass of permission checks under a security manager, potentially allowing untrusted code to view sensitive information. Remediati...
CVE-2014-8891
Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to escape the Java sandbox and execute arbitrary code via unspecified vector...
CVE-2014-8891
CVE-2014-8891 affects IBM SDK, Java Technology Edition (IBM JRE) under multiple releases: 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10. The vulnerability allows remote attackers to escape the Java sandbox and execute arbitrary code through...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
ICU: font parsing OOB read (OpenJDK 2D, 8055489)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
ICU: font parsing OOB read (OpenJDK 2D, 8056276)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
ICU: font parsing OOB read (OpenJDK 2D, 8055489)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
Unspecified Vulnerability in Oracle Database Server OJVM Component
Oracle Database is a large database of commercial nature. An unspecified security vulnerability in the Oracle Database Server OJVM component could be exploited by remote attackers to compromise system confidentiality, integrity, and availability...
CVE-2014-3086
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
Security feature bypass
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
CVE-2014-3086
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
CVE-2014-3086
CVE-2014-3086 is an IBM Java VM privilege-escalation issue impacting IBM Java SDK/JRE used in IBM WebSphere Real Time and related IBM products. The vulnerability allows untrusted code running under a security manager to escalate privileges, enabling remote code execution under the context of the ...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
JDK: Privilege escalation issue
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager...
RHEL 6 / 7 : java-1.7.0-openjdk (RHSA-2014:0889)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0889 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was...