CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1021 advisory. - jar: directory traversal vulnerability CVE-2005-1080 - IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites FREAK...

SOL16475 - Multiple Sun Java vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

VMware Workspace Portal Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)

The VMware Workspace Portal formerly known as VMware Horizon Workspace installed on the remote host is version 2.x prior to 2.1.1. It is, therefore, affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles paddi...

SUSE-SU-2015:0503-1 Security update for java-1_7_0-openjdk

This update fixes 13 security issues. These security issues were fixed: - CVE-2015-0395: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot bnc914041. -...

VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)

The version of VMware vCenter Update Manager installed on the remote Windows host is 5.1 prior to Update 3. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.6.081. C Tenable Network Security, Inc. include"compat.inc"; if description...

SUSE-SU-2015:0343-1 Security update for IBM Java

java-170-ibm has been updated to version 1.7.0sr7.2 to fix 21 security issues. These security issues have been fixed: Unspecified vulnerability CVE-2014-3065. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for...

VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)

The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.7.055. C Tenable Network Security, Inc. include"compat.inc"; if description...

RHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1042 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes sever...

OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX...

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...

JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424...

JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

DailyMotion Hosting Malvertising Leading to Fake AV Attack

Video-sharing site DailyMotion, one of the most popular destinations on the Web, is in the throes of an attack where it is serving malicious ads redirecting users to a fake AV scam. Security firm Invincea reported the issue to the website, and as of 4 p.m. ET, DailyMotion was still serving the fa...

Yahoo Removes Ads Redirecting to Magnitude Exploit Kit

The race to replace the Blackhole Exploit Kit as the web exploit pack of choice for cybercriminals seems to have an early leader in Magnitude. Researchers at Dutch security firm Fox-IT reported over the weekend that European visitors to Yahoo were falling victim to malicious ads hosted on the sit...

Multiple Java vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 IBM SECURITY ADVISORY First Issued: Wed Dec 11 10:53:34 CST 2013 | Updated: Mon Feb 3 10:36:58 CST 2014 | Updated: Sections II and III modifications | Updated: Includes VIOS The most recent version of this document is available here:...

MGASA-2013-0322 Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

OpenJDK: JPEGImageWriter state corruption (ImageIO, 8007918)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

JDK: java.lang.class code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...