OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)

Unspecified vulnerability in the HotSpot Server component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors...

JDK unspecified vulnerability in Java2D component

Unspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.225, and 1.3.127 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Marc...

Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java

Overview Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications. Impact An attacker can execute arbitrary code on the target system. Solution Please refer to the 'Vendor Information' section for...

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...

OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877

Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...

CVE-2009-3720

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Adobe quarterly patch release should serve as an example

Adobe has become the third major software vendor to begin shipping its security updates on a regular schedule. Following the lead of Microsoft and Oracle, who have been releasing patches on a set schedule for many years, Adobe now will ship its patches once per quarter. It’s a move that’s overdue...

Serious Mac OS X Java vulnerability disclosed

There is an easily exploitable vulnerability in the Java implementation in Apple’s Mac OS X which could allow an attacker to run arbitrary code on a remote machine. The flaw, which is similar to a vulnerability that has been public for five months and affect other vendors’ products, affects even...

HP-UX Update for JRE HPSBUX00141

Check for the Version of JRE OpenVAS Vulnerability Test HP-UX Update for JRE HPSBUX00141 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of the GNU...

OpenJDK allows to list files within the user home directory (6484091)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors...

OpenJDK RSA public key length denial-of-service (6497740)

Unspecified vulnerability in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service CPU consumption via a crafted RSA public key...

Java Web Start Buffer overflow vulnerabilities (6557220)

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by a an application that grants itself...

Sun Java System Identity Manager XSS

Binary data 4341.prm...

security flaw

Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...

CVE-2007-0243

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

CVE-2005-3905

CVE-2005-3905 corresponds to the Java Reflection API vulnerabilities in Sun/Blackdown JDK/JRE prior to the fixed updates, enabling remote code execution by escaping the sandbox via the Reflection API. Affected: Java SDK/JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK/JRE 5.0 Update 3 and ...

HP-UX PHSS_22407 : s700_800 11.00 OV NNM6.1 pmd exception/core dump

s700800 11.00 OV NNM6.1 pmd exception/core dump : The remote HP-UX host is affected by multiple vulnerabilities : - Java SNMP MIB Browser Object ID parsing problem. - ovalarmsrv buffer overrun potential. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in...

KDE Security Advisory: Konqueror Java Vulnerability

KDE Security Advisory: Konqueror Java Vulnerability Original Release Date: 2004-12-20 URL: http://www.kde.org/info/security/advisory-20041220-1.txt 0. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1145 http://www.heise.de/security/dienste/browsercheck/tests/java.shtml 1. Syste...

Multiple bwosers Java privilege escalation

It's possible to access local files...

opera -- multiple vulnerabilities in Java implementation

Marc Schoenefeld reports: Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain unacceptable privileges. This allows them to be used for information gathering spying of local identity information and system configurations as well as causing annoying crash...