571 matches found
Deliberately Insecure Web Application: OWASP WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...
JDK: unspecified vulnerability fixed in 7u91 and 8u65 (Deployment)
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
OpenJDK: insufficient permission checks in StubGenerator (CORBA, 8076383)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881...
JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...
JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Deployment)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment...
ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (Install)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
OpenJDK: IIOPInputStream type confusion vulnerability (CORBA, 8076376)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...
JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459...
IBM JDK Java Information Disclosure Vulnerability
IBM Java is a JRE runtime environment. An information disclosure vulnerability exists in the IBM JDK Java virtual machine, which allows attackers to exploit the vulnerability to bypass privilege checks and gain access to sensitive information...
JDK: unspecified vulnerability fixed in 5.0u85, 6u95, 7u79 and 8u45 (2D)
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459...
ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...
OpenJDK: DER decoder infinite loop (Security, 8059485)
A flaw was found in the way the DER Distinguished Encoding Rules decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded...
ICU: font parsing OOB read (OpenJDK 2D, 8055489)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
ICU: font parsing OOB read (OpenJDK 2D, 8056276)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
JDK: unspecified partial Java sandbox bypass fixed in Feb 2015 update
Unspecified vulnerability in the Java Virtual Machine JVM in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via...
ICU: font parsing OOB read (OpenJDK 2D, 8055489)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...
ICU: font parsing OOB read (OpenJDK 2D, 8056276)
A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory...