Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

Critical: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity rating...

CVE-2012-1682

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not...

VMware ESXi/ESX updates to third party libraries (VMSA-2012-0013)

The remote ESXi is missing one or more security related Updates from VMSA-2012-0013. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2012-3136

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682...

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

VulnCheck KEV: CVE-2012-4681

The Java Runtime Environment JRE component in Oracle Java SE allow for remote code execution...

CVE-2012-4681

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

FireEye spotted Critical 0-day vulnerability in Java Runtime Environment

FireEye's Malware Intelligence Lab is making the claim that there is a new zero day vulnerability in the wild that affects the latest version of Java.Researcher. Atif Mushtaq wrote on the company's blog that he spotted the initial exploit on a domain that pointed to an IP address in China. The...

Oracle Java JRE 1.7 Expression.execute() and SunToolkit.getField() fail to restrict access to privileged code

Overview Oracle Java Runtime Environment JRE 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions. Description The Oracle Java Runtime Environment JRE 1.7 allows users to run Java applications in a browser or as...

Oracle Java SE Java Runtime Environment Multiple Unspecified Vulnerabilities - Windows

Oracle Java SE is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Java SE Java Runtime Environment Unspecified Vulnerability - Windows

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-142 August 17, 2012 - -- CVE ID: CVE-2012-1713 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20120613)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandb...

Scientific Linux Security Update : tzdata on SL3.x, SL4.x, SL5.x i386/x86_64

This updated package addresses the following change to Daylight Saving Time DST observations : - although DST was previously announced as beginning in Pakistan on 2010-01-04, it has now been confirmed Pakistan will not observe any DST in 2010. BZ577710, BZ577835, BZ577837 - after observing DST as...

Scientific Linux Security Update : jdk (java) on SL5.x i386/x86_64

A flaw in the applet caching mechanism of the Java Runtime Environment JRE did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. CVE-2007-5232...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x i386/x86_64

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user...

Scientific Linux Security Update : java-1.6.0-openjdk on SL6.x i386/x86_64 (20120214)

These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could u...