CVE-2007-5375

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

CVE-2007-5274

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

Design/Logic Flaw

Sun Java Runtime Environment JRE in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound...

Sun Java JRE Image Parsing Vulnerabilities (102934)

According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly is affected by a buffer overflow in its image processing code as well as another issue that may cause the Java Virtual Machine to hang. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CentOS 3 / 4 : openoffice.org (CESA-2006:0573)

Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager,...

Important: Red Hat Security Advisory: openoffice.org security update

Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager,...

Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006 CVE: CVE-2005-2087 BID: 14087 OSVDB: 17680 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. One such object, the JView Profiler Javaprxy.dll, is a debugger interface for Microsoft...

Multiple MacOS X vulnerabilites

ImageIO GIF files parsing buffer overflow, Mail.app information leakage, QuickDraw Manager PICT files parsing buffer overflow, Java virtual machine quick time extensions safe mode protection bypass, Safari crossite scripting...

CVE-2002-2072

java.security.AccessController in Sun Java Virtual Machine JVM in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service JVM crash via a Java program that calls the doPrivileged method with a null argument...

CVE-2005-0223

The Software Development Kit SDK and Run Time Environment RTE 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service Java Virtual Machine hang via object deserialization...

HP-UX PHSS_28686 : s700_800 11.04 Virtualvault 4.6 OWS update

s700800 11.04 Virtualvault 4.6 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078. - 1 A defect in the JavaTM Virtual Machine may allow illegal access to protected fields or methods of an...

HP-UX PHSS_28685 : s700_800 11.04 Virtualvault 4.5 OWS update

s700800 11.04 Virtualvault 4.5 OWS update : The remote HP-UX host is affected by multiple vulnerabilities : - A remotely exploitable potential vulnerability has been reported in CAN-2003-0078. - 1 A defect in the JavaTM Virtual Machine may allow illegal access to protected fields or methods of an...

CVE-2005-0223

The Software Development Kit SDK and Run Time Environment RTE 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service Java Virtual Machine hang via object deserialization...

CVE-2004-0723

Microsoft Java virtual machine VM 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."...

CVE-2004-0723

Microsoft Java virtual machine VM 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."...

CVE-2004-0723

CVE-2004-0723 affects the Microsoft Java VM 5.0.0.3810. The issue allows a remote attacker to bypass sandbox restrictions and read/write data between applets from different domains via the GET/Key and PUT/Key/Value commands (cross-site Java). The provided documents identify the vulnerable compone...

Sun Java Virtual Machine 1.x - Font.createFont Method Insecure Temporary File Creation

Sun Java Virtual Machine 1.x - Font.createFont Method Insecure Temporary File Creation source: https://www.securityfocus.com/bid/10685/info Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Uni...

Sun Java Virtual Machine 1.x - 'Font.createFont' Method Insecure Temporary File Creation

source: https://www.securityfocus.com/bid/10685/info Sun Java Virtual Machine is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms. Sun Java Virtual Machine is prone to an insecure...

Sun Java Runtime Environment vulnerable to DoS

Overview The Sun Java Runtime Environment JRE contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service condition in the Java Virtual Machine JVM. Description The Sun Java Runtime Environment provides the libraries and components necessary to run...

CVE-2003-0896

The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine JVM in Sun SDK and JRE 1.4.103 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" slash instead of "." dot characters,...