MGASA-2015-0280 Updated java-1.8.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

MGASA-2015-0277 Updated java-1.7.0-openjdk package fixes security vulnerabilities

Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733. A flaw was fou...

JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D...

JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D...

JDK: unspecified vulnerability fixed in 7u85 and 8u51 (2D)

Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D...

JDK: unspecified vulnerability fixed in 6u101, 7u85 and 8u51 (2D)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D...

CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732...

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1021)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1021 advisory. - jar: directory traversal vulnerability CVE-2005-1080 - IBM JDK: ephemeral RSA keys accepted for non-export SSL/TLS cipher suites FREAK...

SOL16475 - Multiple Sun Java vulnerabilities

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy...

VMware Workspace Portal Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)

The VMware Workspace Portal formerly known as VMware Horizon Workspace installed on the remote host is version 2.x prior to 2.1.1. It is, therefore, affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles paddi...

SUSE-SU-2015:0503-1 Security update for java-1_7_0-openjdk

This update fixes 13 security issues. These security issues were fixed: - CVE-2015-0395: Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allowed remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot bnc914041. -...

VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0012)

The version of VMware vCenter Update Manager installed on the remote Windows host is 5.1 prior to Update 3. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.6.081. C Tenable Network Security, Inc. include"compat.inc"; if description...

SUSE-SU-2015:0343-1 Security update for IBM Java

java-170-ibm has been updated to version 1.7.0sr7.2 to fix 21 security issues. These security issues have been fixed: Unspecified vulnerability CVE-2014-3065. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for...

VMware vCenter Update Manager Multiple Java Vulnerabilities (VMSA-2014-0008)

The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 2. It is, therefore, affected by multiple vulnerabilities related to the bundled version of Oracle JRE prior to 1.7.055. C Tenable Network Security, Inc. include"compat.inc"; if description...

RHEL 7 : java-1.7.1-ibm (RHSA-2014:1042)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1042 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes sever...

OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX...

OpenJDK: Prevent instantiation of service with non-public constructor (Security, 8035004)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security...

JDK: unspecified vulnerability fixed in 6u71 and 7u51 (Deployment)

Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415, CVE-2014-0418, and CVE-2014-0424...

JDK: unspecified vulnerability fixed in 5.0u71, 6u71 and 7u51 (2D)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

DailyMotion Hosting Malvertising Leading to Fake AV Attack

Video-sharing site DailyMotion, one of the most popular destinations on the Web, is in the throes of an attack where it is serving malicious ads redirecting users to a fake AV scam. Security firm Invincea reported the issue to the website, and as of 4 p.m. ET, DailyMotion was still serving the fa...