1260 matches found
Oracle Java MethodHandle Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MethodHandle...
IBM SDK, Java Technology Edition ORB Implementation Elevation of Privilege Caveat
IBM WebSphere Real Time is a Java runtime environment and development suite from IBM, U.S.A. IBM SDK, Java Technology Edition is an integrated toolkit for creating, discovering, invoking, and testing Web services. An elevation of privilege vulnerability exists in the ORB implementation of IBM SDK...
groovy: remote execution of untrusted code in class MethodClosure
A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...
groovy: remote execution of untrusted code in class MethodClosure
A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...
Apache Groovy 2.4.x Disclosure Vulnerabilities
Exploit for multiple platform in category remote exploits Severity: Important Vendor: The Apache Software Foundation Versions Affected: All unsupported versions ranging from 1.7.0 to 2.4.3. Impact Remote execution of untrusted code, DoS Here you can find information about security patches or...
ICU: integer overflow in LETableReference verifyLength() (OpenJDK 2D, 8077520)
An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
groovy -- remote execution of untrusted code
Cédric Champeau reports: Description When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly wh...
OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...
OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient code privileges checks (JAX-WS, 8054367)
An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...
OpenJDK: class verifier insufficient invokespecial calls verification (Hotspot, 8058982)
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions...
OpenJDK: phantom references handling issue in garbage collector (Hotspot, 8047125)
A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions...
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)
Multiple vulnerabilities were fixed in java-160-openjdk : - CVE-2010-4448: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N: DNS cache poisoning by untrusted applets - CVE-2010-4450: CVSS v2 Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P: Launcher incorrect processing of empty library path entries ...
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...