CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

MS03-011: Flaw in the Microsoft VM could enable system compromise

The Microsoft virtual machine Microsoft VM update that was previously listed in this article is no longer available. For more information, visit the following Microsoft Web pages: http://www.microsoft.com/mscorp/java/default.mspxhttp://support.microsoft.com/gp/lifean12Technical UpdateJuly 17, 200...

jdk7-openjdk: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

jre7-openjdk-headless: multiple issues

CVE-2016-3458 sandbox restriction bypass It was discovered that the CORBA component of OpenJDK did not sufficiently restrict the use of custom ValueHandler when performing object deserialization. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox...

Project Zero Patch Tuesday roundup, November 2014

Posted by Chris Evans, Registrar of Bugs It’s been about a week since Patch Tuesday, and the Project Zero reports mentioned in the various advisories are now public. We won’t always be writing a Patch Tuesday roundup, but we often will when we believe there is a sufficiently varied and interestin...

[SECURITY] [DSA 2987-2] openjdk-7 regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-2987-2 [email protected] http://www.debian.org/security/ Florian Weimer August 31, 2014 http://www.debian.org/security/faq -...

Sun/Netscape Java Virtual Machine1.x Bytecode Verifier Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6224/info A vulnerability in the Sun and Netscape Java Virtual Machine has been reported. The vulnerability is related to the bytecode verifier, a component of the Java compiler that ensures legal structure of Java...

Microsoft Java Virtual Machine 3802 Series Bytecode Verifier Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6221/info The Microsoft Java virtual machine implementation contains a vulnerability that may allow for malicious Java applets to escape the security sandbox. An applet constructed at the bytecode-level may be able to...

[SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year Issues 51, 55 and 57-60. Our original vulnerability reports and Proof of Concept codes for these and some previously disclosed...

Oracle Java Runtime Bytecode Verifier Cache Code Execution (CVE-2012-1723)

An input validation error vulnerability has been reported in Oracle Java Runtime JRE. The vulnerability is due to a type confusion error. A remote attacker can exploit this issue by enticing a target user to open a specially crafted web page containing a Java applet or running a Java Archive JAR...

Debian Security Advisory DSA 2507-1 (openjdk-6)

The remote host is missing an update to openjdk-6 announced via advisory DSA 2507-1. OpenVAS Vulnerability Test $Id: deb25071.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2507-1 openjdk-6 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Oracle Java Runtime Hotspot Bytecode Verifier Type Confusion

Added: 07/23/2012 CVE: CVE-2012-1723 BID: 53960 OSVDB: 82877 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Java Applet - Field Bytecode Verifier Cache Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 false def initiali...

Java Applet Field Bytecode Verifier Cache Remote Code Execution

This module exploits a vulnerability in HotSpot bytecode verifier where an invalid optimization of GETFIELD/PUTFIELD/GETSTATIC/PUTSTATIC instructions leads to insufficient type checks. This allows a way to escape the JRE sandbox, and load additional classes in order to perform malicious operation...

Java Applet Field Bytecode Verifier Cache Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 false def initiali...

Java Applet Field Bytecode Verifier Cache Remote Code Execution

Exploit for java platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Debian DSA-2507-1 : openjdk-6 - several vulnerabilities

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. - CVE-2012-1711 CVE-2012-1719 Multiple errors in the CORBA implementation could lead to breakouts of the Java sandbox. - CVE-2012-1713 Missing input sanitising in the font manager could lead to...

[SECURITY] [DSA 2507-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2507-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 04, 2012 http://www.debian.org/security/faq -...

ZDI-10-115: Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution Vulnerability

ZDI-10-115: Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-115 June 25, 2010 -- CVE ID: CVE-2010-2160 -- Affected Vendors: Adobe -- Affected Products: Adobe Flash Player -- TippingPointTM IPS Customer...

Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVM...