Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

java security update

CentOS Errata and Security Advisory CESA-2011:0281 Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scorin...

Adobe Flash Player AVM Bytecode Verification vulnerability-vulnerability warning-the black bar safety net

Adobe Flash Player 9.0-10.0 not properly validate the byte stream before executing it, leading to uninitialized memory in the code is executed. Use the heap spray technique to control it is to not initialize the memory area may execute arbitrary code. +info: Adobe Flash Player AVM Bytecode...

Adobe Flash Player AVM Bytecode Verification Vulnerability

This module exploits a vulnerability in Adobe Flash Player versions 10.2.152.33 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JITJust-In-Time code being executed. This is the same vulnerability that was used for the RSA attack ...

Adobe Flash Player AVM Bytecode Verification

$Id: adobeflashplayeravm.rb 12091 2011-03-23 04:41:48Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1

Ubuntu Update for Linux kernel vulnerabilities USN-1079-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10791.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for openjdk-6 vulnerabilities USN-1079-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...

kernel: logic error in INET_DIAG bytecode auditing

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

kernel: logic error in INET_DIAG bytecode auditing

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

CVE-2010-3880

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

Design/Logic Flaw

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

CVE-2010-3880

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

PT-2010-5135 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.37-rc2 Description: The issue is related to the improper auditing of INET DIAG bytecode in the Linux kernel. Local users can cause a denial of service, specifically a kernel infinite loop, by sending crafted...

CVE-2010-3880

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

kernel: logic error in INET_DIAG bytecode auditing

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

Researcher Releases JavaSnoop Java-Analysis Tool

Java has long been one of the more widely used–and widely criticized–technologies on the Web. It’s used virtually everywhere and roundly panned by security researchers for its security shortcomings. Now, a researcher has released a new tool, called JavaSnoop, that’s designed to help people better...

SuSE 11 Security Update : clamav (SAT Patch Number 2298)

Specially crafted CAB archives could crash clamav CVE-2010-1311 or bypass virus detection CVE-2010-0098. clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan...

CVE-2010-3814

Heap-based buffer overflow in the InsSHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document wit...

Heap overflow

Heap-based buffer overflow in the InsSHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document wit...

SuSE 10 Security Update : clamav (ZYPP Patch Number 6990)

Specially crafted CAB archives could crash clamav CVE-2010-1311 or bypass virus detection CVE-2010-0098. clamav has been updated to version 0.96 which fixes those issues. Citing freshmeat.net : This Release introduces new malware detection mechanisms and other significant improvements to the scan...