OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

Ubuntu 11.10 / 12.04 LTS : icedtea-web regression (USN-1804-2)

USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol JNLP when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We...

USN-1804-2: IcedTea-Web regression

USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol JNLP when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. We...

Ubuntu Update for icedtea-web USN-1804-1

Check for the Version of icedtea-web OpenVAS Vulnerability Test $Id: gbubuntuUSN18041.nasl 8448 2018-01-17 16:18:06Z teissa $ Ubuntu Update for icedtea-web USN-1804-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : icedtea-web vulnerabilities (USN-1804-1)

Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. CVE-2013-1926 It was discovered that IcedTea-Web did not properly...

Ubuntu: Security Advisory (USN-1804-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-1804-1: IcedTea-Web vulnerabilities

Jiri Vanek discovered that IcedTea-Web would use the same classloader for applets from different domains. A remote attacker could exploit this to expose sensitive information or potentially manipulate applets from other domains. CVE-2013-1926 It was discovered that IcedTea-Web did not properly...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

IBM Java java.lang.ClassLoader.defineClass Sandbox Breach (CVE-2012-4823)

A sandbox breach vulnerability has been reported IBM Java. The vulnerability exists in a certain function which calls a specific class, which later incorrectly returns a privileged ClassLoader, which is then used to instantiate a certain object. That object uses ByteArrays to create a class, whic...

CVE-2012-4823

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

JDK: java.lang.ClassLoder defineClass() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 (java-1.6.0-openjdk)

Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2012:169 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:169)

Multiple security issues were identified and fixed in OpenJDK icedtea6 : - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders are...

java-1_7_0-openjdk: Update to icedtea-2.3.3 (important)

java-170-opendjk was updated to icedtea-2.3.3 bnc785814 Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7158796, CVE-2012-5070: Tighten properties...

Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass

Apple QuickTime - QuickTime.util.QTByteObject Initialization Security Checks Bypass / c SECURITY EXPLORATIONS 2012 poland / / http://www.security-explorations.com / / Apple QuickTime Java extensions / / quicktime.util.QTByteObject initialization security checks bypass / In order to test the POC...

icedtea-web: home directory path disclosure to untrusted applications

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

CVE-2011-2513

The Java Network Launching Protocol JNLP implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader...

Oracle Java Unsigned Applet Applet2ClassLoader Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2010-4351

The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...

Design/Logic Flaw

The JNLP SecurityManager in IcedTea IcedTea.so 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security...