CVE-2021-28167

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

Security Bulletin: CVE-2021-28167 may affect IBM® SDK, Java™ Technology Edition

Summary CVE-2021-28167 was addressed in Eclipse OpenJ9 version 0.26 Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions, caused by a flaw in the jdk.internal.reflect.ConstantPool API. By sending a specially-crafted...

Design/Logic Flaw

In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the JVM in some cases to pre-resolve certain constant pool entries. This allows a user to call static methods or access static members without running the class initialization method, and may allow a us...

Adobe Flash Player 23.0.0.162 - '.SWF' ConstantPool Critical Memory Corruption

Application: Adobe Flash Player Platforms: Windows,OSX Versions: 23.0.0.162 and earlier Author: Francis Provencher of COSIG Website: https://cosig.gouv.qc.ca/en/advisory/ Twitter: @COSIG Date: October 11, 2016 CVE-2016-4273 COSIG-2016-35 1 Introduction 2 Report Timeline 3 Technical details 4 POC...