Lucene search
K

20 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.41 views

Security Bulletin: IBM Operational Decision Manager and WebSphere ILOG JRules: Multiple security vulnerabilities in IBM JRE

Summary This Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment JRE included in IBM Operational Decision Manager and IBM ILOG JRules. IBM ODM and ILOG JRules now include the most recent version of the IBM JRE which fixes the security...

9.3CVSS0.5AI score0.24738EPSS
Exploits0Affected Software1
ArchLinux
ArchLinux
added 2016/04/01 12:0 a.m.54 views

jre7-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/04/01 12:0 a.m.61 views

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/04/01 12:0 a.m.54 views

jre7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/03/29 12:0 a.m.47 views

jre8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/03/29 12:0 a.m.77 views

jdk8-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2016/03/29 12:0 a.m.62 views

jre8-openjdk-headless: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

9.3CVSS2.8AI score0.05765EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2016/03/27 12:0 a.m.3 views

Oracle Java SE Security Sandbox Escape (CVE-2013-5838; CVE-2016-0636)

A Java security sandbox escape vulnerability exists in Oracle Java SE, due to an input validation error. A remote attacker could entice a user running a browser which uses an affected Oracle Java SE release to visit a malicious web page that leverages this vulnerability. Successful exploitation c...

9.3CVSS2.3AI score0.05765EPSS
Exploits0
ThreatPost
ThreatPost
added 2016/03/24 12:5 p.m.48 views

Emergency Java Patch Re-Issued for 2013 Vulnerability

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it...

9.3CVSS0.6AI score0.05765EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2016/03/14 9:24 a.m.36 views

Broken 2013 Java Patch Leads to Sandbox Bypass

Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish...

9.3CVSS9AI score0.04652EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.37 views

Oracle: Security Advisory (ELSA-2013-1447)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.24738EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.31 views

Amazon Linux: Security Advisory (ALAS-2013-235)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.24738EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/05/12 12:0 a.m.350 views

IBM Domino 9.x < 9.0.1 Fix Pack 1 Multiple Vulnerabilities (uncredentialed check)

According to its version, the IBM Domino formerly IBM Lotus Domino on the remote host is 9.x prior to 9.0.1 Fix Pack 1 FP1. It is, therefore, affected by the following vulnerabilities : - A stack overflow issue exists due to the insecure '-z execstack' flag being used during compilation, which...

10CVSS7.6AI score0.24738EPSS
Exploits3References84
RedHat Linux
RedHat Linux
added 2013/11/07 4:47 p.m.52 views

Critical: Red Hat Security Advisory: java-1.7.0-ibm security update

Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

10CVSS6.8AI score0.17606EPSS
Exploits0References49
OpenVAS
OpenVAS
added 2013/10/29 12:0 a.m.47 views

CentOS Update for java CESA-2013:1447 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.6AI score
Exploits0References2
OpenVAS
OpenVAS
added 2013/10/29 12:0 a.m.38 views

RedHat Update for java-1.7.0-openjdk RHSA-2013:1447-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.24738EPSS
Exploits0References2
Cent OS
Cent OS
added 2013/10/22 7:41 a.m.80 views

java security update

CentOS Errata and Security Advisory CESA-2013:1447 Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syst...

10CVSS6.9AI score0.24738EPSS
Exploits0References7
Chainguard
Chainguard
added 2013/10/16 5:55 p.m.6 views

CVE-2013-5838 vulnerabilities

Vulnerabilities for packages: openjdk-26-openj9, openjdk-17-openj9, openjdk-25-openj9, openjdk-8-openj9, openjdk-21-openj9, openjdk-11-openj9...

9.3CVSS6.8AI score0.04652EPSS
Exploits0
CVE
CVE
added 2013/10/16 5:31 p.m.325 views

CVE-2013-5838

CVE-2013-5838 affects Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, with an unspecified vulnerability that could allow a remote attacker to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. Connected advisories detail that a se...

9.3CVSS6.9AI score0.04652EPSS
Exploits0References12Affected Software1
Symantec
Symantec
added 2013/10/15 12:0 a.m.77 views

Oracle Java SE CVE-2013-5838 Remote Security Vulnerability

Description Oracle Java SE is prone to a remote security vulnerability. The vulnerability can be exploited over multiple protocols. This issue affects the 'Libraries' sub-component. This vulnerability affects the following supported versions: Java SE 7u25, Java SE Embedded 7u25 Technologies...

9.3CVSS0.6AI score0.04652EPSS
Exploits0References1Affected Software45
Rows per page
Query Builder