OpenJDK: image conversion out of bounds read (2D, 8014102)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D...

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

NIST Reviews Crypto Standards Development

The National Institute for Standards and Technology has taken an important step toward repairing what the National Security Agency has allegedly fractured by initiating a review of its cryptographic standards development processes. NIST-sponsored algorithms are at the heart of numerous crypto...

Practico 13.9 Multiple Vulnerabilities

Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...

Gary McGraw on BSIMM-V and Software Security

Dennis Fisher talks with Gary McGraw of Cigital about the progress of the BSIMM software security measurement model and how development organizations are addressing the challenges of securing their software. Download: digitalunderground131.mp3...

[SECURITY] Fedora 19 Update: icu-50.1.2-9.fc19

Tools and utilities for developing with icu...

[SECURITY] Fedora 18 Update: icu-49.1.1-12.fc18

Tools and utilities for developing with icu...

TrueCrypt Audit Endorsed by Development Team

UPDATE — The effort to audit TrueCrypt, the open source encryption tool, received an important endorsement in the last week when a member of its anonymous development team reached out to the organizers of IsTrueCryptAuditedYet? “He wrote us a friendly but formal letter stating that they were happ...

OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

JDK: unspecified vulnerability fixed in 6u29 (Swing)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...

JDK: unspecified vulnerability fixed in 7u25 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...

JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.235 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availabili...

OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related ...

OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previou...

RHEL 6 : java-1.7.0-openjdk (RHSA-2013:1451)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1451 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple inp...

OpenJDK: Java2d Disposer security bypass (2D, 8017287)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability tha...

BoltWire 3.5 Cross Site Scripting

============================================= INTERNET SECURITY AUDITORS ALERT 2013-010 - Original release date: March 20th, 2013 - Last revised: March 25th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2013-2651...

PT-2013-4988 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: CHICKEN versions prior to 4.8.0.5 CHICKEN development snapshots versions prior to 4.8.3 Description: The issue is related to a buffer overflow in the read-string! procedure within the extras unit. This can be exploited by remote attackers to...

MIRcon Preview: Why C-Level Executives Should Attend

Security conferences come and go and most are well attended by information security practitioners for professional development and networking. But what about the executives who are responsible for strategy and who hold the budgets - what conferences should they attend? With MIRcon 2013, Nov. 5-6,...