flash-plugin: multiple code execution flaws (APSB13-26)

Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or caus...

JDK: unspecified sandbox bypass (XML)

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows remote attackers to execute arbitrary code via unspecified vectors...

JDK: unspecified sandbox bypass (ORB)

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to execute arbitrary code via unspecified vectors...

JDK: unspecified sandbox bypass (JVM)

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors...

JDK: unspecified sandbox bypass (JVM)

Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 before SR6, 6.0.1 before SR7, and 6.0.0 before SR15 allows remote attackers to access restricted classes via unspecified vectors...

OpenJDK: image conversion out of bounds read (2D, 8014102)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D...

OpenJDK: JTable not properly performing certain access checks (Swing, 8013744)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing...

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

Important: Red Hat Security Advisory: java-1.6.0-openjdk security update

Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

NIST Reviews Crypto Standards Development

The National Institute for Standards and Technology has taken an important step toward repairing what the National Security Agency has allegedly fractured by initiating a review of its cryptographic standards development processes. NIST-sponsored algorithms are at the heart of numerous crypto...

Practico 13.9 Multiple Vulnerabilities

Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...

Gary McGraw on BSIMM-V and Software Security

Dennis Fisher talks with Gary McGraw of Cigital about the progress of the BSIMM software security measurement model and how development organizations are addressing the challenges of securing their software. Download: digitalunderground131.mp3...

[SECURITY] Fedora 19 Update: icu-50.1.2-9.fc19

Tools and utilities for developing with icu...

[SECURITY] Fedora 18 Update: icu-49.1.1-12.fc18

Tools and utilities for developing with icu...

TrueCrypt Audit Endorsed by Development Team

UPDATE — The effort to audit TrueCrypt, the open source encryption tool, received an important endorsement in the last week when a member of its anonymous development team reached out to the organizers of IsTrueCryptAuditedYet? “He wrote us a friendly but formal letter stating that they were happ...

JDK: unspecified vulnerability fixed in 6u29 (Swing)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and...

OpenJDK: loadPropertyFile missing restrictions (JAXP, 8001235)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality via vectors related to JAXP. NOTE: the previou...

OpenJDK: image parser insufficient raster parameter checks (AWT, 8002325)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors relat...

JDK: unspecified vulnerability fixed in 7u25 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different...

JDK: unspecified vulnerability fixed in 6u31 and 7u3 (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.235 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availabili...