SUSE CVE-2016-0363

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

CVE-2016-0376

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 does not properly deserialize classes in an AccessController...

CVE-2013-5456

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block...

Java Runtime Environment DriverManager doPrivileged block sandbox bypass

Added: 05/24/2013 CVE: CVE-2013-1488 BID: 58504 OSVDB: 91472 Background Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements for executing a Ja...

(Pwn2Own) Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the usage of...