JDK: unspecified vulnerability fixed in 6u29 (Deployment)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment...

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...

CVE-2011-3138

The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit JDK class, which might allow attackers to bypass...

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

JDK unspecified vulnerability in Deployment component

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown...

OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect confidentiality via unknown vectors related to 2D...

RHEL 6 : eclipse (RHSA-2011:0568)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:0568 advisory. The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting XSS flaw was found in the...

OpenJDK HttpURLConnection allows arbitrary request headers (6961084,6980004)

Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 and 5.0 Update 25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU...

Sun Java Runtime Environment JPEGImageReader Heap Overflow

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503)

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

Sun Java Runtime Environment Type1 Font Parsing Integer Overflow (CVE-2009-1099)

Java Technology is a programing platform developed by Sun Microsystems which aims to provide a system for developing and deploying cross-platform applications. Java is used in a wide variety programs that are deployed on personal computers as well as embedded devices and cell phones. Java...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

OpenJDK: Improper parsing of crossdomain.xml files (intended access restriction bypass) (6798948)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948...

OpenJDK GIF processing buffer overflow vulnerability (6804998)

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

OpenJDK GIF processing buffer overflow vulnerability (6804998)

Buffer overflow in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.219 and earlier; and 1.3.124 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998...

OpenJDK: Type1 font processing buffer overflow vulnerability

Integer signedness error in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...