Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass

No description provided by source. Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that...

Sun Java Runtime Environment 1.x - Image Parsing Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28125/info Sun Java Runtime Environment is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to...

Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

No description provided by source. $Id: javarmiconnectionimpl.rb 10490 2010-09-27 00:09:17Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Sun Java Runtime Environment 1.4.2 - Font Parsing Remote Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25340/info The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet...

Sun JRE/SDK 1.x Untrusted Applet Java Security Model Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7824/info It has been reported that the Sun Java Runtime Environment does not properly protect trusted java applets. Because of this, it may be possible for an attacker to use a malicious applet to gain access to sensitiv...

Sun Java Runtime Environment 1.3/1.4/1.5 Nested Array Objects Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18058/info The Sun Java Runtime Environment is vulnerable to a denial-of-service vulnerability. This issue is due to the software's failure to handle exceptional conditions. This issue is reported to affect Java Runtime...

Sun Java Applet2ClassLoader - Remote Code Execution Exploit

No description provided by source. $Id: javacodebasetrust.rb 11983 2011-03-16 05:01:29Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Critical: Red Hat Security Advisory: java-1.7.1-ibm security update

Updated java-1.7.1-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 7 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Important: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2014:0412)

Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give...

OpenJDK: Incorrect IntegerComponentRaster size checks (2D, 8011248)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Better access restrictions (Sound, 8006328)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to...

OpenJDK: Resource denial of service (AWT, 8001038)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect availability via vectors related to AWT. NOTE: the...

OpenJDK: Incorrect image attribute verification (2D, 8012438)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...

OpenJDK: Proper class checking (JMX, 8008120)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from...

OpenJDK: AccessControlContext check order issue (Libraries, 8001330)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different...

OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information...

JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT...

CentOS 5 : java-1.7.0-openjdk (CESA-2014:0407)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...