Validator: JSM bypass via ReflectionHelper

It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions wi...

OpenJDK: Better ScriptEngineManager ScriptEngine management (Libraries, 8036794)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

java-1.7.0-openjdk security update

1.7.0.55-2.4.7.2.0.1.el70 - Update DISTRONAME in specfile 1.7.0.55-2.4.7.2 - Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled. - Always setup nss.cfg and depend on nss-devel at build-time to do so. - This allows users who wish to use PKCS11+NSS to just add it to...

OpenJDK: InfoBuilder incorrect return values (Serviceability, 8033301)

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability...

OpenJDK: RSA blinding issues (Security, 8031346)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

OpenJDK: RSA blinding issues (Security, 8031346)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

Sun JRE/SDK 1.x Untrusted Applet Java Security Model Violation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7824/info It has been reported that the Sun Java Runtime Environment does not properly protect trusted java applets. Because of this, it may be possible for an attacker to use a malicious applet to gain access to sensitiv...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0308-1)

OpenJDK java-160-openjdk was updated to 1.12.2 to fix bugs and security issues bnc801972 - Security fixes on top of 1.12.0 - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:0828-1)

This version upgrade of java-160-openjdk fixes multiple security flaws : - S7079902, CVE-2012-1711: Refine CORBA data models - S7143606, CVE-2012-1717: File.createTempFile should be improved for temporary files created by the platform. - S7143614, CVE-2012-1716: SynthLookAndFeel stability...

OpenJDK: JPEG decoder input stream handling (2D, 8029854)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

OpenJDK: incorrect caching of data initialized via TCCL (JAXWS, 8026801)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423...

OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

OpenJDK: RSA unpadding timing issues (Security, 8027766)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...

CVE-2014-0454

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security...

CVE-2014-0093

Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2, when using a Java Security Manager JSM, does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access...

Design/Logic Flaw

Red Hat JBoss Enterprise Application Platform JBEAP 6.2.2, when using a Java Security Manager JSM, does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access...

CVE-2014-0093

CVE-2014-0093 affects Red Hat JBoss EAP 6.2.2 when running under a Java Security Manager, where permissions defined by a policy file are not properly applied, causing deployed applications to receive java.security.AllPermission and potentially bypass access restrictions. The issue is documented a...