309 matches found
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...
OpenJDK: XML canonicalizer mutable strings passed to untrusted code (Security, 8026417)
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...
CVE-2013-5910
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE Embedded 7u45, and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors related to Security. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that...
OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect integrity, related to CORBA...
OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect integrity, related to CORBA...
OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect integrity, related to CORBA...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:043)
The exploit that was not fixed with the previous Zope hotfix involves the getRoles method of user objects contained in the default UserFolder implementation returning a mutable Python type. Because the mutable object is still associated with the persistent User object, users with the ability to...
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...
OpenJDK: mutable repository identifiers in generated stub code (CORBA, 7143851)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect integrity, related to CORBA...
RHEL 5 : java-1.6.0-openjdk (RHSA-2012:0730)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0730 advisory. - OpenJDK: improper protection of CORBA data models CORBA, 7079902 CVE-2012-1711 - OpenJDK: fontmanager layout lookup code memory corruption...
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0514 advisory. - OpenJDK: JavaSound incorrect bounds check Sound, 7088367 CVE-2011-3563 - GlassFish: hash table collisions CPU usage DoS oCERT-2011-003...
OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to...
OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to...
OpenJDK Swing mutable static (6938813)
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...
OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to...
OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.231 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...
openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)
Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...
OpenJDK Swing mutable static (6938813)
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.227, and 1.3.128 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the Octobe...
Mono/Moonlight Generic Type Argument - Privilege Escalation
Sources: https://www.chrishowie.com/2010/11/24/mutable-strings-in-mono/ https://www.securityfocus.com/bid/45051/info Mono and Moonlight is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with elevated privileges. Successful...