CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

seebug.org•added 2013/04/24 12:0 a.m.•28 views

Java 1.7.0_21-b11 Code Execution

No description provided by source. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper use...

7.1AI score

The Hacker News•added 2013/04/23 8:8 p.m.•7 views

Unfixed Reflection API vulnerability reported in Java

Founder and CEO of Security Explorations of Poland, Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions, including 7u21 released last Tuesday. Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipp...

6.8AI score

ThreatPost•added 2013/04/23 12:37 p.m.•9 views

Sandbox-Bypass Exploits Hacks Java 7u21 Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...

1.2AI score

Exploits0References3

The Hacker News•added 2013/04/23 9:8 a.m.•9 views

Unfixed Reflection API vulnerability reported in Java

6.8AI score

securityvulns•added 2013/04/22 12:0 a.m.•62 views

[SE-2012-01] Details of issues fixed by Java SE 7 Update 21

Hello All, Today, Oracle released Java SE 7 Update 21, which among other things addresses six security vulnerabilities that were reported to the company earlier this year Issues 51, 55 and 57-60. Our original vulnerability reports and Proof of Concept codes for these and some previously disclosed...

RedHat Linux•added 2013/03/11 6:48 p.m.•1 views

OpenJDK: MethodHandles.Lookup incorrect permission checks, Java 7 0day (Libraries, 8006017)

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by 1 using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using t...

10CVSS8AI score0.9414EPSS

Exploits48References5

RedHat Linux•added 2013/03/11 6:48 p.m.•4 views

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vecto...

RedHat Linux•added 2013/03/11 6:47 p.m.•2 views

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)

securityvulns•added 2013/03/05 12:0 a.m.•62 views

[SE-2012-01] One more attack affecting Oracle's Java SE 7u15

Hello All, Last week, Oracle disputed our claim regarding one of the Issues reported to the company on Feb 25, 2012. This was Issue 54 that was partly responsible for a successful attack demonstrated in the environment of Java SE 7 Update 15. It turns out Oracle's attempt to deny Issue 54 turned...

7.4AI score

ThreatPost•added 2013/03/04 4:3 p.m.•8 views

Prompted by Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabilities

Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabiliti...

0.5AI score

securityvulns•added 2013/03/02 12:0 a.m.•54 views

[SE-2012-01] New security issues affecting Oracle's Java SE 7u15

Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues numbered 54 and 55, which when combined together can be successfully used to gain a complete Java security sandbox bypass i...

7.3AI score

ThreatPost•added 2013/02/25 8:26 p.m.•9 views

Two More Java Zero Days Found by Polish Research Team

The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be...

0.3AI score

Exploits0References9

RedHat Linux•added 2013/02/08 7:6 p.m.•2 views

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)

RedHat Linux•added 2013/02/08 7:4 p.m.•1 views

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)

RedHat Linux•added 2013/02/04 11:50 p.m.•0 views

OpenJDK: reflection API incorrect checks for proxy classes (Libraries, 7197546, SE-2012-01 Issue 29)