EUVD-2015-5231

Malware in sbrugna...

CVE-2003-1572

Sun Java Media Framework JMF 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service JVM crash and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields...

SUSE CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

icedtea-web: unexpected permanent authorization of unsigned applets

It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...

Ubuntu 14.04 LTS : IcedTea Web vulnerabilities (USN-2817-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2817-1 advisory. It was discovered that IcedTea Web incorrectly handled applet URLs. A remote attacker could possibly use this issue to inject applets into the...

icedtea-web: unexpected permanent authorization of unsigned applets

It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval...

DEBIAN-CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

UBUNTU-CVE-2015-5235

IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page...

SUSE-SU-2015:1689-1 Security update for icedtea-web

The Java Plugin IcedTea Web was updated to 1.5.2, fixing bugs and security issues. permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. fixed DownloadService RH1231441 Unable to read the text of the buttons of the security...

Java Reflection API Vulnerability Exploited

No Java component has had a bigger bull’s eye on its back this year than the Java Reflection API. Bug hunters and hackers alike have found a number of zero-days related to the Reflection API, most of which enable the remote execution of code outside the Java sandbox that’s supposed to prevent suc...

RHEL 5 : java-1.6.0-sun (RHSA-2008:0594)

Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...

Oracle Adds Ability to Prevent Java Apps From Running in Browsers

Oracle has released a new version of the Java Development Kit which includes a number of security improvements. The major change in JDK 7u10 is the ability to prevent any Java application from running in the browser, a big shift for the Java environment, which is a constant target of attacks. The...

RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0790)

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...

RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:1043)

java-1.4.2-bea as shipped in Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. Th...

RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:1044)

java-1.5.0-bea as shipped in Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary, contains security flaws and should not be used. This update has been rated as having important security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit JRE and SDK...

CVE-2003-1572

Sun Java Media Framework JMF 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service JVM crash and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields...

CVE-2003-1572

Sun Java Media Framework JMF 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service JVM crash and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields...

Fedora 10 : java-1.6.0-openjdk-1.6.0.0-9.b14.fc10 (2009-1373)

This fixes a default security policy, that allowed unsigned applets to access the gnome-java-bridge, allowing a privilege escalation 474431. There are also several bug fixes included in this update. Note that Tenable Network Security has extracted the preceding description block directly from the...

Fedora Core 10 FEDORA-2009-1373 (java-1.6.0-openjdk)

The remote host is missing an update to java-1.6.0-openjdk announced via advisory FEDORA-2009-1373. OpenVAS Vulnerability Test $Id: fcore20091373.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1373 java-1.6.0-openjdk Authors: Thomas Reinke Copyrigh...