SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5557)

IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. CVE-2008-3104 - A vulnerability in the XML...

security flaw

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

security flaw

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2...

Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities

The version of Sun Java Runtime Environment JRE 5.0 installed on the remote host is affected by multiple security issues : - A vulnerability in the XML processing module of the JRE could allow an untrusted applet/application unauthorized access to certain URL resources 238628. - A buffer overflow...

security flaw

Unspecified vulnerability in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted 1 application or 2 applet, a different...

OpenJDK JAX-WS unauthorized URL access (6542088)

Unspecified vulnerability in the JAX-WS client and service in Sun Java Runtime Environment JRE in JDK and JRE 6 Update 6 and earlier allows remote attackers to access URLs or cause a denial of service via unknown vectors involving "processing of XML data" by a trusted application...

CVE-2008-3105

CVE-2008-3105 refers to an unspecified vulnerability in the Sun JRE/JDK 6 Update 6 and earlier affecting the JAX-WS client and service. The issue allows remote attackers to cause a denial of service or access URLs via the processing of XML data by a trusted application. The description indicates ...

Sun Java运行时环境XML处理绕过安全限制漏洞

BUGTRAQ ID: 27553 Solaris系统的Java运行时环境（JRE）为JAVA应用程序提供可靠的运行环境。 JRE在处理外部实体引用时存在漏洞，攻击者可能利用此漏洞通过诱使用户处理恶意XML文档访问某些URL或导致拒绝服务。 默认下Java运行时环境（JRE）允许处理外部实体引用。如果要禁止处理外部实体引用，站点可以将external general entities属性设置为FALSE。JRE中的漏洞允许即使在将external general...

Buffer overflow

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by...

CVE-2007-3794

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by...

CVE-2007-3794

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by...

Mozilla Firefox JavaScript处理程序竞争条件内存破坏漏洞

Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox处理信号存在竞争条件问题，远程攻击者可以利用漏洞进行内存破坏攻击，可能以进程权限执行任意指令。 Firefox当处理深层嵌套的XML文档显示时被javascript处理程序中断，如果浏览器之后通过脚本重定向到新的位置，那么所有未完成的解析过程会中断，其所有结构也被释放，之间就可能存在两次释放而造成的内存破坏问题，可使应用程序崩溃，可能以进程权限执行任意指令。 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox...

[Full-Disclosure] Cross Site Java applets

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cross-Site Java breaks Sandbox Isolation for Unsigned Applets ============================================================= Product : Java Plugin Version : 1.4.201 OS : Win32 should apply for other OSs too URL : http://java.sun.com Found by : Marc...

Sun Java 1.x - XML Document Nested Entity Denial of Service

Sun Java 1.x - XML Document Nested Entity Denial of Service source: https://www.securityfocus.com/bid/8666/info A problem has been identified in Sun Java when handling XML documents with specific constructs. Because of this, an attacker with the ability to cause the software to parse malicious XM...