39 matches found
EUVD-2009-3855
Malware in sbrugna...
EUVD-2014-9490
Malware in sbrugna...
OSV-2024-171 Security exception in org.threeten.bp.format.DateTimeFormatterBuilder$CompositePrinterParser.parse
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67357 Crash type: Security exception Crash state: org.threeten.bp.format.DateTimeFormatterBuilder$CompositePrinterParser.parse java.base/sun.util.calendar.ZoneInfo.getLastRawOffset java.base/sun.util.calendar.ZoneInfo.getOffse...
SUSE CVE-2008-5353
The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...
SUSE CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
Arbitrary File Read
sudo is vulnerable to arbitrary file read attacks. The vulnerability exists as sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program...
Code injection
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
UBUNTU-CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
Slackware Advisory SSA:2007-283-01 glibc-zoneinfo
The remote host is missing an update as announced via advisory SSA:2007-283-01. OpenVAS Vulnerability Test $Id: esoftslkssa200728301.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...
Slackware: Security Advisory (SSA:2007-283-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware: Security Advisory (SSA:2010-301-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...
Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 (java-1.6.0-openjdk)
Check for the Version of java-1.6.0-openjdk OpenVAS Vulnerability Test Mandriva Update for java-1.6.0-openjdk MDVSA-2010:084 java-1.6.0-openjdk Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
VulnCheck KEV: CVE-2008-5353
The Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and...
OpenJDK zoneinfo file existence information leak (6824265)
The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local files via vectors related to handling of zoneinfo aka tz files, aka Bug Id 6824265...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...
openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1613)
New icedtea update to fix : - ICCProfile file existence detection information leak; CVE-2009-3728: CVSS v2 Base Score: 5.0 - BMP parsing DoS with UNC ICC links; CVE-2009-3885: CVSS v2 Base Score: 5.0 - resurrected classloaders can still have children; CVE-2009-3881: CVSS v2 Base Score: 7.5 -...