17 matches found
CVE-2013-4002
CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...
CVE-2012-4820
CVE-2012-4820 affects IBM Java Runtime used in IBM WebSphere Real Time and other IBM products. The issue arises when code runs under a security manager, allowing remote attackers to escalate privileges by abusing insecure use of java.lang.reflect.Method invoke(). Affected IBM JREs include release...
CVE-2013-5456
CVE-2013-5456 is an IBM Java SDK vulnerability in which deserialization inside AccessController.doPrivileged could allow a remote attacker to bypass sandbox protections and execute arbitrary code. Affected IBM SDK Java Technology Edition versions include 5.0, 6, and 7 (SRs prior to remediation). ...
CVE-2012-4821
CVE-2012-4821 is one of several IBM JRE/Java SDK vulnerabilities (CVE-2012-4820/4821/4822/4823) affecting IBM products (e.g., WebSphere Real Time, Tivoli Monitoring, Tivoli Storage Productivity Center, and related IBM runtimes). The root cause is insecure use of Java reflection APIs (getDeclaredM...
CVE-2013-3009
CVE-2013-3009 affects IBM Java runtimes where the com.ibm.CORBA.iiop.ClientDelegate class exposes the java.lang.reflect.Method.invoke method, enabling remote attackers to call setSecurityManager and bypass sandbox protections via vectors related to the AccessController doPrivileged block. Affecte...
CVE-2012-4823
CVE-2012-4823 is an IBM JRE vulnerability (arbitrary code execution via insecure use of java.lang.ClassLoder defineClass()) affecting IBM JRE in multiple IBM and partner products. Connected advisories confirm concrete fixes by upgrading the IBM JRE to newer service releases on affected stacks: fo...
CVE-2012-4822
CVE-2012-4822 affects IBM JRE components used in IBM WebSphere Real Time and multiple IBM/Tivoli products (e.g., Tivoli Monitoring, Rational Host On-Demand, WebSphere Real Time, Lotus Notes/Domino). Root cause: insecure use of multiple methods in java.lang.Class enabling remote code execution. Af...
CVE-2013-3006
CVE-2013-3006 (IBM Java/JRE) is described across IBM advisories as an unspecified vulnerability in the Java Runtime Environment used by IBM WebSphere Real Time. Affected IBM WebSphere Real Time versions include v2 and v3 SR4-FP2 and earlier, with remediation to upgrade to the IBM Java SDK version...
CVE-2013-3007
CVE-2013-3007 is an IBM Java JRE vulnerability affecting IBM Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5, allowing remote execution with full confidentiality, integrity and availability impact. The issue is part of a broader set of Oracle/JVM vulnerabilities addressed in IBM bulletins for Tivo...
CVE-2013-3011
CVE-2013-3011 is described as an unspecified vulnerability in IBM Java Runtime Environment affecting multiple IBM JREs (IBM Java 1.4.2 before SR13-FP18, 5.0 before SR16-FP3, 6 before SR14, 6.0.1 before SR6, and 7 before SR5). The impact is stated as remote attackers potentially compromising confi...
CVE-2013-3012
Summary of CVE-2013-3012 (IBM Java JRE) : The initial entry describes an unspecified remote vulnerability in IBM Java runtimes across multiple releases (IBM JREs bundled with IBM products). Connected IBM advisories confirm this CVE is part of a broad set addressed by updating the IBM Java SDK/JRE...
CVE-2013-5457
CVE-2013-5457 affects IBM SDK for Java (IBM JRE/JAVA EE shards) and is discussed across IBM advisories related to WebSphere and IT management products. The vulnerability allows an attacker to execute arbitrary code remotely by abusing the Java security manager, with exploitation tied to IBM Java ...
CVE-2013-3008
CVE-2013-3008 affects IBM Java and IBM WebSphere Real Time. The IBM WebSphere Real Time bulletin lists CVE-2013-3008 among Java JRE vulnerabilities, describing an unspecified remote code execution risk via IBM Java 7 prior to 7 SR5. The remediation in that bulletin is to upgrade to IBM WebSphere ...
CVE-2013-4041
CVE-2013-4041 is an IBM Java SDK vulnerability affecting IBM SDK Java Technology Edition versions 5.0, 6, and 7 (and related WebSphere bundles) where code running under a security manager could access restricted classes via an unspecified vector. The IBM notices detail multiple CVEs in the Oracle...
CVE-2013-3010
CVE-2013-3010 is an IBM Java vulnerability in the IBM JRE shipped with IBM Java 6.0.1 before SR6 and 7 before SR5, allowing a remote attacker to affect confidentiality, integrity and availability and to execute arbitrary code on affected IBM products. IBM advisories (e.g., WebSphere Real Time) de...
CVE-2013-5375
CVE-2013-5375 corresponds to an unspecified vulnerability in IBM SDK for Java Technology Edition (IBM JRE) that could allow remote attackers to access restricted classes via XML/XSL-related vectors. The initial entry lists affected IBM SDK/JAVA versions and SR levels: 5.0.x before SR16 FP4, 6.0.x...
CVE-2013-5458
CVE-2013-5458 is an IBM Java SDK vulnerability affecting IBM WebSphere Real Time. The IBM bulletin indicates that IBM WebSphere Real Time Version 3 Service Refresh 5 and earlier are affected, with remediation by upgrading to Version 3 Service Refresh 6 or later. The vulnerability involves privile...