9 matches found
CVE-2017-3533
CVE-2017-3533 is an access restriction bypass in the Networking component (FTP client) of Oracle/OpenJDK Java SE. The newline-injection flaw in the FTP client could allow a remote attacker to manipulate FTP connections established by a Java application. Affected: Java SE/Embedded and JRockit vari...
CVE-2017-3544
CVE-2017-3544 is a content spoofing vulnerability in the Networking component of Oracle/OpenJDK’s Java SE/Java SE Embedded/JRockit, specifically an SMTP newline-injection issue in the SMTP client. The connected documents establish that a remote attacker could exploit this via SMTP to manipulate S...
CVE-2017-3539
CVE-2017-3539 (OpenJDK/JRE): A vulnerability in the Security component prevented jar integrity verification from enforcing a restricted algorithm set, allowing an attacker to modify content in a Jar file using weak signing keys or hashes. Affected: OpenJDK/OpenJDK Runtime/JDK with Java SE Securit...
CVE-2017-3512
CVE-2017-3512 affects Oracle Java SE AWT with affected Java versions 7u131 and 8u121; exploitation requires network access and user interaction, with high impact across confidentiality, integrity and availability. IBM Netezza-related bulletins show remediation by upgrading IBM Java JRE to 8.0-5.4...
CVE-2010-4351
The CVE-2010-4351 issue affects IcedTea JDK/OpenJDK (IcedTea.so) prior to versions 1.7.7, 1.8.4, and 1.9.4, where JNLP SecurityManager’s checkPermission could return instead of throwing an exception in certain circumstances. This can allow context-dependent attackers to bypass the intended securi...
CVE-2011-0025
CVE-2011-0025 describes a vulnerability in IcedTea where Java OpenJDK jar signature verification fails for jars that are partially signed or signed by multiple entities. A remote attacker could trick users into executing code from a trusted source. Affected releases include IcedTea 1.7 prior to 1...
CVE-2015-5234
CVE-2015-5234 affects IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1. The root cause is improper sanitization of applet URLs stored in the .appletTrustSettings configuration, which could allow a crafted page to inject applets and bypass user approval to execute the applet. The vulnerability enab...
CVE-2010-3860
The CVE-2010-3860 issue affects IcedTea JDK (based on OpenJDK 6): IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2 declare multiple sensitive variables as public, enabling remote disclosure of information such as user.name, user.home, and java.home properties. Root cause: pu...
CVE-2015-5235
CVE-2015-5235 affects IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1, where the origin of unsigned applets is not properly determined, allowing remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. The issue is addressed in icedtea...