Sandbox Restrictions Bypass

🗓️ 02 May 2019 04:44:37Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 27 Views

OpenJDK 7 Java Runtime Environment and Software Development Kit vulnerable to sandbox restrictions bypass due to font layout engine flaw

Reporter	Title	Published	Views	Family All 244
0day.today	Java Web Start Launcher ActiveX Control - Memory Corruption	18 Apr 201300:00	–	zdt
IBM Security Bulletins	Security Bulletin: WebSphere Application Server - IBM SDK for Java April 2013 CPU	26 Sep 202205:45	–	ibm
IBM Security Bulletins	Security Bulletin: WebSphere Application Server Community Edition 3.0.0.3 Oracle CPU April 2013	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2013, April 2013	19 Aug 202218:23	–	ibm
IBM Security Bulletins	IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6	15 Jun 201806:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Lombardi Edition – Information regarding security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Business Services Fabric – Information regarding a security vulnerability in IBM SDK for Java that shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Intelligent Operations Center 1.5 WebSphere Application Server - Oracle Java CPU April 2013	25 Sep 202221:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Rational Functional Tester versions 8.x due to security vulnerabilities in IBM JRE 7.0 Service Release 4 Fix Pack 1 or earlier, and non-IBM Java 7.0	29 Sep 201820:06	–	ibm

Vulners

Node

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.4.1.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.3.el6_3.1

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.5.3.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.3.2.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.5_2.2.1.el6_3.3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.3_2.1.el6.7

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.5_2.2.1.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.8.0.el6_4

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.7.1.el6_3

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.4.el5_9.1

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.3.el5.1

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.8.0.el5_9

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.7.1.el5_9

java-1.7.0-openjdk java-1.7.0-openjdkMatch1.7.0.9_2.3.5.3.el5_9

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.27.1.10.8.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.39.b17.el6_0

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.39.1.9.7.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.42.1.10.4.el6_2

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.2.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.7.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.56.1.11.8.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.21.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.57.1.11.9.el6_4

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.28.1.10.10.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.41.1.10.4.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.30.1.11.5.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.28.1.10.9.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.50.1.11.5.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.17.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.33.1.11.6.el5_9

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.31.b17.el6_0

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.36.b17.el6_0

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.54.1.11.6.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.21.b17.el6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.35.1.11.8.el5_9

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_0.25.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_0.30.b09.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.49.1.11.4.el6_3

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.43.1.10.6.el6_2

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.40.1.9.10.el6_1

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.11.b16.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.25.1.10.6.el5_8

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.39.1.9.8.el6_1

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.13.b16.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.18.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.20.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.36.1.11.9.el5_9

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.22.1.9.8.el5_6

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.16.b17.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.24.1.10.4.el5

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.48.1.11.3.el6_2

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.23.1.9.10.el5_7

java-1.6.0-openjdk java-1.6.0-openjdkMatch1.6.0.0_1.45.1.11.1.el6

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.9.1_1jpp.1.el5

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.10.1_1jpp.5.el6_2

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.8.1_1jpp.2.el5

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.9.1_1jpp.1.el6

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.4_1jpp.1.el5

java-1.6.0-ibm java-1.6.0-ibmMatch1.6.0.10.1_1jpp.1.el5

Source	Link
securityfocus	www.securityfocus.com/bid/59131
lists	www.lists.apple.com/archives/security-announce/2013/Apr/msg00001.html
mail	www.mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-0751.html
icedtea	www.icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.9/NEWS
access	www.access.redhat.com/security/updates/classification/
security	www.security.gentoo.org/glsa/glsa-201406-32.xml
blog	www.blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/
blog	www.blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/
bugs	www.bugs.icu-project.org/trac/ticket/10107

13 May 2022 16:44Current

9High risk

Vulners AI Score9

CVSS 25

EPSS0.12809