Lucene search

Veracode Vulnerability DatabaseVERACODE:14195

HistoryMay 02, 2019 - 4:45 a.m.

Sandbox Restrictions Bypass

2019-05-0204:45:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

OpenJDK 7 Java Runtime Environment and Software Development Kit is susceptible to sandbox restriction bypass. Due to the flaws in ImagingLib and the image attribute, channel, layout and raster processing in the 2D component, it does not prevent an untrusted Java application or applet to trigger Java Virtual Machine memory corruption.

CPENameOperatorVersion
java-1.7.0-openjdkeq1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdkeq1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdkeq1.7.0.9__2.3.8.0.el5_9
java-1.7.0-openjdkeq1.7.0.9__2.3.4.1.el6_3
java-1.7.0-openjdkeq1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdkeq1.7.0.19__2.3.9.1.el6_4
java-1.7.0-openjdkeq1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdkeq1.7.0.3__2.1.el6.7
java-1.7.0-openjdkeq1.7.0.19__2.3.9.1.el5_9

Name	Operator	Version
java-1.7.0-openjdk	eq	1.7.0.9__2.3.5.3.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.3.2.el6_3
java-1.7.0-openjdk	eq	1.7.0.9__2.3.7.1.el5_9
java-1.7.0-openjdk	eq	1.7.0.9__2.3.8.0.el5_9
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.5__2.2.1.el6_3
java-1.7.0-openjdk	eq	1.7.0.19__2.3.9.1.el6_4
java-1.7.0-openjdk	eq	1.7.0.9__2.3.4.el5_9.1
java-1.7.0-openjdk	eq	1.7.0.3__2.1.el6.7
java-1.7.0-openjdk	eq	1.7.0.19__2.3.9.1.el5_9

Rows per page:

1-10 of 1261

References

advisories.mageia.org/MGASA-2013-0185.html

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040

icedtea.classpath.org/hg/release/icedtea7-2.3/file/icedtea-2.3.10/NEWS

lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html

lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html

lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html

marc.info/?l=bugtraq&m=137545505800971&w=2

marc.info/?l=bugtraq&m=137545592101387&w=2

rhn.redhat.com/errata/RHSA-2013-0963.html

rhn.redhat.com/errata/RHSA-2013-1059.html

rhn.redhat.com/errata/RHSA-2013-1060.html

rhn.redhat.com/errata/RHSA-2013-1081.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

secunia.com/advisories/54154

security.gentoo.org/glsa/glsa-201406-32.xml

www-01.ibm.com/support/docview.wss?uid=swg21642336

www.mandriva.com/security/advisories?name=MDVSA-2013:183

www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

www.securityfocus.com/bid/60657

www.us-cert.gov/ncas/alerts/TA13-169A

access.redhat.com/errata/RHSA-2014:0414

access.redhat.com/security/updates/classification/#critical

bugzilla.redhat.com/show_bug.cgi?id=975118

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703

rhn.redhat.com/errata/RHBA-2013-0959.html

rhn.redhat.com/errata/RHSA-2013-0957.html

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Sandbox Restrictions Bypass

References

Related