| New User, Welcome! Login |
Next Page >>
Java Runtime Environment
the checkPermission method instead of throwing an exception in certain
circumstances, which might allow context-dependent attackers to bypass
the intended security policy by creating instances of ClassLoader
(CVE-2010-4351).
Unspecified vulnerability in the Java Runtime Environment (JRE)
in Oracle Java SE and Java for Business 6 Update 23 and earlier,
5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote
untrusted Java Web Start applications and untrusted Java applets to
affect integrity via unknown vectors related to Networking. NOTE: the
previous information was obtained from the February 2011 CPU. Oracle
Problem Description:
Multiple vulnerabilities were discovered and corrected in
java-1.6.0-openjdk:
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29
and earlier, and 1.4.2_31 and earlier allows remote untrusted Java
Web Start applications and untrusted Java applets to affect integrity
via unknown vectors related to Deserialization (CVE-2011-0865).
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Advisory Name: Java Web Start File Inclusion via System Properties Override
Release Date: 2008-12-03
Application: Sun Java Runtime Environment / Java Web Start
Versions: See below
Severity: High
Author: Timothy D. Morgan <tmorgan {a} vsecurity.com>
Vendor Status: Patch Released [3]
CVE Candidate: CVE-2008-2086
Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2009-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010- 3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE- 2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier
Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3550, CVE-2010-3551, CVE-2010-3552, CVE-2010-3553, CVE-2010-3554, CVE-2010-3555, CVE-2010-3556, CVE-2010-3557, CVE-2010-3558, CVE-2010-3559, CVE-2010-3560, CVE-2010-3561, CVE-2010-3562, CVE-2010-3563, CVE-2010-3564, CVE-2010-3565, CVE-2010-3566, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3570, CVE-2010-3571, CVE-2010-3572, CVE-2010-3573, CVE-2010-3574.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.09 or earlier
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access.
References: SUN Alert ID: 103071 (CVE-2007-5240), 103072 (CVE-2007-5239), 103073 (CVE-2007-5236, CVE-2007-5237, CVE-2007-5238), 103078 (CVE-2007-5273, CVE-2007-5274), 103079 (CVE-2007-5232), 103112 (CVE-2007-5689)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Java Runtime Environment (JRE) v5.0.10 and earlier, and Java Developer Kit (JDK), v1.4.2.16 and earlier.
Potential Security Impact: Remote unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access.
References: ->SUN Alert ID: 103071 CVE-2007-5240 , 103072 CVE-2007-5239 , 103073 CVE-2007-5236 CVE-2007-5237 CVE-2007-5238 , 103078 CVE-2007-5273 CVE-2007-5274 , 103079 CVE-2007-5232 , 103112 CVE-2007-5689
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- ->HP-UX B.11.11, B.11.23, and B.11.31 running Java Runtime Environment (JRE) v5.0.10 and earlier, and Java Developer Kit (JDK), v1.4.2.16 and earlier.
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0002
Synopsis: VMware vCenter update release addresses multiple
security issues in Java JRE
Issue date: 2010-01-29
Updated on: 2010-01-29 (initial release of advisory)
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
Potential Security Impact: Remote execution of arbitrary code, disclosure of information and other vulnerabilities.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
References: CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.06 or earlier
Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID: 246286 (CVE-2008-5349), 254569 (CVE-2009-1093, CVE-2009-1094), 254570 (CVE-2009-1095, CVE-2009-1096), 254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099), 254608 (CVE-2009-1100), 254609 (CVE-2009-1101), 254610 (CVE-2009-1102), 254611 (CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.03 or earlier
http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/pack200.html
II. DESCRIPTION
Remote exploitation of an integer overflow vulnerability in Sun
Microsystems Inc.'s Java Runtime Environment (JRE) could allow an
attacker to execute arbitrary code with the privileges of the current
user.
The vulnerability occurs during decompression when, to calculate the
size of a heap buffer, the code manipulates several integers in the
Potential Security Impact: Remote Increase in privilege, Denial of Service and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
References: SUN ALERT ID: 263429 (CVE-2009-0217), 263489 (CVE-2009-2625), 263408 (CVE-2009-2670), 263409 (CVE-2009-2671), 263409 (CVE-2009-2672), 263409 (CVE-2009-2673), 263428 (CVE-2009-2674), 263488 (CVE-2009-2675), 263490 (CVE-2009-2676).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.04 or earlier
Potential Security Impact: Remote Increase in privilege, Denial of Service and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer
Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation,
and Denial of Service (DoS)
CVE-2008-7270 CVE-2010-4180
--- libuser ---
CVE-2011-0002
--- nss, nspr ---
CVE-2010-3170 CVE-2010-3173
--- Oracle (Sun) JRE 1.6.0 ---
CVE-2010-1321 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549
CVE-2010-3550 CVE-2010-3551 CVE-2010-3552 CVE-2010-3553
CVE-2010-3554 CVE-2010-3555 CVE-2010-3556 CVE-2010-3557
CVE-2010-3558 CVE-2010-3559 CVE-2010-3560 CVE-2010-3561
CVE-2010-3562 CVE-2010-3563 CVE-2010-3565 CVE-2010-3566
Potential Security Impact: Mulitple remote vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS)
References: SUNALERT ID: 244988 (CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344), 246387 (CVE-2008-5345), 246366 (CVE-2008-5347), 246346 (CVE-2008-5348), 246266 CVE-2008-5350), 245246 (CVE-2008-5351), 244991 (CVE-2008-5353), 244990 (CVE-2008-5354), 244987 (CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359), 244986 (CVE-2008-5360)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.02 or earlier
Potential Security Impact: Remote execution of arbitrary code and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
References: SUN ALERT ID:
254569 (CVE-2009-1093, CVE-2009-1094),
254570 (CVE-2009-1095, CVE-2009-1096),
254571 (CVE-2009-1097, CVE-2009-1098, CVE-2009-1099),
CVE-2008-5416 CVE-2008-0085 CVE-2008-0086
CVE-2008-0107 CVE-2008-0106
--- OpenSSL ---
CVE-2010-0740 CVE-2010-0433
CVE-2010-3864 CVE-2010-2939
--- Oracle (Sun) JRE ---
CVE-2009-3555 CVE-2010-0082 CVE-2010-0084
CVE-2010-0085 CVE-2010-0087 CVE-2010-0088
CVE-2010-0089 CVE-2010-0090 CVE-2010-0091
CVE-2010-0092 CVE-2010-0093 CVE-2010-0094
CVE-2010-0095 CVE-2010-0837 CVE-2010-0838
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0872, CVE-2011-0873.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.11 or earlier
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-0786, CVE-2011-0788, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0817, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864, CVE-2011-0865, CVE-2011-0866, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0872, CVE-2011-0873.
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running HP JDK and JRE 6.0.10 or earlier
attacks, including the remote execution of arbitrary code.
Background
==========
The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment
(JRE) provide the Sun Java platform.
Affected packages
=================
Synopsis: VMware vCenter and ESX update release and vMA patch
release address multiple security issue in third
party components
Issue date: 2009-11-20
Updated on: 2009-11-20 (initial release of advisory)
CVE numbers: --- JRE ---
CVE-2009-1093 CVE-2009-1094 CVE-2009-1095
CVE-2009-1096 CVE-2009-1097 CVE-2009-1098
CVE-2009-1099 CVE-2009-1100 CVE-2009-1101
CVE-2009-1102 CVE-2009-1103 CVE-2009-1104
CVE-2009-1105 CVE-2009-1106 CVE-2009-1107
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 30, 2010
I. BACKGROUND
The Java Runtime Environment (JRE) is the Sun Microsystems
implementation of the Java run-time. For more information, visit the
link shown below.
http://www.sun.com/java/
- -----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0014
Synopsis: VMware ESX patches for DHCP, Service Console kernel,
and JRE resolve multiple security issues
Issue date: 2009-10-16
Updated on: 2009-10-16 (initial release of advisory)
CVE numbers: CVE-2009-0692 CVE-2009-1893 CVE-2009-0692
CVE-2008-4210 CVE-2008-3275 CVE-2008-5356
CVE-2008-0598 CVE-2008-2136 CVE-2008-2812
Document released: 08.01.08
-- Overview --
Sun JRE is described [1] as "the Java APIs, Java Virtual Machine
(HotSpot VM), and other components necessary to run applets and
applications written in the Java programming language".
The software provides a virtualisation layer that allows java
applications to be run across platforms and operating systems. These
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 25, 2009
I. BACKGROUND
The Sun Java JRE is Sun's implementation of the Java runtime. For more
information, see the vendor's site found at the following link.
http://www.java.com
II. DESCRIPTION
Synopsis
========
Multiple vulnerabilities have been found in IBM Java Development Kit
(JDK) and Java Runtime Environment (JRE), resulting in the execution of
arbitrary code.
Background
==========
Background
==========
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and
the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)
provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
=================
An integer overflow flaw was found in Pulse-Java when handling Pulse
audio source data lines. An attacker could use this flaw to cause an
applet to crash, leading to a denial of service (CVE-2009-0794).
A flaw in Java Runtime Environment initialized LDAP connections
allows authenticated remote users to cause denial of service on the
LDAP service (CVE-2009-1093).
A flaw in the Java Runtime Environment LDAP client in handling server
LDAP responses allows remote attackers to execute arbitrary code on
An integer overflow flaw was found in Pulse-Java when handling Pulse
audio source data lines. An attacker could use this flaw to cause an
applet to crash, leading to a denial of service (CVE-2009-0794).
A flaw in Java Runtime Environment initialized LDAP connections
allows authenticated remote users to cause denial of service on the
LDAP service (CVE-2009-1093).
A flaw in the Java Runtime Environment LDAP client in handling server
LDAP responses allows remote attackers to execute arbitrary code on
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified in Java Runtime
Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These
vulnerabilities may allow remote Denial of Service (DoS), unauthorized
modification and disclosure of information.
References: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462,
CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476,
Next Page>>
|
|
|
