Gentoo Linux Security Advisory 201401-30 - Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. Versions less than or equal to 1.6.0.45 are affected.
72f2aefba431a697c1d570fbb434eb79207fb4a72606cbe6c7ddb60e387613d9Red Hat Security Advisory 2013-1456-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.
5f2a4d8e195f018a24a54b255421a802c2fe7798ae208c88ddb47eb51cc14a7cThis Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively an UNC path containing a jvm.dll can be specified with an own SMB server.
03e81d85cf7b77c63f98b9875e24d7c92e3dd03261f33f78773cc25fedd945f5This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of the -XXaltjvm option to load a jvm.dll from a remote UNC path into the java process. Thus an attacker can execute arbitrary code in the context of a browser user. This flaw was fixed in Oct. 2012 and affects JRE <= 1.6.35 and <= 1.7.07. In order for this module to work, it must be ran as root on a server that does not serve SMB. Additionally, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. Alternatively an UNC path containing a jvm.dll can be specified with an own SMB server.
7c4106b8276c9c6b588b2cdcba693eefaab7d0e2605a82a0728828840ed79442HP Security Bulletin HPSBOV02833 SSRT101043 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on OpenVMS Integrity Servers. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
67fab78b1e2f733577923b7a2d7943654d0b5fd4af2e8843287d1be1685a0b77HP Security Bulletin HPSBUX02832 SSRT101042 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other exploits. Revision 1 of this advisory.
075e65aeb09794104302afe27d5662aa4efe61cb8ff2d826601aa279e1f8358fRed Hat Security Advisory 2012-1467-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
073319e9b784cd5873f2295d09afaa24f0cf1fbce8a32d3b9a830a65eed2065aRed Hat Security Advisory 2012-1466-01 - IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.
dcb8bd737ba4072478a3c303c96ea0d3e9b576cc91571851ac14024df73257dfUbuntu Security Notice 1619-1 - Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit these to cause a denial of service. Various other issues were also addressed.
01b5a462284182fc91534e669d352b638efb552e7d0ebbc4836b839b09d8b4eeRed Hat Security Advisory 2012-1392-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
af0e3d0c52a1917436a05905165e26f82241a58cf73d619f92e2d5f39e0eb178Red Hat Security Advisory 2012-1391-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.
3770f03a0ac3870330aa24ff9645cb6462a9572efa7139d66810106b5b74dee5Apple Security Advisory 2012-10-16-1 - Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37.
d6707593331f319d2e02ab042904fd2ed14c371cfdc5e2e49b8e9b34d474d419
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed