HP Security Bulletin HPSBMU02799 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.
af5aa7411f209bd1b8e376b060609e532e0a6cc8c62657e0f3d48fc012d4cba4
VMware Security Advisory 2011-0003 - Update 1 for vCenter Server 4.1, vCenter Update Manager 4.1, vSphere Hypervisor (ESXi) 4.1, ESXi 4.1, addresses several security issues.
a95e2afdac2f371dde546f60106ef87c8a8060a48b0bed878681c1eba5041ffe
This Metasploit module exploits a vulnerability in the Java Runtime Environment that allows to deserialize a MarshalledObject containing a custom classloader under a privileged context. The vulnerability affects version 6 prior to update 19 and version 5 prior to update 23.
794bc0df6a31b6015ac507f6ae51c92a8feb0bd854850ae26fc69aa5ce976097
HP Security Bulletin - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits.
27420ba971df7b22139b1f921417d90f92bfe900d17874fa4918c86891833e39
Gentoo Linux Security Advisory 201006-18 - The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities. Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Versions less than 1.6.0.20 are affected.
4af5cb5d0d925742eafb92ddd1aea2ad44ba2c08dad8357f9cdf1509b1f55dc5
HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
92e32764f76392e6f3bf3990c8c3fac47222d7eb3506bb89b4695a699cb20181
Ubuntu Security Notice 923-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. It was discovered that applets did not correctly handle certain trust chains.
22c90697e16817e2daab1966ffe9b59158f346973efe7a6f4a6e823cfa269073
Zero Day Initiative Advisory 10-051 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious website. The specific flaw exists within the deserialization of RMIConnectionImpl objects. Due to a lack of privilege checks during deserialization it is possible to supply privileged code in the ClassLoader of a constructor being deserialized. This allows for a remote attacker to call system level Java functions without proper sandboxing. Exploitation of this can lead to remote system compromise under the context of the currently logged in user.
41743433b0cfce1d04e74452a3bbe7893078442b7c65e649faedef9308ed90ce