HP Security Bulletin HPSBMU02799 SSRT100867 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) running JDK for HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS). Revision 1 of this advisory.
af5aa7411f209bd1b8e376b060609e532e0a6cc8c62657e0f3d48fc012d4cba4Month Of Abysssec Undisclosed Bugs - Java CMM suffers from a readMabCurveData stack overflow vulnerability.
d8dba4b81c76432ec40bb4757b7db76eab2731d7df0a122059fa3774f6aff4c8Month Of Abysssec Undisclosed Bugs - Java CMM suffers from a readMabCurveData stack overflow vulnerability.
792397f512b57562530b89ceb906c42625ab5d3ab1d8e28ebbf844257792b0b5HP Security Bulletin - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely to execute arbitrary code and other exploits.
27420ba971df7b22139b1f921417d90f92bfe900d17874fa4918c86891833e39Gentoo Linux Security Advisory 201006-18 - The Oracle JDK and JRE are vulnerable to multiple unspecified vulnerabilities. Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details. Versions less than 1.6.0.20 are affected.
4af5cb5d0d925742eafb92ddd1aea2ad44ba2c08dad8357f9cdf1509b1f55dc5HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code, disclosure of information, and other vulnerabilities.
92e32764f76392e6f3bf3990c8c3fac47222d7eb3506bb89b4695a699cb20181Ubuntu Security Notice 923-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. It was discovered that Loader-constraint table, Policy/PolicyFile, Inflater/Deflater, drag/drop access, and deserialization did not correctly handle certain sensitive objects. It was discovered that AtomicReferenceArray, System.arraycopy, InetAddress, and HashAttributeSet did not correctly handle certain situations. It was discovered that Pack200, CMM readMabCurveData, ImagingLib, and the AWT library did not correctly check buffer lengths. It was discovered that applets did not correctly handle certain trust chains.
22c90697e16817e2daab1966ffe9b59158f346973efe7a6f4a6e823cfa269073Zero Day Initiative Advisory 10-061 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the CMM module of the Sun JVM. This module contains a function readMabCurveData. An applet can indirectly call this function and provide it with a malicious curv object. The function trusts the size of the curv element implicitly and copies the data into a fixed-length stack buffer. Exploitation of this issue can lead to arbitrary code execution under the context of the user invoking the applet.
2484f4750a99e5ee0c3581b0027ccf8d3030948739e55c54c051e7715bdfc9ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed