- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Java platform. This combines the two previous
openjdk-6 advisories, DSA-2311-1 and DSA-2356-1.
- CVE-2011-0862
Integer overflow errors in the JPEG and font parser
allow untrusted code (including applets) to elevate its
privileges.
- CVE-2011-0864
Hotspot, the just-in-time compiler in OpenJDK,
mishandled certain byte code instructions, allowing
untrusted code (including applets) to crash the virtual
machine.
- CVE-2011-0865
A race condition in signed object deserialization could
allow untrusted code to modify signed content,
apparently leaving its signature intact.
- CVE-2011-0867
Untrusted code (including applets) could access
information about network interfaces which was not
intended to be public. (Note that the interface MAC
address is still available to untrusted code.)
- CVE-2011-0868
A float-to-long conversion could overflow, allowing
untrusted code (including applets) to crash the virtual
machine.
- CVE-2011-0869
Untrusted code (including applets) could intercept HTTP
requests by reconfiguring proxy settings through a SOAP
connection.
- CVE-2011-0871
Untrusted code (including applets) could elevate its
privileges through the Swing MediaTracker code.
- CVE-2011-3389
The TLS implementation does not guard properly against
certain chosen-plaintext attacks when block ciphers are
used in CBC mode.
- CVE-2011-3521
The CORBA implementation contains a deserialization
vulnerability in the IIOP implementation, allowing
untrusted Java code (such as applets) to elevate its
privileges.
- CVE-2011-3544
The Java scripting engine lacks necessary security
manager checks, allowing untrusted Java code (such as
applets) to elevate its privileges.
- CVE-2011-3547
The skip() method in java.io.InputStream uses a shared
buffer, allowing untrusted Java code (such as applets)
to access data that is skipped by other code.
- CVE-2011-3548
The java.awt.AWTKeyStroke class contains a flaw which
allows untrusted Java code (such as applets) to elevate
its privileges.
- CVE-2011-3551
The Java2D C code contains an integer overflow which
results in a heap-based buffer overflow, potentially
allowing untrusted Java code (such as applets) to
elevate its privileges.
- CVE-2011-3552
Malicous Java code can use up an excessive amount of UDP
ports, leading to a denial of service.
- CVE-2011-3553
JAX-WS enables stack traces for certain server responses
by default, potentially leaking sensitive information.
- CVE-2011-3554
JAR files in pack200 format are not properly checked for
errors, potentially leading to arbitrary code execution
when unpacking crafted pack200 files.
- CVE-2011-3556
The RMI Registry server lacks access restrictions on
certain methods, allowing a remote client to execute
arbitary code.
- CVE-2011-3557
The RMI Registry server fails to properly restrict
privileges of untrusted Java code, allowing RMI clients
to elevate their privileges on the RMI Registry server.
- CVE-2011-3560
The com.sun.net.ssl.HttpsURLConnection class does not
perform proper security manager checks in the
setSSLSocketFactory() method, allowing untrusted Java
code to bypass security policy restrictions.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top