- Home
- CVEs with nessus.description==Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform.
- CVE-2011-3377
The IcedTea browser plugin included in the openjdk-6
package does not properly enforce the Same Origin Policy
on web content served under a domain name which has a
common suffix with the required domain name.
- CVE-2011-3563
The Java Sound component did not properly check for
array boundaries. A malicious input or an untrusted Java
application or applet could use this flaw to cause Java
Virtual Machine to crash or disclose portion of its
memory.
- CVE-2011-5035
The OpenJDK embedded web server did not guard against an
excessive number of a request parameters, leading to a
denial of service vulnerability involving hash
collisions.
- CVE-2012-0497
It was discovered that Java2D did not properly check
graphics rendering objects before passing them to the
native renderer. This could lead to JVM crash or Java
sandbox bypass.
- CVE-2012-0501
The ZIP central directory parser used by
java.util.zip.ZipFile entered an infinite recursion in
native code when processing a crafted ZIP file, leading
to a denial of service.
- CVE-2012-0502
A flaw was found in the AWT KeyboardFocusManager class
that could allow untrusted Java applets to acquire
keyboard focus and possibly steal sensitive information.
- CVE-2012-0503
The java.util.TimeZone.setDefault() method lacked a
security manager invocation, allowing an untrusted Java
application or applet to set a new default time zone.
- CVE-2012-0505
The Java serialization code leaked references to
serialization exceptions, possibly leaking critical
objects to untrusted code in Java applets and
applications.
- CVE-2012-0506
It was discovered that CORBA implementation in Java did
not properly protect repository identifiers (that can be
obtained using _ids() method) on certain Corba objects.
This could have been used to perform modification of the
data that should have been immutable.
- CVE-2012-0507
The AtomicReferenceArray class implementation did not
properly check if the array is of an expected Object[]
type. A malicious Java application or applet could use
this flaw to cause Java Virtual Machine to crash or
bypass Java sandbox restrictions.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top