Download
| Alert*
|
oval:org.secpod.oval:def:19718
The host is installed with Oracle Java SE 5.0 before update 22 and 6 before update 17 and is prone to directory traversal vulnerability. A flaw is present in the applications, which fails to properly handle a .. (dot dot) in a pathname. Successful exploitation allows remote attackers to determine th ... oval:org.secpod.oval:def:301167 Multiple Java OpenJDK security vulnerabilities has been identified and fixed: - TLS: MITM attacks via session renegotiation . - Loader-constraint table allows arrays instead of only the b ase-classes . - Policy/PolicyFile leak dynamic ProtectionDomains. - File TOCTOU deserialization vulnerability . ... oval:org.secpod.oval:def:500496 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws ... oval:org.secpod.oval:def:101974 The OpenJDK runtime environment. oval:org.secpod.oval:def:102200 The OpenJDK runtime environment. oval:org.secpod.oval:def:103311 The OpenJDK runtime environment. oval:org.secpod.oval:def:202085 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws ... oval:org.secpod.oval:def:201993 These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws ... oval:org.secpod.oval:def:700477 Dan Kaminsky discovered that SSL certificates signed with MD2 could be spoofed given enough time. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation in Op ... |
