This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
16846d1e-f1de-11e1-8bd8-0022156e8794 | Java 1.7 -- security manager bypass US-CERT reports:
This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager. Discovery 2012-08-27 Entry 2012-08-30 Modified 2012-08-31 openjdk ge 7.0 lt 7.6.24_1 linux-sun-jdk ge 7.0 lt 7.7 linux-sun-jre ge 7.0 lt 7.7 CVE-2012-4681 636312 http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html |
18e5428f-ae7c-11d9-837d-000e0c2e438a | jdk -- jar directory traversal vulnerability Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.
Discovery 2005-04-11 Entry 2005-04-16 Modified 2006-09-12 jdk le 1.2.2p11_3 ge 1.3.* le 1.3.1p9_4 ge 1.4.* le 1.4.2p7 ge 1.5.* le 1.5.0p1_1 linux-ibm-jdk le 1.4.2_1 linux-sun-jdk le 1.4.2.08_1 eq 1.5.0b1 eq 1.5.0b1,1 ge 1.5.0,2 le 1.5.0.02,2 linux-blackdown-jdk le 1.4.2_2 diablo-jdk le 1.3.1.0_1 diablo-jdk-freebsd6 le i386.1.5.0.07.00 linux-jdk ge 0 CVE-2005-1080 http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508 http://www.securiteam.com/securitynews/5IP0C0AFGW.html http://secunia.com/advisories/14902/ |
ac619d06-3ef8-11d9-8741-c942c075aa41 | jdk/jre -- Security Vulnerability With Java Plugin The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code. Discovery 2004-11-24 Entry 2004-11-25 Modified 2005-04-27 jdk ge 1.4.0 le 1.4.2p6_6 ge 1.3.0 le 1.3.1p9_5 linux-jdk linux-sun-jdk ge 1.4.0 le 1.4.2.05 ge 1.3.0 le 1.3.1.13 linux-blackdown-jdk ge 1.3.0 le 1.4.2 linux-ibm-jdk ge 1.3.0 le 1.4.2 diablo-jdk diablo-jre ge 1.3.1.0 le 1.3.1.0_1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1&searchclause=%22category:security%22%20%22availability,%20security%22 http://www.securityfocus.com/archive/1/382072 CVE-2004-1029 http://marc.theaimsgroup.com/?l=bugtraq&m=110125046627909 |
c93e4d41-75c5-11dc-b903-0016179b2dd5 | jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented SUN reports:
Discovery 2007-10-03 Entry 2007-10-08 Modified 2007-11-16 jdk ge 1.3.0 lt 1.6.0.3p3 ge 1.5.0,1 lt 1.5.0.13p7,1 linux-blackdown-jdk ge 1.3.0 linux-sun-jdk ge 1.3.0 lt 1.3.1.20 ge 1.4.0 lt 1.4.2.16 eq 1.5.0.b1 eq 1.5.0.b1,1 ge 1.5.0,2 lt 1.5.0.13,2 ge 1.6.0 lt 1.6.0.03 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1 CVE-2007-5232 |
d5e0317e-5e45-11e2-a113-c48508086173 | java 7.x -- security manager bypass US CERT reports:
Esteban Guillardoy from Immunity Inc. additionally clarifies on the recursive reflection exploitation technique:
This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager. For users who are running native Web browsers with enabled Java plugin, the workaround is to remove the java/icedtea-web port and restart all browser instances. For users who are running Linux Web browser flavors, the workaround is either to disable the Java plugin in browser or to upgrade linux-sun-* packages to the non-vulnerable version. It is not recommended to run untrusted applets using appletviewer, since this may lead to the execution of the malicious code on vulnerable versions on JDK/JRE. Discovery 2013-01-10 Entry 2013-01-14 openjdk7 gt 0 linux-sun-jdk ge 7.0 lt 7.11 linux-sun-jre ge 7.0 lt 7.11 CVE-2013-0433 625617 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf |