This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
a5934ba8-a376-11e5-85e9-14dae9d210b8 | java -- multiple vulnerabilities Oracle reports:
Discovery 2015-10-20 Entry 2015-12-15 Modified 2016-01-08 openjdk8 openjdk8-jre < 8.66.17 openjdk7 openjdk7-jre < 7.91.02,1 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA CVE-2015-4835 CVE-2015-4881 CVE-2015-4843 CVE-2015-4883 CVE-2015-4860 CVE-2015-4805 CVE-2015-4844 CVE-2015-4901 CVE-2015-4868 CVE-2015-4810 CVE-2015-4806 CVE-2015-4871 CVE-2015-4902 CVE-2015-4840 CVE-2015-4882 CVE-2015-4842 CVE-2015-4734 CVE-2015-4903 CVE-2015-4803 CVE-2015-4893 CVE-2015-4911 CVE-2015-4872 CVE-2015-4906 CVE-2015-4916 CVE-2015-4908 |
d5e0317e-5e45-11e2-a113-c48508086173 | java 7.x -- security manager bypass US CERT reports:
Esteban Guillardoy from Immunity Inc. additionally clarifies on the recursive reflection exploitation technique:
This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager. For users who are running native Web browsers with enabled Java plugin, the workaround is to remove the java/icedtea-web port and restart all browser instances. For users who are running Linux Web browser flavors, the workaround is either to disable the Java plugin in browser or to upgrade linux-sun-* packages to the non-vulnerable version. It is not recommended to run untrusted applets using appletviewer, since this may lead to the execution of the malicious code on vulnerable versions on JDK/JRE. Discovery 2013-01-10 Entry 2013-01-14 openjdk7 gt 0 linux-sun-jdk ge 7.0 lt 7.11 linux-sun-jre ge 7.0 lt 7.11 CVE-2013-0433 625617 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf |