Vulnerabilities for Enterprise linux supplementary (...) - CXSECURITY.COM

Vulnerabilities for 'Enterprise linux supplementary'

2016-06-03

CVE-2016-0376

CWE-Other

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.

CVE-2016-0363

CWE-20

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

2016-02-10

CVE-2016-0985

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."

2015-04-14

CVE-2015-3044

CWE-200

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.

CVE-2015-3043

CWE-noinfo

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

>>> Vendor: Redhat 373 Products

Enterprise linux

Enterprise linux desktop

Linux powertools

Redhat package manager

Docbook stylesheets

Pre-execution environment

Linux advanced workstation

Analog real-time synthesizer

Kdelibs sound devel

Network satelite server

Certificate server

Network satellite server

Directory server

Fedora directory server

Enterprise linux desktop workstation

Desktop workstation

Certificate system

Jboss enterprise application platform

dogtag certificate system

Cluster project

Dogtag certificate system

Enterprise virtualization

Network satellite

Enterprise virtualization hypervisor

Enterprise virtualization manager

Jboss enterprise service bus

Jboss enterprise soa platform

Jboss enterprise web platform

Policycoreutils

Jboss seam 2 framework

System-config-firewall

System-config-printer

Jboss operations network

Automatic bug reporting tool

Jboss community application server

See all Products for Vendor Redhat

Copyright 2024, cxsecurity.com