154 matches found
CVE-2025-62371 OpenSearch Data Prepper plugins trusts all SSL certificates by default
OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no certificate path is provided. Prior to this fix, the OpenSearch sink and source plugin...
PT-2025-42388
Name of the Vulnerable Software and Affected Versions OpenSearch Data Prepper versions prior to 2.12.2 Description OpenSearch Data Prepper is an open source data collector for observability data. The OpenSearch sink and source plugins in Data Prepper trust all SSL certificates by default when no...
Allocation Of Resources Without Limits
Bouncy Castle is vulnerable to Allocation Of Resources Without Limits. The vulnerability is due to improper resource management due to excessive allocation in PKIX certificate path review components...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Allocation of Resources Without Limits or Throttling
Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attack...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...
Allocation of Resources Without Limits or Throttling
Overview org.bouncycastle:bcprov-jdk16 is a Bouncy Castle Crypto package that is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6. Affected versions of this package are vulnerable to Allocatio...
Allocation of Resources Without Limits or Throttling
Overview org.bouncycastle:bcprov-ext-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An...
PT-2025-32978
Name of the Vulnerable Software and Affected Versions: Bouncy Castle for Java versions 1.44 through 1.78 BCPKIX FIPS versions 1.0.0 through 1.0.7 BCPKIX FIPS versions 2.0.0 through 2.0.7 Description: The Bouncy Castle for Java cryptographic libraries contain a vulnerability related to excessive...
Siemens SINEC Security Monitor 路径遍历漏洞
SINEC Security Monitor is a modular network security software for passive, non-intrusive, continuous network security monitoring during production processes at customer sites. A path traversal vulnerability exists in Siemens SINEC Security Monitor that originates from not properly validating the...
RHEL 7 : java-1.8.0-ibm (RHSA-2024:0879)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0879 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...
Mageia: Security Advisory (MGASA-2024-0056)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated java-17-openjdk packages fix security vulnerabilities
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: memory corruption issue on x8664 with AVX-512 8317121 CVE-2023-22025 OpenJDK: certificate path validation issue during client authentication...
CentOS: Security Advisory for java-11-openjdk (CESA-2023:5736)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
OpenJDK: certificate path validation issue during client authentication (8309966)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...