Lucene search
+L

72 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.23 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-2613, CVE-2015-2601, CVE-2015-4749, CVE-2015-2625, CVE-2015-1931, CVE-2015-4872)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates for October 2015 and in the IBM Java SDK updates in...

5.5CVSS0.4AI score0.0381EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.47 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK including Logjam affect IBM Image Construction and Composition Tool. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack on TLS...

5.5CVSS0.6AI score0.9986EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.32 views

Security Bulletin: Multiple vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository Studio (CVE-2015-2613 CVE-2015-2601 CVE-2015-2625 CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2613 DESCRIPTION: An...

5.5CVSS5.9AI score0.0381EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Liberty for Java for IBM Bluemix (CVE-2015-2590)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 8 that is used by Liberty for Java for IBM Bluemix. These issues were disclosed as part of the IBM Java SDK updates in July 2015. Vulnerability Details CVEID: CVE-2015-2590 DESCRIPTION: ...

10CVSS0.4AI score0.25469EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/06/07 12:0 a.m.52 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...

7.7CVSS6.8AI score0.03311EPSS
Exploits2References8
Ubuntu
Ubuntu
added 2017/05/18 9:39 p.m.89 views

USN-3275-3: OpenJDK 7 regression

USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in...

6.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/05/09 10:46 a.m.6 views

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

7.7CVSS7.3AI score0.00759EPSS
Exploits2References5
Amazon
Amazon
added 2017/05/09 12:0 a.m.51 views

Medium: java-1.8.0-openjdk

Issue Overview: Improper re-use of NTLM authenticated connections Networking, 8163520: It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could...

7.7CVSS7.8AI score0.03311EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2016/05/11 2:9 p.m.7 views

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

4.3CVSS7.4AI score0.02795EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/04/22 12:0 a.m.242 views

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2016-688)

It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2016-0686 It was...

10CVSS7.6AI score0.92334EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2016/04/20 7:35 p.m.80 views

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS6.8AI score0.92334EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2016/04/20 7:34 p.m.57 views

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS6.8AI score0.92334EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2016/04/20 7:34 p.m.13 views

OpenJDK: non-constant time GCM authentication tag comparison (JCE, 8143945)

It was discovered that the GCM Galois/Counter Mode implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag...

4.3CVSS7.4AI score0.02795EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/07/31 12:0 a.m.278 views

SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1320-1) (Bar Mitzvah) (Logjam)

OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this...

10CVSS7.5AI score0.9986EPSS
Exploits1References50
RedHat Linux
RedHat Linux
added 2015/05/20 7:5 p.m.9 views

OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)

It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...

4.3CVSS6.5AI score0.03307EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2015/04/21 1:5 p.m.71 views

USN-2574-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-0460, CVE-2015-0469 Alexander Cherepanov discovered that...

10CVSS5.7AI score0.07224EPSS
Exploits0
ArchLinux
ArchLinux
added 2015/04/17 12:0 a.m.50 views

jre7-openjdk-headless: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.4AI score0.07224EPSS
Exploits1References7
ArchLinux
ArchLinux
added 2015/04/17 12:0 a.m.49 views

jre8-openjdk-headless: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.2AI score0.07224EPSS
Exploits1References8
ArchLinux
ArchLinux
added 2015/04/17 12:0 a.m.51 views

jdk8-openjdk: multiple issues

CVE-2005-1080 CVE-2015-0480 directory traversal A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. - CVE-2015-0460...

10CVSS3.2AI score0.07224EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2015/04/16 12:0 a.m.53 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/srpm/x86_64 (20150415)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

10CVSS6.3AI score0.07224EPSS
Exploits1References8
Rows per page
Query Builder