84 matches found
io.fabric8.examples:fabric-activemq-demo (>=1.1.0.CR2 <=1.1.0.CR3), io.fabric8.jube.images.fabric8:quickstart-karaf-camel-amq (>=2.0.5 <=2.0.7) +63 more potentially affected by CVE-2014-3612 via org.apache.activemq:activemq-jaas (>=5.0.0 <=5.10.0)
org.apache.activemq:activemq-jaas MAVEN version =5.0.0, =1.1.0.CR2, =2.0.5, =1.1.0.CR2, =5.0.0, =0.6.0.Final, =0.12.0.Final and more Source cves: CVE-2014-3612 Source advisory: OSV:GHSA-72M6-23FF-7Q26...
8x8 Bounty: Any meeting chat history can be read and modified by an arbitrary user
A vulnerability existed where a JaaS user could read & modify the chat history of an 8x8 Meet conference. It was limited by the fact that the meeting UUID was required to be known. The fix was promptly deployed to production. A vulnerability in an API accessible through the jaas.8x8.vc white-labe...
CVE-2020-11980
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...
CVE-2020-11980
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...
Privilege escalation
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...
Privilege Escalation
Java SE, Java SE Embedded and JRockit component of Oracle Java SE are vulnerable to Privilege Escalation. A remote authenticated user can exploit this flaw in the JAAS component for unauthorized creation, deletion or modification access to critical data...
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017 Vulnerability Details CVEID: CVE-2017-3241 DESCRIPTION: An unspecifi...
Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java affect IBM PureApplication System
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM...
EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1015)
According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...
Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170213)
Security Fixes : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
Ubuntu: Security Advisory (USN-3194-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)
It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3194-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3194-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly...
CVE-2017-3252
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAAS. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with...
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170120)
Security Fixes : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180)
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Oracle JRockit R28.3.12 Multiple Vulnerabilities (January 2017 CPU)
The version of Oracle JRockit installed on the remote Windows host is R28.3.12. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. CVE-2016-5546 - An unspecified...
LDAP Code Injection
org.apache.karaf.jaas.modules is vulnerable to LDAP code injection. This is caused because the username is not encoded...
CVE-2015-6524
The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...