Lucene search
+L

84 matches found

vulnersOsv
vulnersOsv
added 2022/05/14 1:14 a.m.7 views

io.fabric8.examples:fabric-activemq-demo (>=1.1.0.CR2 <=1.1.0.CR3), io.fabric8.jube.images.fabric8:quickstart-karaf-camel-amq (>=2.0.5 <=2.0.7) +63 more potentially affected by CVE-2014-3612 via org.apache.activemq:activemq-jaas (>=5.0.0 <=5.10.0)

org.apache.activemq:activemq-jaas MAVEN version =5.0.0, =1.1.0.CR2, =2.0.5, =1.1.0.CR2, =5.0.0, =0.6.0.Final, =0.12.0.Final and more Source cves: CVE-2014-3612 Source advisory: OSV:GHSA-72M6-23FF-7Q26...

7.5CVSS7.2AI score0.07378EPSS
Exploits1
Hacker One
Hacker One
added 2020/11/19 11:42 a.m.16 views

8x8 Bounty: Any meeting chat history can be read and modified by an arbitrary user

A vulnerability existed where a JaaS user could read & modify the chat history of an 8x8 Meet conference. It was limited by the fact that the meeting UUID was required to be known. The fix was promptly deployed to production. A vulnerability in an API accessible through the jaas.8x8.vc white-labe...

1.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2020/06/24 10:56 a.m.40 views

CVE-2020-11980

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.5CVSS2.8AI score0.01876EPSS
Exploits0References3
OSV
OSV
added 2020/06/12 10:15 p.m.27 views

CVE-2020-11980

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.3CVSS7.1AI score0.01876EPSS
Exploits0References1
Prion
Prion
added 2020/06/12 10:15 p.m.16 views

Privilege escalation

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.5CVSS6.6AI score0.01876EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2019/05/02 6:9 a.m.19 views

Privilege Escalation

Java SE, Java SE Embedded and JRockit component of Oracle Java SE are vulnerable to Privilege Escalation. A remote authenticated user can exploit this flaw in the JAAS component for unauthorized creation, deletion or modification access to critical data...

5.8CVSS6.9AI score0.01933EPSS
Exploits0References20Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.30 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affect IBM Operational Decision Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6,7 and 8 that is used by IBM Operational Decision Manager ODM. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017 Vulnerability Details CVEID: CVE-2017-3241 DESCRIPTION: An unspecifi...

9CVSS6.8AI score0.95707EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:7 a.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java affect IBM PureApplication System

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017. IBM PureApplication System has addressed the applicable CVEs. These issues were also addressed by IBM...

9CVSS1AI score0.95707EPSS
Exploits11Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/05/01 12:0 a.m.58 views

EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2017-1015)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrust...

9.6CVSS7.6AI score0.95707EPSS
Exploits13References12
Tenable Nessus
Tenable Nessus
added 2017/02/13 12:0 a.m.41 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20170213)

Security Fixes : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

9.6CVSS7.5AI score0.95707EPSS
Exploits13References13
OpenVAS
OpenVAS
added 2017/02/10 12:0 a.m.47 views

Ubuntu: Security Advisory (USN-3194-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6CVSS7.9AI score0.95707EPSS
Exploits13References2
RedHat Linux
RedHat Linux
added 2017/02/09 12:5 p.m.6 views

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

5.8CVSS7.3AI score0.01933EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/02/09 12:0 a.m.64 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3194-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3194-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly...

9.6CVSS7.7AI score0.95707EPSS
Exploits13References13
OSV
OSV
added 2017/01/27 10:59 p.m.4 views

CVE-2017-3252

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAAS. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with...

5.8CVSS7.1AI score0.01933EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2017/01/25 12:0 a.m.272 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170120)

Security Fixes : - It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

9.6CVSS7.6AI score0.95707EPSS
Exploits13References13
Tenable Nessus
Tenable Nessus
added 2017/01/23 12:0 a.m.56 views

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:0180)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

9.6CVSS7.4AI score0.95707EPSS
Exploits13References23
RedHat Linux
RedHat Linux
added 2017/01/20 11:4 a.m.83 views

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

9.6CVSS7.2AI score0.95707EPSS
Exploits13References13
Tenable Nessus
Tenable Nessus
added 2017/01/19 12:0 a.m.99 views

Oracle JRockit R28.3.12 Multiple Vulnerabilities (January 2017 CPU)

The version of Oracle JRockit installed on the remote Windows host is R28.3.12. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Libraries subcomponent that allows an unauthenticated, remote attacker to impact integrity. CVE-2016-5546 - An unspecified...

9CVSS7.2AI score0.32839EPSS
Exploits4References7
Veracode
Veracode
added 2016/12/14 6:17 a.m.28 views

LDAP Code Injection

org.apache.karaf.jaas.modules is vulnerable to LDAP code injection. This is caused because the username is not encoded...

6.5CVSS7AI score0.05277EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2015/08/24 2:59 p.m.29 views

CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...

5CVSS6.9AI score0.08468EPSS
Exploits1References2
Rows per page
Query Builder