RSA IG&L Aveksa 7.1.1 - Remote Code Execution

Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Date: 2019-04-16 Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...

SUSE-SU-2020:1684-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: java-180-ibm was updated to Java 8.0 Service Refresh 6 Fix Pack 10 bsc1172277,bsc1169511,bsc1160968 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2754:...

SUSE-SU-2020:14398-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

Security update for java-1_8_0-openjdk (important)

openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2020:0800-1 Rating: important References: 1160398 1169511 1171352 Cross-References: CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803...

DSA-4703-1 mysql-connector-java - security update

Bulletin has no description...

SUSE-SU-2020:14391-1 Security update for java-1_7_0-ibm

This update for java-170-ibm fixes the following issues: java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 65 bsc1172277 and bsc1169511 - CVE-2020-2654: Fixed an issue which could have resulted in unauthorized ability to cause a partial denial of service - CVE-2020-2756: Improved...

SUSE-SU-2020:1572-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Java was updated to jdk-11.0.7+10 April 2020 CPU, bsc1169511. Security issues fixed: - CVE-2020-2754: Fixed an incorrect handling of regular expressions that could have resulted in denial of service bsc1169511. - CVE-2020-2755: Fixed an...

SUSE-SU-2020:1569-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk to version jdk8u252 fixes the following issues: - CVE-2020-2754: Forward references to Nashorn bsc1169511 - CVE-2020-2755: Improve Nashorn matching bsc1169511 - CVE-2020-2756: Better mapping of serial ENUMs bsc1169511 - CVE-2020-2757: Less Blocking Array Queues...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Scripting. Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

Fedora 31 : 1:java-1.8.0-openjdk (2020-a60ad9d4ec)

Update to OpenJDK 8u252 April Critical Patch Update - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - JDK-822560...

OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)

A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session...

OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691)

A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session...

OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)

A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions...

java-1.7.0-openjdk security update

1:1.7.0.261-2.6.22.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.261-2.6.22.1 - Add release notes from IcedTea. - Resolves: rhbz1810557 1:1.7.0.261-2.6.22.0 - Bump to 2.6.22 and OpenJDK 7u261-b02. - Resolves: rhbz1810557...

PT-2020-2546

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient access control in the JSSE component of Java SE, allowing an unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks can...

Arbitrary Code Execution

java i svulnerable to arbitrary code execution. A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process...

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...