OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

OpenJDK: improper re-use of NTLM authenticated connections (Networking, 8163520)

It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with...

java-1.7.0-openjdk security update

1:1.7.0.141-2.6.10.1.0.1 - Update DISTRONAME in specfile 1:1.7.0.141-2.6.10.1 - Bump to u141b02 to include S8011123 fix for TCK failure. - Resolves: rhbz1438751 1:1.7.0.141-2.6.10.0 - Bump to 2.6.10 and u141b00. - Adjust RH1022017 following application of 8173783 - Add more detailed output to...

CVE-2017-3509

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

SUSE-SU-2017:0839-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remo...

SUSE-SU-2017:0726-1 Security update for java-1_6_0-ibm

This update for java-160-ibm to 8.0-4.1 fixes the following issues: Security issue fixed: - CVE-2016-2183: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easi...

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

Unspecified Vulnerability in Oracle Java SE (CNVD-2017-00935)

Oracle Java SE is the United States Oracle Oracle company's set of standard version of the Java platform for the development and deployment of desktop, server, and embedded devices and real-time environments in the Java application. A remote security vulnerability exists in Oracle Java SE. An...

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

UBUNTU-CVE-2017-3241

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with...

java-1.6.0-openjdk security update

1:1.6.0.41-1.13.13.1.0.1 - Add oracle-enterprise.patch 1:1.6.0.41-1.13.13.1 - Update to new 1.13.13 and b41 tarballs to correct TCK failure. - Resolves: rhbz1381990 1:1.6.0.41-1.13.13.0 - Remove --htmldir option which is not supported by older autotools. - Resolves: rhbz1381990 1:1.6.0.41-1.13.13...

SUSE-SU-2016:3041-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: - Version update to 7.1-3.60 bsc1009280 fixing the following CVE's: CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5597, CVE-2016-5554, CVE-2016-5542...

Google Android Conscrypt Information Disclosure Vulnerability

Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, of which Concrypt is a component that uses OpenSSL to provide Java security. An information disclosure vulnerability exists in Concrypt in Android. An attacker could exploit this...

CVE-2015-1832

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

CVE-2015-1832

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

DEBIAN-CVE-2015-1832

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

CVE-2015-1832

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

Xxe

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...