571 matches found
OpenJDK: GSS context use-after-free (JGSS, 8186212)
It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context...
JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
OpenJDK: insufficient strength of key agreement (JCE, 8185292)
It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...
USN-3497-1 openjdk-7 vulnerabilities
It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...
Proxy Aware PowerShell C2 Framework: PoshC2
PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...
OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: ImageIO. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...
OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...
OpenJDK: incorrect range checks in LambdaFormEditor (Libraries, 8184185)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...
OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...
OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...
JDK: unspecified vulnerability fixed in 7u111 and 8u101 (Deployment)
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment...
Vulnerability of the Java Platform software platform, which allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in the Java SE software platform’s Java SE and OpenJDK allows a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of data by using subcomponents called Libraries...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit application development tool, related to its components. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data, by using the CORBA component...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit, related to the subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data, by using the subcomponent Networking...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit, related to the subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using the Deployment subcomponent...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit, related to the subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using the Deployment subcomponent...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit application development tool relates to subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of data, by using the JAX-WS subcomponent...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit, related to the subcomponents of the program. Exploiting this vulnerability allows a malicious attacker to manipulate data accessibility by using the JavaFX subcomponent...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit application development tool relates to JavaFX subcomponents. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using JavaFX subcomponents...