Bouncy Castle Java library信息泄漏漏洞

No description provided by source...

Apache Commons Collections Java library insecurely deserializes data

Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...

Bouncy Castle Java library Information Disclosure Vulnerability

Legion of the Bouncy Castle Java library is an open source lightweight password package for the Java platform from the Australian company Legion of the Bouncy Castle. An information disclosure vulnerability exists in versions of the Legion of the Bouncy Castle Java library prior to 1.51, which...

Apache Commons Collections Java Library Vulnerability

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

DEBIAN-CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

Information disclosure

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

CVE-2015-7940 (Bouncy Castle Java) : The library before 1.51 does not validate that an EC point lies on the curve, enabling an invalid-curve attack to potentially recover private keys during ECDH. Remote attackers could exploit crafted ECDH exchanges. Affected: Bouncy Castle JS, BC versions prior...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

Milton Webdav 2.7.0.1 XXE Injection

Dear all, I've recently found vulnerability in Milton Webdav 2.7.0.1 project page - http://milton.io/. Milton Webdav is a Java library for adding webdav capabilities to your applications. Milton Webdav supports PROPFIND, PROPPATCH and LOCK methods. This Webdav methods expect XML in request body...

PE Static Malware Analysis: PortEx

PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading Header information from: MSDOS Header, COFF File Header,...

OrientDB < 2.0.7 / 2.1.0 Weak Session IDs

The version of OrientDB running on the remote host is prior to 2.0.7 or 2.1.0. It is, therefore, affected by a weak session ID flaw due to usage of the Java library java.util.Random. An unauthenticated, remote attacker can exploit this to predict session IDs to facilitate brute-force attacks. Som...

IBM Rational ClearQuest 7.1.x < 7.1.2.16 / 8.0.0.x < 8.0.0.13 / 8.0.1.x < 8.0.1.6 Multiple Vulnerabilities (credentialed check) (POODLE)

The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.16 / 8.0.0.x prior to 8.0.0.13 / 8.0.1.x prior to 8.0.1.6 installed. It is, therefore, potentially affected by multiple vulnerabilities in third party libraries : - An error exists in the libcURL and OpenSSL libraries...

[SECURITY] Fedora 20 Update: owasp-esapi-java-2.1.0-2.fc20

OWASP ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library that makes it easier for programme rs to write lower-risk applications. The ESAPI for Java library is designed to make it easier for programmers to retrofit security into existing...

[SECURITY] Fedora 21 Update: smack-4.0.6-1.fc21

Smack is an Open Source XMPP Jabber client library for instant messaging and presence. A pure Java library, it can be embedded into your applications to create anything from a full XMPP client to simple XMPP integrations such as sending notification messages and presence-enabling devices...

Oracle Application Framework Diagnostic Mode Bypass Vulnerability

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1...

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...