271 matches found
OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...
OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...
OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...
OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3613-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3613-1 advisory. It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive...
USN-3613-1: OpenJDK 8 vulnerabilities
It was discovered that a race condition existed in the cryptography implementation in OpenJDK. An attacker could possibly use this to expose sensitive information. CVE-2018-2579 It was discovered that the Hotspot component of OpenJDK did not properly validate uses of the invokeinterface JVM...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
CVE-2018-7047
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)
It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...
Unspecified Vulnerability in Oracle Java SE, Java SE Embedded and Jrockit (CNVD-2018-02238)
Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a Java platform for developing...
Apache James java deserialization arbitrary command execution vulnerability
Apache James is pure Java SMTP and POP3 mail server and NNTP news server . A security vulnerability in the Apache James JMX server's handling of Java deserialization allows an attacker to exploit the vulnerability to construct special requests to execute arbitrary code in the context of an...
CVE-2017-8012
The CVE pertains to Dell EMC/VNX Monitoring and Reporting (RMI Registry) deserialization vulnerability that can be exploited remotely to cause a DoS. The attack path involves the exposed RMI registry (default port 52569) accepting untrusted data; authentication exists but can be bypassed per the ...
CVE-2016-9008
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: insufficient classloader consistency checks in ClassLoaderWithRepository (JMX, 8157739)
A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions...