CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

GHSA-F5CF-F7PX-XPMH Moderate severity vulnerability that affects org.apache.qpid:proton-j

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

UBUNTU-CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Security Bulletin: Java vulnerability on IBM FlashSystem V840 product model number AC0 node (CVE-2014-0411)

Summary Java vulnerability could allow decryption of long GUI session Vulnerability Details CVEID: CVE-2014-0411 DESCRIPTION: Java is used in the system’s GUI.Timing differences based on the validity of messages can be exploited to decrypt the entire session. The exploit is not trivial, requiring...

Security Bulletin: The IBM V840 product model number AE1 node is affected by a vulnerability in Java

Summary Security vulnerabilities have been discovered in Java Vulnerability Details CVE-ID: CVE-2014-0411 DESCRIPTION: FlashSystem V840-AE1 uses an affected version of Oracle Java: CVE-2014-0411 Unspecified Oracle Java vulnerability In Oracle’s January 2014 Critical Patch Update CPU they disclose...

Security Bulletin: Java vulnerability on IBM Storage DS8870 (CVE-2014-0411)

Summary IBM Enterprise Storage DS8870 HMC extensively uses Java, for which a fix is available for a security vulnerability. Vulnerability Details CVEID: CVE-2014-0411 DESCRIPTION: Java is used throughout the DS8870 HMC including the command line interface CLI and graphical user interface GUI and...

Security Bulletin: Java vulnerability issue on IBM Storwize V7000 Unified system (CVE-2014-0411)

Summary IBM Storwize V7000 Unified system is shipped with Java, for which a fix is available for a security vulnerability. Vulnerability Details CVEID: CVE-2014-0411 DESCRIPTION: IBM Storwize V7000 Unified system is shipped with Java. Java is used in the V7000 Unified for implementing the system...

Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)

Summary Previous releases of IBM Rational Automation Framework are affected by the vulnerabilities in Java that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alert...

Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-0440)

Summary Previous releases of IBM Rational Automation Framework are affected by a vulnerability in Java that may allow remote attackers to influence the availability of the Framework Server. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts li...

Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to sensitive information leakage. (CVE-2017-10115)

Summary All applicable CVEs from the Java Quarterly CPU - Jul 2017. Vulnerability Details CVE-ID: CVE-2017-10115 Description: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive...

CVE-2017-3199

Insight: CVE-2017-3199 affects GraniteDS 3.1.1.GA, where AMF3 deserializers instantiate classes via java.io.Externalizable instead of the AMF3-recommended flash.utils.IExternalizable. This insecure deserialization could allow a remote attacker with RMI-control over a server connection to deliver ...

SAP NetWeaver AS Java Log Injection Security Bypass Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform, the platform can provide the development and operation environment for SAP applications. SAP NetWeaver AS Application Server Java is a run in NetWeaver and based on the Java programming language...

CVE-2018-2798

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: AWT. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

Deserialization of untrusted data

Any authenticated user valid client certificate but without ACL permissions could upload a template which contained malicious code and caused a denial of service via Java deserialization attack. The fix to properly handle Java deserialization was applied on the Apache NiFi 1.4.0 release. Users...

CVE-2018-2618

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker wi...

JDK: unspecified vulnerability fixed in 8u151 and 9.0.1 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

CVE-2017-10355

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker...

CVE-2017-10285

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker...