22 matches found
MiracleLinux 4 : ipa-3.0.0-26.2.0.1.AXS4 (AXSA:2013-421:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-421:02 advisory. IPA is an integrated solution to provide centrally managed Identity machine, user, virtual machines, groups, authentication credentials, Policy configuration...
EUVD-2004-0652
Malware in sbrugna...
CVE-2017-10388
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1330)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Man-in-the-Middle (MitM)
IBM Java SE is vulnerable to man-in-the-middle attacks. The vulnerability exists in Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A remote attacker could use this flaw to...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +26 more potentially affected by CVE-2015-7521 via org.apache.hive:hive-exec (>=1.1.0 <=1.2.1)
org.apache.hive:hive-exec MAVEN version =1.1.0, =3.18.0.9, =0.1.5, =0.1.5, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =0.14.0, =0.14.0, =0.15.0, =0.15.0, =0.15.1 and more Source cves: CVE-2015-7521 Source advisory: OSV:GHSA-83R3-C79W-F6WC...
MGASA-2017-0460 Updated java-1.8.0-openjdk packages fix security vulnerabilities
Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2017-10285, CVE-2017-10346 It was discovered that the Kerberos client implementation in the Libraries...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3497-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3497-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3473-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3473-1 advisory. It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an...
RHEL 7 : java-1.6.0-sun (RHSA-2017:3047)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3047 advisory. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
OpenJDK: use of unprotected sname in Kerberos client (Libraries, 8178794)
It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java...
UBUNTU-CVE-2017-10388
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2004-0653
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pamkrb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files...