1536 matches found
Security update for java-1_8_0-openjdk (important)
This update for java-180-openjdk to version 8u171 fixes the following issues: These security issues were fixed: - S8180881: Better packaging of deserialization - S8182362: Update CipherOutputStream Usage - S8183032: Upgrade to LittleCMS 2.9 - S8189123: More consistent classloading - S8189969,...
Security Bulletin: IBM WebSphere MQ keystore password traced by mqcertck on IBM i platform (CVE-2015-7462)
Summary The mqcertck tool which was newly added in MQ 8.0.0.4 could trace certificate keystore passwords. Vulnerability Details CVEID: CVE-2015-7462 DESCRIPTION: IBM WebSphere MQ could allow a local user with administrator privileges to decrypt other MQ administrators passwords by using the...
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® WebSphere Real Time
Summary Java SE issues disclosed in the Oracle July 2014 Critical Patch Update, plus 2 additional vulnerabilities Vulnerability Details CVE IDs: CVE-2014-3086 CVE-2014-4227 CVE-2014-4262 CVE-2014-4219 CVE-2014-4209 CVE-2014-4220 CVE-2014-4268 CVE-2014-4218 CVE-2014-4252 CVE-2014-4266 CVE-2014-426...
heinekingmedia StashCat for Android Hardcoded Password Vulnerability
heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. A security vulnerability exists in heinekingmedia StashCat 1.7.5 and earlier versions for the Android platform, which stems from the program's use of hard-coded...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
CVE-2014-6111
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to...
Unspecified Vulnerability in Bouncy Castle BKS-V1
Bouncy Castle is a cryptographic library for C and Java applications.BKS-V1 is one of the secret key storage format. A security vulnerability exists in Bouncy Castle BKS-V1, which stems from the fact that the length of the HMAC used in Bouncy Castle BKS-V1 files is only 16 bits. An attacker could...
DEBIAN-CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
Format string
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
UBUNTU-CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382 Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47...
CVE-2018-5382
CVE-2018-5382 involves Bouncy Castle where the default BKS keystore uses an HMAC only 16 bits long, enabling brute-force attempts to compromise keystore integrity. Technical details from connected docs show that BC 1.47 updated the BKS format to use a 160-bit HMAC, addressing the issue for keysto...
PT-2018-16936 · Legion Of The Bouncy Castle · Bouncy Castle
Name of the Vulnerable Software and Affected Versions: Bouncy Castle versions prior to 1.47 Description: The default BKS keystore uses an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. This issue applies to any BKS keystore generated pri...
Jenkins Coverity Plugin Information Disclosure Vulnerability
Jenkins is an open source software project , is based on Java development of a continuous integration tool . A security vulnerability exists in the CIMInstance.java file in Jenkins Coverity Plugin 1.10.0 and earlier versions, which stems from the program storing passwords in plaintext. An attacke...
LeakVM - Research & Pentesting Framework For Android, Run Security Tests Instantly
LeakVM: Run security tests instantly. Why LeakVM : LeakVM fast security test on Android, by skipping the time-consuming build pen-testing laboratories, you can test on real devices or virtual devices. LeakVM makes researchers and pen-testers more productive since they can run the test on real tim...