496 matches found
OpenJDK: PBE incorrect key lengths (Libraries, 8138589)
It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...
Vulnerability of the Java Platform software platform, allowing attackers to modify data
The vulnerability of the Libraries sub-component of the Java Platform software platform is related to errors in the code. Exploiting this vulnerability allows a malicious actor to modify data using the Java Web Start application or Java applet...
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Fri Jul 31 13:04:25 CDT 2015 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/javajuly2015advisory.asc https://aix.software.ibm.com/aix/efixes/security/javajuly2015advisory.asc...
SUSE SLED11 Security Update : java-1_7_0-openjdk (SUSE-SU-2015:1320-1) (Bar Mitzvah) (Logjam)
OpenJDK was updated to 2.6.1 - OpenJDK 7u85 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-2590: Easily exploitable vulnerability in the Libraries component allowed successful unauthenticated network attacks via multiple protocols. Successful attack of this...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
Unspecified Arbitrary Code Execution Vulnerability in Oracle Java SE Libraries Component
Oracle Java SE is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the Libraries subcomponent of Oracle Java SE, which can be exploited by a remote attacker to construct a malicious web page tha...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)
An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
OpenJDK: MulticastSocket NULL pointer dereference (Libraries, 8056264)
A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions...
java security update
CentOS Errata and Security Advisory CESA-2014:0907 Updated java-1.6.0-openjdk packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5, 6, and 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common...
Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x i386/x86_64 (20140716)
It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. CVE-2014-4216, CVE-2014-4219 A format string flaw was discovered in the Hotspo...