270 matches found
java security update
CentOS Errata and Security Advisory CESA-2017:0269 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common...
OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...
RHEL 5 / 6 / 7 : java-1.7.0-openjdk (RHSA-2017:0269)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0269 advisory. The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit...
OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...
USN-3194-1: OpenJDK 7 vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3194-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3194-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly...
Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2017-791)
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-3241 This...
Critical: java-1.8.0-openjdk
Issue Overview: It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...
OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...
OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...
On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net
! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...
PHP 'php_snmp_parse_oid()' function integer overflow vulnerability
PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability exists in the PHP 'phpsnmpparseoid' function. An attacker can exploit the vulnerability to execute arbitrary code in the context of an affected application...
DEBIAN-CVE-2015-1792
The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...
UBUNTU-CVE-2014-9087
Integer underflow in the ksbaoidtostr function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service crash via a crafted OID in a 1 S/MIME message or 2 ECC based OpenPGP data, which triggers a buffer overflow...
DEBIAN-CVE-2014-3465
The gnutlsx509dnoidname function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN...
openSUSE Security Update : libsmi (openSUSE-SU-2011:0011-1)
This update fixes a buffer overflow the smiGetNode function in libsmi. It allowed context-dependent attackers to execute arbitrary code via an Object Identifier. CVE-2010-2891: CVSS v2 Base Score: 7.5 HIGH AV:N/AC:L/Au:N/C:P/I:P/A:P: Buffer Errors CWE-119 %NASLMINLEVEL 70300 C Tenable Network...
AZL-7272 CVE-2010-2891 affecting package libsmi for versions less than 0.4.8-27
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...
DEBIAN-CVE-2010-2891
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...
CVE-2010-2891
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...
CVE-2010-2891
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier aka OID represented as a numerical string containing many components separated by . dot characters...