83 matches found
PT-2020-2599
Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE. It allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, resulting in...
The vulnerability of the Java Secure Socket Extension (JSSE) component in Oracle Java SE software allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Java Secure Socket Extension JSSE in Oracle Java SE software platforms is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information using the HTT...
The vulnerability of the Java Secure Socket Extension (JSSE) component of the OpenJDK project, a programming language for Java, allows attackers to gain access to confidential data.
The vulnerability of the Java Secure Socket Extension JSSE component of the OpenJDK project, a programming language, is related to errors in processing the attached OCSP response during TLS handshake. Exploiting this vulnerability can allow an attacker operating remotely to gain access to...
Oracle Java SE Access Control Error Vulnerability (CNVD-2019-26746)
Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in the JSSE subcomponent of Oracle Java SE versions 11.0.3 and 12.0.1. An attacker could...
Security Bulletin: Multiple vulnerabilities exist in the current IBM SDK for Java used in IBM System Networking Switch Center (CVE-2014-0411 & CVE-2014-0460)
Summary IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1 CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2 CVE-2014-0411: Vulnerability in...
Security Bulletin: Vulnerability in RC4 cipher stream (CVE-2015-2808) and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director.
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...
OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...
USN-3824-1: OpenJDK 7 vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...
USN-3804-1: OpenJDK vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
USN-3804-1 openjdk-8, openjdk-lts vulnerabilities
It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...
Unspecified Vulnerability in Oracle Java SE (CNVD-2019-26733)
Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a powerful, reliable, and portable...
JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)
Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...
Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition...
The vulnerability of the JRockit software platform, which allows a malicious actor to compromise data accessibility remotely.
The vulnerability of the JRockit software platform allows a malicious actor to compromise data accessibility by using the JSSE component...
Vulnerability of the Java Runtime Environment software platform, which allows a malicious attacker to compromise data confidentiality and integrity
Vulnerability of the Java Runtime Environment, related to program subcomponents. Exploitation of this vulnerability allows an attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...
The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.
The vulnerability of the Java Development Kit application development tool, related to its subcomponents. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...
Java Secure Socket Extension (JSSE) SKIP-TLS
!/usr/bin/env ruby encoding: ASCII-8BIT By Ramon de C Valle. This work is dedicated to the public domain. require 'openssl' require 'optparse' require 'socket' Version = 0, 0, 1 Release = nil def prfsecret, label, seed if secret.empty? s1 = s2 = '' else length = secret.length 1.0 / 2.ceil s1 =...
CVE-2015-1916
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...