Lucene search
K

83 matches found

Positive Technologies
Positive Technologies
added 2020/04/14 12:0 a.m.6 views

PT-2020-2599

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE. It allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, resulting in...

7.8CVSS6.8AI score0.02698EPSS
Exploits0References143
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.3 views

The vulnerability of the Java Secure Socket Extension (JSSE) component in Oracle Java SE software allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Java Secure Socket Extension JSSE in Oracle Java SE software platforms is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information using the HTT...

5.8CVSS6.5AI score0.03613EPSS
Exploits0References6Affected Software10
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.4 views

The vulnerability of the Java Secure Socket Extension (JSSE) component of the OpenJDK project, a programming language for Java, allows attackers to gain access to confidential data.

The vulnerability of the Java Secure Socket Extension JSSE component of the OpenJDK project, a programming language, is related to errors in processing the attached OCSP response during TLS handshake. Exploiting this vulnerability can allow an attacker operating remotely to gain access to...

5.3CVSS5.5AI score0.01961EPSS
Exploits0References5Affected Software3
CNVD
CNVD
added 2019/07/17 12:0 a.m.3 views

Oracle Java SE Access Control Error Vulnerability (CNVD-2019-26746)

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in the JSSE subcomponent of Oracle Java SE versions 11.0.3 and 12.0.1. An attacker could...

5.3CVSS6.7AI score0.01961EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/08 4:13 p.m.37 views

Security Bulletin: Multiple vulnerabilities exist in the current IBM SDK for Java used in IBM System Networking Switch Center (CVE-2014-0411 & CVE-2014-0460)

Summary IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1 CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2 CVE-2014-0411: Vulnerability in...

5.8CVSS1.7AI score0.0435EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:10 a.m.30 views

Security Bulletin: Vulnerability in RC4 cipher stream (CVE-2015-2808) and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director.

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...

7.5CVSS0.7AI score0.74006EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2018/11/26 3:43 p.m.1 views

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

6.8CVSS7.3AI score0.03392EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2018/11/16 12:53 a.m.142 views

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

8.3CVSS7AI score0.07215EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/11/16 12:0 a.m.38 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...

8.3CVSS7.1AI score0.07215EPSS
Exploits2References6
Ubuntu
Ubuntu
added 2018/10/30 7:37 p.m.552 views

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

9CVSS7AI score0.07215EPSS
Exploits2
OSV
OSV
added 2018/10/30 7:37 p.m.3 views

USN-3804-1 openjdk-8, openjdk-lts vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

9CVSS7AI score0.07215EPSS
Exploits2References9
CNVD
CNVD
added 2018/10/17 12:0 a.m.2 views

Unspecified Vulnerability in Oracle Java SE (CNVD-2019-26733)

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a powerful, reliable, and portable...

6.8CVSS6.9AI score0.03392EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/09/17 2:51 p.m.5 views

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

5.9CVSS7.4AI score0.04676EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/22 5:47 a.m.51 views

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

5CVSS1.3AI score0.98685EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.29 views

Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition...

5CVSS0.6AI score0.98685EPSS
Exploits0Affected Software4
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.8 views

The vulnerability of the JRockit software platform, which allows a malicious actor to compromise data accessibility remotely.

The vulnerability of the JRockit software platform allows a malicious actor to compromise data accessibility by using the JSSE component...

5CVSS5.8AI score0.04204EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.5 views

Vulnerability of the Java Runtime Environment software platform, which allows a malicious attacker to compromise data confidentiality and integrity

Vulnerability of the Java Runtime Environment, related to program subcomponents. Exploitation of this vulnerability allows an attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...

4CVSS6.2AI score0.02414EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.8 views

The vulnerability of the Java Development Kit application development tool allows a remote attacker to compromise data confidentiality and integrity.

The vulnerability of the Java Development Kit application development tool, related to its subcomponents. Exploiting this vulnerability allows a malicious attacker to compromise data confidentiality and integrity by using the JSSE subcomponent...

4CVSS6.2AI score0.02414EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2015/11/06 12:0 a.m.50 views

Java Secure Socket Extension (JSSE) SKIP-TLS

!/usr/bin/env ruby encoding: ASCII-8BIT By Ramon de C Valle. This work is dedicated to the public domain. require 'openssl' require 'optparse' require 'socket' Version = 0, 0, 1 Release = nil def prfsecret, label, seed if secret.empty? s1 = s2 = '' else length = secret.length 1.0 / 2.ceil s1 =...

4CVSS0.1AI score0.67234EPSS
Exploits5
NVD
NVD
added 2015/07/02 9:59 p.m.21 views

CVE-2015-1916

Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider...

7.5CVSS6.1AI score0.02696EPSS
Exploits0References3
Rows per page
Query Builder