2123 matches found
OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries...
OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
OpenJDK: insufficient ResourceBundle name check (Libraries, 8044274)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries...
OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries...
OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
OpenJDK: insufficient permission checks when setting resource bundle on system logger (Libraries, 8041564)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...
OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries...
HawtJNI: predictable temporary file name leading to local arbitrary code execution
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJN...
USN-2350-1 nss update
The NSS package contained outdated CA certificates. This update refreshes the NSS package to version 3.17 which includes the latest CA certificate bundle...
Updated file packages fix security vulnerabilities
A flaw was found in the way file parsed property information from Composite Document Files CDF files, where the mconvert function did not correctly compute the truncated pascal string size CVE-2014-3478. Multiple flaws were found in the way file parsed property information from Composite Document...
Malicious iOS Tor Browser in Apple App Store
An iOS Tor Browser hosted for download on Apple’s notoriously restrictive App Store is reportedly a fake. Worse yet, not only is the application said to be illegitimate, but also allegedly malicious. According to a support ticket opened by a Tor Project volunteer operating under the handle Phobos...
Cisco ISE Unprivileged Support Bundle Download Vulnerability
A vulnerability in the role-based access control code of the Cisco Identity Services Engine ISE could allow an authenticated, but unprivileged, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the...
Design/Logic Flaw
The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...
CVE-2014-0665
The RBAC implementation in Cisco Identity Services Engine ISE Software does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, ak...
Tor Browser Bundle 3.5
The 2.x stable series of the Tor Browser Bundle has officially been deprecated, and all users are encouraged to upgrade to the 3.5 series. Packages are now available from the Tor download page as well as the Tor Package archive. For now, the Pluggable Transports-capable TBB is still a separate...
cURL library -- cert name check ignore with GnuTLS
cURL project reports: libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
CVE-2013-6695
The RBAC implementation in Cisco Secure Access Control System ACS does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...
Cisco Secure Access Control System Unprivileged Support Bundle Download Vulnerability
A vulnerability in the role-based access control code of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to access support bundle information. The vulnerability is due to a failure to check the user privileges correctly when downloading the support bundle...