Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Security Network Protection

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in June 2015. CVE-2015-0138, CVE-2015-0192, CVE-2015-0204, CVE-2015-0458,...

Security Bulletin: IBM Security Identity Manager Virtual Appliance affected by Java vulnerabilities (CVE-2015-0138 CVE-2015-0204 CVE-2015-1914 CVE-2015-2808 )

Summary IBM Security Identity Manager Virtual Appliance version 7.0 is affected by several Java vulnerabilies. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS...

Unspecified Vulnerability in Oracle Database Server (CNVD-2018-09081)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server. An attacker could exploit this vulnerability...

Apache JMeter RMI Code Execution PoC (CVE-2018-1297)

PenTestIT RSS Feed Recently, I read about a remote code execution RCE vulnerability; CVE-2018-1297, that affects yet another Apache product - JMeter. As you might know, "The Apache JMeter™ application is open source software, a 100% pure Java application designed to load test functional behavior...

SUSE-SU-2018:0743-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issue: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

SUSE-SU-2018:0694-1 Security update for java-1_7_1-ibm

This update for java-171-ibm fixes the following issues: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

JDK: J9 JVM allows untrusted code running under a security manager to elevate its privileges

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

SUSE-SU-2018:0665-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: - Removed java-180-ibm-alsa and java-180-ibm-plugin entries in baselibs.conf due to errors in osc sourcevalidator Version update to 8.0.5.10 bsc1082810 Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634...

SUSE-SU-2018:0630-1 Security update for java-1_7_1-ibm

This update for java-171-ibm provides the following fix: The version was updated to 7.1.4.20 bsc1082810 Security fixes: - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677...

IBM Runtimes for Java Technology J9 JVM Elevation of Privilege Vulnerability

IBM Runtimes for Java Technology is a set of IBM's runtime environment for running Java programs.J9 JVM is used in one of the Java virtual machines. An elevation of privilege vulnerability exists in the J9 JVM in IBM Runtimes for Java Technology. An attacker could exploit this vulnerability to ga...

CVE-2018-1417

Under certain circumstances, a flaw in the J9 JVM IBM SDK, Java Technology Edition 7.1 and 8.0 allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823...

CVE-2018-2680

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks requi...

Unspecified Vulnerability in Oracle Database Server Java VM (CNVD-2018-02353)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server. An attacker could exploit this vulnerability...

The vulnerability of the class verifier in the IBM J9 VM allows a hacker to disable the security controller and increase their privileges.

The vulnerability of the class verifier in the IBM J9 VM is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to disable the security controller and gain increased privileges...

CVE-2017-10190

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Jav...

Unspecified Vulnerability in Oracle Database Server (CNVD-2017-30893)

Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. An unspecified vulnerability exists in the Java VM component of Oracle Database Server, which could be exploited by an attacker to...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Lab for Java Deserialization Vulnerabilities This content is...

Important: Red Hat Security Advisory: rh-maven33-groovy security update

An update for rh-maven33-groovy is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CentOS 7 : groovy (CESA-2017:2486)

An update for groovy is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

[SECURITY] Fedora 25 Update: groovy18-1.8.9-28.fc25

Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java byte-code so you can use it anywhere you c...