JCE Editor,2.6.25, XSS (Cross Site Scripting)

JCE Editor Pro, Version 2.6.25 only, XSS Cross Site Scripting Resolution: update to 2.6.26 Update notice: https://www.joomlacontenteditor.net/news/jce-pro-2-6-26-released...

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1028)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaw...

EulerOS 2.0 SP1 : java-1.8.0-openjdk (EulerOS-SA-2018-1027)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaw...

RHEL 7 : java-1.6.0-sun (RHSA-2018:0115)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0115 advisory. Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades...

Oracle Java SE Multiple Vulnerabilities (January 2018 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 181. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Deployment - Hotspot - I18n -...

Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 9 Update 4, 8 Update 161, 7 Update 171, or 6 Update 1888888881. It is, therefore, affected by multiple vulnerabilities related to the following components : - AWT - Deployment - Hotspot - I18n...

CentOS Update for java CESA-2018:0095 centos6

Check the version of java SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882830";...

CVE-2018-2618

CVE-2018-2618 affects the Java cryptography (JCE) key-agreement in OpenJDK/OpenJDK-derived OpenJDK builds such as Java SE, Java SE Embedded, and JRockit. The connected sources describe insufficient strength of keys in the JCE component, enabling an unauthenticated attacker with network access to ...

CVE-2018-2618

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker wi...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20180117)

Security Fixes : - Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. CVE-2018-2582, CVE-2018-2641 - It was discovered that the LDAPCertStore class in the JNDI component...

Oracle Java SE Security Updates (jan2018-3236628) 03 - Linux

Oracle Java SE is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-2618

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker wi...

Security update for java-1_7_0-openjdk (important)

This update for java-170-openjdk fixes the following issues: Security issues fixed: - CVE-2017-10356: Fix issue inside subcomponent Security bsc1064084. - CVE-2017-10274: Fix issue inside subcomponent Smart Card IO bsc1064071. - CVE-2017-10281: Fix issue inside subcomponent Serialization...

CVE-2017-13098

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...

CVE-2017-13098 BouncyCastle JCE TLS Bleichenbacher/ROBOT

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...

CVE-2017-13098

Bouncy Castle TLS prior to 1.0.3, when configured to use the JCE for cryptographic operations, is vulnerable to a Bleichenbacher/ROBOT oracle when RSA key exchange is negotiated. An attacker could use this to recover the private key from a vulnerable application. Affected: Bouncy Castle TLS (Java...

The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")

The Legion of the Bouncy Castle reports: Release: 1.59 CVE-2017-13098 "ROBOT", a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations...

OpenJDK: unbounded resource use in JceKeyStore deserialization (Serialization, 8181370)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated...

AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)

The version of Java SDK installed on the remote AIX host is affected by multiple vulnerabilities in the following subcomponents : - Multiple vulnerabilities exist in the zlib subcomponent that allow an unauthenticated, remote attacker to trigger denial of service conditions. CVE-2016-9840,...

Invalid Curve Attack

nimbus-jose-jwt is vulnerable to invalid curve attacks. The attacks are possible because the library does not make sure that the public x and y coordinates are on the specified curve in environments where the JCE provider lacks curve validation...