21 matches found
Important: Red Hat Security Advisory: java-1.8.0-openjdk security update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
EUVD-2014-7965
Malware in sbrugna...
EUVD-2009-2086
Malware in sbrugna...
EUVD-2023-1405
Malicious code in bioql PyPI...
RHEL 6 / 7 : thermostat1-thermostat (RHSA-2014:2000)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:2000 advisory. Thermostat is a monitoring and instrumentation tool for the OpenJDK HotSpot Java Virtual Machine JVM with support for monitoring multiple JVM...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Privilege Escalation
org.apache.james:james-server-cli is vulnerable to Privilege Escalation. The library does not require admin privileges to access the JMX management service by default, which allows a local authenticated attacker to elevate their privileges...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
cxf: JMX integration is vulnerable to a MITM attack
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...
Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check
The default configuration of Red Hat JBoss Application Server AS does not restrict access to the console and web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. SPDX-FileCopyrightText: 2019 Greenbone AG Some text...
Fedora 20 : thermostat-1.0.6-1.fc20 (2014-17415)
Update to latest maintenance release. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. CVE-2014-812...
Fedora 21 : thermostat-1.0.6-1.fc21 (2014-17384)
Update to latest maintenance release. It was discovered that, in certain configurations, the Thermostat agent disclosed JMX management URLs of all local Java virtual machines to any local user. A local, unprivileged user could use this flaw to escalate their privileges on the system. CVE-2014-812...
Design/Logic Flaw
The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors...
CVE-2014-8120
CVE-2014-8120 affects the Thermostat agent for OpenJDK HotSpot JVM. In certain configurations, the agent disclosed JMX management URLs of all local JVMs to any local user, enabling local privilege escalation (exact exploit path not detailed in the provided documents). Public advisories and Nessus...
CVE-2014-8120
The agent in Thermostat before 1.0.6, when using unspecified configurations, allows local users to obtain the JMX management URLs of all local Java virtual machines and gain privileges via unknown vectors...
Important: Red Hat Security Advisory: thermostat1-thermostat security update
Updated thermostat1-thermostat packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Authentication flaw
ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require administrative authentication for JBoss console access, which allows remote attackers to execute arbitrary commands via requests to 1 the JMX Management Console or 2 the Web Console...
CVE-2009-2090
CVE-2009-2090 affects IBM WebSphere Application Server 7.0 (wsadmin, System Management/Repository). The vulnerability allows remote bypass of JMX MBeans access restrictions and can lead to a denial of service (daemon stop) via unknown vectors. Affected: WAS 7.0 before 7.0.0.5. Root cause and exac...
Critical: Red Hat Security Advisory: java-1.6.0-ibm security update
Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release...
Moderate: Red Hat Security Advisory: java-1.5.0-ibm security update
Updated java-1.5.0-ibm packages that fix a security issue are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime...