38 matches found
Security Bulletin: Vulnerabilities in jersey-client-3.1.0.jar affecting MongoDB Enterprised Advanced (CVE-2025-12383)
Summary There is a vulnerability in jersey-client-3.1.0.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-12383. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cau...
CVE-2025-12383
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
EUVD-2025-198046
Eclipse Jersey has a Race Condition...
Eclipse Jersey has a Race Condition
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
GHSA-7P63-W6X9-6GR7 Eclipse Jersey has a Race Condition
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
CVE-2025-12383 Race Condition allows Bypass of Trust Restrictions
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
PT-2025-47323
Name of the Vulnerable Software and Affected Versions Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 Description A race condition in Eclipse Jersey’s SSL configuration processing can lead to the ignoring of critical SSL configurations, including mutual authentication and custom key/trust stores. Thi...
CVE-2017-10356
It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1129)
According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass.CVE-2018-2814 - OpenJDK: unrestricted deserialization of...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-3644-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3644-1 advisory. It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive...
Updated java-1.8.0-openjdk packages fix security vulnerabilities
OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 OpenJDK: unrestricted deserialization of data from JCEKS key stores Security, 8189997 CVE-2018-2794 OpenJDK: insufficient consistency checks in deserialization of multiple classes Security,...
OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997)
Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20180430)
Security Fixes : - OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass Hotspot, 8192025 CVE-2018-2814 - OpenJDK: unrestricted deserialization of data from JCEKS key stores Security, 8189997 CVE-2018-2794 - OpenJDK: insufficient consistency checks in deserialization of...
RHEL 7 : java-1.8.0-oracle (RHSA-2018:1204)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1204 advisory. - OpenJDK: incorrect merging of sections in the JAR manifest Security, 8189969 CVE-2018-2790 - OpenJDK: unrestricted deserialization of data...