CVE-2023-32787

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications...

OPC UA Legacy Java Stack 资源管理错误漏洞

The OPC UA Legacy Java Stack is a legacy support for the Java version of OPC UA from the OPC Foundation of America. A security vulnerability exists in versions of the OPC UA Legacy Java Stack prior to 6f176f2, which stems from an attacker's ability to block an OPC UA server application through...

PT-2023-24020 · Unknown · Opc Ua Legacy Java Stack

Name of the Vulnerable Software and Affected Versions: OPC UA Legacy Java Stack versions prior to 6f176f2 Description: The issue allows an attacker to block OPC UA server applications via uncontrolled resource consumption, causing them to be unable to serve client applications. This is a...

CVE-2023-32787

CVE-2023-32787 affects the OPC UA Legacy Java Stack prior to 6f176f2. It enables an attacker to cause denial of service via uncontrolled resource consumption, blocking OPC UA server applications from servicing clients. The issue is network‑feasible (per CVSS) and the documented fix is to update t...

OPC UA Legacy Java Stack Denial of Service Vulnerability

OPC UA Legacy Java Stack is a legacy support for the Java version of OPC UA from the OPC Foundation in the U.S. A denial of service vulnerability exists in OPC UA Legacy Java Stack version 2022-04-01, which stems from improper handling of a large number of message requests, and could be exploited...

CVE-2022-30551

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources...

CVE-2022-30551

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources...

CVE-2022-30551

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources...

CVE-2022-30551

OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources...

OPC UA Legacy Java Stack 资源管理错误漏洞

OPC UA Legacy Java Stack is a legacy support for the Java version of OPC UA from the OPC Foundation in the U.S. A denial of service vulnerability exists in OPC UA Legacy Java Stack version 2022-04-01, which stems from improper handling of a large number of message requests, and could be exploited...

‘Elephant Beetle’ Lurks for Months in Networks

Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity. The Sygnia Incident...

OpenJDK: java.util.TimeZone does not restrict setting of default time zone (Libraries, 8001029)

Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related ...

OpenJDK: InputStream skip() information leak (Networking/IO, 7000600)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown...

OpenJDK: output stream access restrictions (CORBA, 8000642)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via vectors related to CORBA. NOTE: the previous information ...

JDK: getDeclaredMethods() and setAccessible() code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...

OpenJDK Swing timer-based security manager bypass (6907662)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.229 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, an...

OpenJDK Proxy mechanism information leaks (6801071)

The proxy mechanism implementation in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to browser cookies by untrusted 1 applets and 2 Java Web Start applications, which allows remote attackers to hijack web sessions...

OpenJDK Jar200 Decompression buffer overflow (6755943)

Integer overflow in the JAR unpacking utility unpack200 in the unpack library unpack.dll in Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JA...

Java WebStart allows hidden code privilege escalation

Java Web Start JWS and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.218 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF an...