JDK: privilege escalation via insufficiently restricted access to Attach API

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

Multiple Elevation of Privilege Vulnerabilities in Eclipse OpenJ9

Eclipse OpenJ9 is a Java application engine of the Eclipse Foundation , it is mainly used to run Java applications . Multiple elevation of privilege vulnerabilities exist in Eclipse OpenJ9 version 0.8 that stem from the program enforcing weak access control and failing to adequately and properly...

Default configuration

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-12539

CVE-2018-12539 affects IBM/OpenJ9-based JVMs where the Java Attach API can be used by non-owners to connect to a local OpenJ9/IBM JVM and run untrusted native code. By default Attach API is enabled on Windows, Linux and AIX; a workaround is to disable it with -Dcom.ibm.tools.attach.enable=no. IBM...

CVE-2018-12539

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

DEBIAN-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

Catch! - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Catch! published at the 'play' market has multiple vulnerabilities...

AlfaStrakhovanie Mobile - External URLs, Native code usage, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application AlfaStrakhovanie Mobile published at the 'play' market has multiple vulnerabilities...

Netvisor ID - Customized SSL, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Netvisor ID published at the 'play' market has multiple vulnerabilities...

New YAHTZEE® With Buddies – Fun Game for Friends - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application New YAHTZEE® With Buddies – Fun Game for Friends published at the 'play' market has multiple vulnerabilities...

Internet Speed Meter Lite - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Internet Speed Meter Lite published at the 'play' market has multiple vulnerabilities...

NoRoot Firewall - External URLs, Native code usage, Runtime command execution vulnerabilities

HackApp vulnerability scanner discovered that application NoRoot Firewall published at the 'play' market has multiple vulnerabilities...

WO Mic - FREE microphone - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application WO Mic - FREE microphone published at the 'play' market has multiple vulnerabilities...

Hdfc Life 2FA - Corrupted files, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Hdfc Life 2FA published at the 'play' market has multiple vulnerabilities...

Plants vs. Zombies™ Heroes - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Plants vs. Zombies™ Heroes published at the 'play' market has multiple vulnerabilities...

MEGA - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application MEGA published at the 'play' market has multiple vulnerabilities...

Telegram - Exported components, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application Telegram published at the 'play' market has multiple vulnerabilities...

pay.taipei - Certificates or keys found, Exported components, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application pay.taipei published at the 'play' market has multiple vulnerabilities...