29 matches found
OESA-2023-1643 openjdk-1.8.0 security update
The OpenJDK runtime environment 8. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily...
OESA-2022-1702 openjdk-latest security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2...
Moderate: Red Hat Security Advisory: java-1.8.0-ibm security update
An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions...
OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037)
Vulnerability in the Java SE product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
Unauthenticated Access
oracle java SE is vulnerable to unauthenticated access vulnerability. This exists due to not validating the length of the object identifier read from the DER input in Libraries component of OpenJDK before allocating memory to store the OID. An attacker able to make a Java application decode a...
OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)
It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...
OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525)
It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out...
OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: missing ObjectIdentifier length check (Libraries, 8168705)
It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: incorrect ECDSA signature extraction from the DER input (Libraries, 8168714)
It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools...
OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...
OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)
It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...