134 matches found
CVE-2017-10356
It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...
Sandbox Restrictions Bypass
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-936)
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. CVE-2017-10198 Vulnerabilit...
Critical: java-1.7.0-openjdk
Issue Overview: It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...
EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2017-1255)
According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these...
OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)
It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store...
JKS Private Key Cracker - Cracking passwords of private key entries in a JKS file
The Java Key Store JKS is the Java way of storing one or several cryptographic private and public keys for asymmetric cryptography in a file. While there are various key store formats, Java and Android still default to the JKS file format. JKS is one of the file formats for Java key stores, but J...
Amazon Linux: Security Advisory (ALAS-2016-647)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: java-1.8.0-openjdk
Issue Overview: An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass...
OpenJDK: PBE incorrect key lengths (Libraries, 8138589)
It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...
OpenJDK: PBE incorrect key lengths (Libraries, 8138589)
It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20160120) (SLOTH)
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox...
OpenJDK: PBE incorrect key lengths (Libraries, 8138589)
It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...
OpenJDK: PBE incorrect key lengths (Libraries, 8138589)
It was discovered that the password-based encryption PBE implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected...