Lucene search
K

2077 matches found

ArchLinux
ArchLinux
added 2015/10/23 12:0 a.m.50 views

jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

10CVSS2.6AI score0.13354EPSS
Exploits0References25
ArchLinux
ArchLinux
added 2015/10/23 12:0 a.m.69 views

jre8-openjdk-headless: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

10CVSS2.6AI score0.13354EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2015/10/22 12:0 a.m.233 views

CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1919)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS6.4AI score0.09991EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2015/10/22 12:0 a.m.40 views

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:1919)

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS6.4AI score0.09991EPSS
Exploits0References37
Tenable Nessus
Tenable Nessus
added 2015/10/22 12:0 a.m.34 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)

Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,...

10CVSS6.4AI score0.09991EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2015/10/21 9:7 p.m.52 views

Important: Red Hat Security Advisory: java-1.8.0-openjdk security update

Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

10CVSS6.6AI score0.09991EPSS
Exploits0References19
BDU FSTEC
BDU FSTEC
added 2015/10/21 12:0 a.m.3 views

The vulnerability of the Mac OS X operating system, which allows attackers to carry out “man-in-the-middle” type attacks

The vulnerability of the X.509 operating system Mac OS X is related to errors in the certificate revocation process. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” type attacks remotely...

4.3CVSS5.5AI score0.008EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2015/10/09 5:59 a.m.20 views

CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

4.3CVSS5AI score0.008EPSS
Exploits0References4
Prion
Prion
added 2015/10/09 5:59 a.m.18 views

Design/Logic Flaw

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

4.3CVSS6.2AI score0.008EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/10/09 1:0 a.m.21 views

CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...

5.8AI score0.008EPSS
Exploits0References4
CVE
CVE
added 2015/10/09 1:0 a.m.57 views

CVE-2015-5894

CVE-2015-5894 affects Apple OS X

4.3CVSS5.8AI score0.008EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2015/10/03 12:0 a.m.2 views

Apple OS X kSecRevocationRequirePositiveResponse Markup Handling Vulnerability

Apple OS X is an operating system developed by Apple Inc. The Apple OS X kSecRevocationRequirePositiveResponse flag is specified but not implemented, allowing a trust evaluation configured to request a revocation check to potentially succeed even if the revocation check fails. A local attacker...

4.3CVSS6.4AI score0.008EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2015/09/24 2:59 p.m.12 views

Microsoft Revokes Leaked D-Link Certificates

Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft said it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. Th...

2.5AI score
Exploits0References3
Hacker One
Hacker One
added 2015/09/23 2:22 p.m.12 views

X (Formerly Twitter): Tweetdeck (twitter owned app) not revoked

I've noticed an issue in tweetdeck & twitter. If you try to revoke tweet deck, no matter what you do, if anyone else is logged in on your account through tweetdeck, they will still be able to use your account. This doesn't properly revoke users, so therefore I thought this as is a bug/problem e.g...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2015/09/18 8:35 a.m.8 views

D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet

It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves. This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link, which accidently published its Priva...

7.2AI score
Exploits0
OSV
OSV
added 2015/09/02 2:59 p.m.1 views

DEBIAN-CVE-2015-3308

Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point...

7.5CVSS7.7AI score0.03921EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2015/08/14 12:0 a.m.56 views

freeradius: insufficient CRL validation

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...

2.4AI score0.01791EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/08/04 5:13 p.m.24 views

OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)

A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...

7.6CVSS6.5AI score0.47239EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/30 5:14 p.m.2 views

OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)

A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...

7.6CVSS6.5AI score0.47239EPSS
Exploits0References5
OSV
OSV
added 2015/07/28 9:1 p.m.7 views

MGASA-2015-0291 Updated freeradius package fixes security vulnerability

The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...

7.5CVSS7.9AI score0.01791EPSS
Exploits0References7
Rows per page
Query Builder