2077 matches found
jre8-openjdk: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
jre8-openjdk-headless: multiple issues
CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...
CentOS 6 / 7 : java-1.8.0-openjdk (CESA-2015:1919)
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2015:1919)
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64 (20151021)
Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,...
Important: Red Hat Security Advisory: java-1.8.0-openjdk security update
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
The vulnerability of the Mac OS X operating system, which allows attackers to carry out “man-in-the-middle” type attacks
The vulnerability of the X.509 operating system Mac OS X is related to errors in the certificate revocation process. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” type attacks remotely...
CVE-2015-5894
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...
Design/Logic Flaw
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...
CVE-2015-5894
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked...
CVE-2015-5894
CVE-2015-5894 affects Apple OS X
Apple OS X kSecRevocationRequirePositiveResponse Markup Handling Vulnerability
Apple OS X is an operating system developed by Apple Inc. The Apple OS X kSecRevocationRequirePositiveResponse flag is specified but not implemented, allowing a trust evaluation configured to request a revocation check to potentially succeed even if the revocation check fails. A local attacker...
Microsoft Revokes Leaked D-Link Certificates
Microsoft today revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft said it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. Th...
X (Formerly Twitter): Tweetdeck (twitter owned app) not revoked
I've noticed an issue in tweetdeck & twitter. If you try to revoke tweet deck, no matter what you do, if anyone else is logged in on your account through tweetdeck, they will still be able to use your account. This doesn't properly revoke users, so therefore I thought this as is a bug/problem e.g...
D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet
It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves. This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link, which accidently published its Priva...
DEBIAN-CVE-2015-3308
Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point...
freeradius: insufficient CRL validation
The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
OpenJDK: incorrect OCSP nextUpdate checking (Libraries, 8075374)
A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol OCSP responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as val...
MGASA-2015-0291 Updated freeradius package fixes security vulnerability
The FreeRADIUS server relies on OpenSSL to perform certificate validation, including Certificate Revocation List CRL checks. The FreeRADIUS usage of OpenSSL, in CRL application, limits the checks to leaf certificates, therefore not detecting revocation of intermediate CA certificates. An unexpire...