USN-3804-1 openjdk-8, openjdk-lts vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

Unspecified Vulnerability in Oracle Java SE (CNVD-2019-26733)

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a powerful, reliable, and portable...

+Message App Unable to Validate SSL Server Certificate Vulnerability

+Message App is an APP application. +Message App is unable to validate SSL server certificates, and a man-in-the-middle attack may allow an attacker to eavesdrop on encrypted communications...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

PT-2018-8796 · Cisco · Cisco Firepower System +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A vulnerability in the detection engine could allow an unauthenticated, remote attacker to cause one of the detection engine processes to run out of memory, slowing...

ThreatList: Biggest Attack Targets

DO NOT SET LIVE The biggest verticals targeted by hackers in 2018, so far, are Education, Retail, Biotechnology, Construction, and Nonprofit Organizations. According to researchers at eSentire, attackers zeroed in on exploit attempts against the Education vertical, targeting consumer-grade router...

USN-3692-2: OpenSSL vulnerabilities

USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and...

Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2015-0488, CVE-2015-2808, CVE-2015-1916, and CVE-2015-0204)

Summary There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVEID: CVE-2015-0488 DESCRIPTION: An unspecified...

The vulnerability of the implementation library for the Transport Layer Security protocol of Cisco’s microprogrammable network interface devices allows a attacker to induce a service failure.

The vulnerability of the implementation library for the Transport Layer Security TLS protocol in Cisco’s micro-programmed network interface devices exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending...

Security Bulletin: Vulnerabilities in GSKit affect IBM Rational RequisitePro (CVE-2015-0138)

Summary GSKit is an IBM component that is used by IBM Rational RequisitePro. The GSKit that is shipped with IBM Rational RequisitePro contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM Rational...

Security Bulletin: Multiple vulnerabilities in IBM SDK Java™ Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in April 2015. Vulnerability Details CVE-2015-0204 was fixed in IBM SDK, Java Technology Edition...

CVE-2016-5298

A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This vulnerability affects Firefox 50...

T.JOY KINEPASS App for Android and iOS SSL Server Certificate Vulnerability

T.JOY KINEPASS App for Android is an Android-based application for booking and purchasing movie tickets online from T.JOY Japan.KINEPASS App for iOS is its iOS-based version. A security vulnerability exists in T.JOY KINEPASS App 3.1.1 and earlier versions for Android and KINEPASS App 3.1.2 and...

CVE-2018-0591

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

USN-3512-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. CVE-2017-3737 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery multiplication procedure. While unlikely, a remote...

InsideSecure MatrixSSL x509 certificate General Names Information Disclosure Vulnerability(CVE-2017-2782)

Summary An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a...

CFME: default certificate used across all installs

CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for...

CVE-2017-9597

The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

Think Mutual Bank Mobile Banking app SSL Certificate Validation Vulnerability

Think Mutual Bank mobile banking app for iOS is a mobile banking app for iOS from Think Mutual Bank that provides quick access to manage customer accounts, manage balances, pay bills, send money, deposit checks, set up text alerts, find branch and ATM locations and more. A security vulnerability...