Lucene search
K

628 matches found

Cent OS
Cent OS
added 2017/10/20 3:50 p.m.139 views

java security update

CentOS Errata and Security Advisory CESA-2017:2998 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS ba...

9.6CVSS6.7AI score0.16181EPSS
Exploits2References7
OSV
OSV
added 2017/10/19 5:29 p.m.5 views

CVE-2017-10356

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker wit...

6.2CVSS5.6AI score
Exploits0References18
Prion
Prion
added 2017/08/31 8:29 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...

4.3CVSS6AI score0.01659EPSS
Exploits1References5Affected Software2
UbuntuCve
UbuntuCve
added 2017/08/31 8:29 p.m.18 views

CVE-2016-10510

Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...

6.1CVSS6.5AI score0.01659EPSS
Exploits1References1
OSV
OSV
added 2017/08/31 8:29 p.m.17 views

CVE-2016-10510

Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...

6.1CVSS5.7AI score
Exploits0References5
CVE
CVE
added 2017/08/31 8:0 p.m.78 views

CVE-2016-10510

Kohana Security component (PHP framework) before 3.3.6 is vulnerable to Cross‑Site Scripting (XSS) via bypass of strip_image_tags in system/classes/Kohana/Security.php. Exploitation could allow remote script/HTML injection. Public advisories/citations confirm the issue and its fix: Kohana 3.3.6 r...

6.1CVSS5.9AI score0.01659EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2017/08/31 8:0 p.m.16 views

CVE-2016-10510

Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...

6AI score0.01659EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/08/23 9:17 a.m.6 views

OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...

8.3CVSS7.4AI score0.03524EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/08/22 12:0 a.m.262 views

Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170807)

Security Fixes : - It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-10102 - Multiple...

9.6CVSS7.6AI score0.03524EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2017/08/14 9:48 a.m.3 views

OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...

8.3CVSS7.4AI score0.03524EPSS
Exploits0References4
OSV
OSV
added 2017/08/08 3:29 p.m.4 views

CVE-2017-10067

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

7.5CVSS5.6AI score0.03236EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2017/07/20 4:16 p.m.4 views

OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...

6.8CVSS7.4AI score0.02598EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/07/20 3:59 p.m.4 views

OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)

It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...

8.3CVSS7.4AI score0.03524EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/07/20 3:58 p.m.6 views

OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...

6.8CVSS7.4AI score0.02598EPSS
Exploits0References4
CNVD
CNVD
added 2017/07/20 12:0 a.m.3 views

Unspecified Vulnerability in Oracle Fusion Middleware BI Publisher (CNVD-2017-17496)

Oracle Fusion Middleware is a comprehensive middleware product family consisting of SOA and middleware products.BI Publisher is one of the reporting components. Oracle BI Publisher version 11.1.1.7.0 contains a security vulnerability in the implementation of the BI Publisher Security component th...

8.2CVSS6.8AI score0.02119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/07/18 8:18 p.m.35 views

CVE-2017-10198

It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...

6.8CVSS1.8AI score0.02598EPSS
Exploits0References1
Symfony
Symfony
added 2017/07/17 12:0 a.m.21 views

CVE-2017-11365: Empty passwords validation issue

Affected versions Symfony 2.7.30, 2.7.31, 2.8.23, 2.8.24, 3.2.10, 3.2.11, 3.3.3, and 3.3.4 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.7.32, 2.8.25, 3.2.12, and 3.3.5. Description When fixing issue 23319 with 23341, we...

9.8CVSS9.3AI score0.01855EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/06/07 12:0 a.m.52 views

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...

7.7CVSS6.8AI score0.03311EPSS
Exploits2References8
CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

Security Bypass Vulnerability in Security Component of Multiple Apple Products

Apple macOS Sierra, iOS, and tvOS are products of Apple Inc. macOS Sierra is a specialized operating system for Mac computers; iOS is an operating system for mobile devices. security is one of the information security and privacy components. A security vulnerability exists in the Security compone...

5.9CVSS6.2AI score0.0163EPSS
Exploits0References1
NVD
NVD
added 2017/05/22 5:29 a.m.24 views

CVE-2017-2535

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service resource consumption via a crafted app...

7.8CVSS6.5AI score0.00825EPSS
Exploits0References2
Rows per page
Query Builder