628 matches found
java security update
CentOS Errata and Security Advisory CESA-2017:2998 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS ba...
CVE-2017-10356
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker wit...
Cross site scripting
Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...
CVE-2016-10510
Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...
CVE-2016-10510
Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...
CVE-2016-10510
Kohana Security component (PHP framework) before 3.3.6 is vulnerable to Cross‑Site Scripting (XSS) via bypass of strip_image_tags in system/classes/Kohana/Security.php. Exploitation could allow remote script/HTML injection. Public advisories/citations confirm the issue and its fix: Kohana 3.3.6 r...
CVE-2016-10510
Cross-site scripting XSS vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the stripimagetags protection mechanism in system/classes/Kohana/Security.php...
OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x, SL7.x i386/x86_64 (20170807)
Security Fixes : - It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. CVE-2017-10102 - Multiple...
OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...
CVE-2017-10067
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...
OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...
OpenJDK: LDAPCertStore following referrals to non-LDAP URLs (Security, 8176067)
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers...
OpenJDK: incorrect enforcement of certificate path restrictions (Security, 8179998)
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...
Unspecified Vulnerability in Oracle Fusion Middleware BI Publisher (CNVD-2017-17496)
Oracle Fusion Middleware is a comprehensive middleware product family consisting of SOA and middleware products.BI Publisher is one of the reporting components. Oracle BI Publisher version 11.1.1.7.0 contains a security vulnerability in the implementation of the BI Publisher Security component th...
CVE-2017-10198
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms...
CVE-2017-11365: Empty passwords validation issue
Affected versions Symfony 2.7.30, 2.7.31, 2.8.23, 2.8.24, 3.2.10, 3.2.11, 3.3.3, and 3.3.4 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.7.32, 2.8.25, 3.2.12, and 3.3.5. Description When fixing issue 23319 with 23341, we...
Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2017-835)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. CVE-2017-3511 It was found that the JAXP component of...
Security Bypass Vulnerability in Security Component of Multiple Apple Products
Apple macOS Sierra, iOS, and tvOS are products of Apple Inc. macOS Sierra is a specialized operating system for Mac computers; iOS is an operating system for mobile devices. security is one of the information security and privacy components. A security vulnerability exists in the Security compone...
CVE-2017-2535
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Security" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service resource consumption via a crafted app...