Page 2 of 20 results (0.003 seconds)

CVSS: 6.4EPSS: 0%CPEs: 46EXPL: 0

IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 before SR7 FP1 (7.0.7.1), 6 R1 before SR8 FP1 (6.1.8.1), 6 before SR16 FP1 (6.0.16.1), and before 5.0 SR16 FP7 (5.0.16.7) allows attackers to obtain the private key from a Certificate Management System (CMS) keystore via a brute force attack. IBM Java Runtime Environment (JRE) 7 R1 anterior a SR1 FP1 (7.1.1.1), 7 anterior a SR7 FP1 (7.0.7.1), 6 R1 anterior a SR8 FP1 (6.1.8.1), 6 anterior a SR16 FP1 (6.0.16.1), y anterior a 5.0 SR16 FP7 (5.0.16.7) permite a atacantes obtener la clave privada de un almacén de claves del sistema de gestión de certificados 'Certificate Management System (CMS)' a través de un ataque de fuerza bruta. • http://rhn.redhat.com/errata/RHSA-2015-0264.html http://www-01.ibm.com/support/docview.wss?uid=swg1IV66876 http://www-01.ibm.com/support/docview.wss?uid=swg1IV66894 http://www-01.ibm.com/support/docview.wss?uid=swg21691089 https://bugzilla.redhat.com/show_bug.cgi?id=1164201 https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 https://access.redhat.com/security/cve/CVE-2014-3068 • CWE-255: Credentials Management Errors •

CVSS: 6.9EPSS: 0%CPEs: 46EXPL: 0

Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. Vulnerabilidad no especificada en IBM Java Runtime Environment (JRE) 7 R1 anterior a SR2 (7.1.2.0), 7 anterior a SR8 (7.0.8.0), 6 R1 anterior a SR8 FP2 (6.1.8.2), 6 anterior a SR16 FP2 (6.0.16.2), y anterior a SR16 FP8 (5.0.16.8) permite a usuarios locales ejecutar código arbitrario a través de vectores relacionados con el caché de clases compartidas. • http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html http://rhn.redhat.com/errata/RHSA-2014-1876.html http:&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRandom en IBM SDK Java Technology Edition 5.0 anterior a Service Refresh 16 FP6, 6 anterior a Service Refresh 16, 6.0.1 anterior a Service Refresh 8, 7 anterior a Service Refresh 7 y 7R1 anterior a Service Refresh 1 facilita a atacantes dependientes de contexto anular mecanismos de protección criptográficos mediante la predicción de la salida del generador de números aleatorias. • http://secunia.com/advisories/59022 http://secunia.com/advisories/59023 http://secunia.com/advisories/59058 http://secunia.com/advisories/61264 http://www-01.ibm.com/support/docview.wss?uid=swg21672043 http://www-01.ibm.com/support/docview.wss?uid=swg21673836 http://www-01.ibm.com/support/docview.wss?uid=swg21674539 http://www-01.ibm.com/support/docview.wss?uid=swg21676672 http://www-01.ibm.com/support/docview.wss? • CWE-310: Cryptographic Issues •

CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3006. Vulnerabilidad sin especificar en Java Runtime Environment (JRE) en IBM Java 7 anterior a 7 SR5, permite a atacantes remotos comprometer la disponibilidad, confidencialidad e integridad a través de vectores no especificados. Vulnerabilidad distinta de CVE-2013-3006. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://rhn.redhat.com/errata/RHSA-2013-1060.html http://secunia.com/advisories/54154 http://www-01.ibm.com/support/docview.wss?uid=swg1IV44791 http://www-01.ibm.com/support/docview.wss?uid=swg21642336 http://www-01.ibm.com/support/docview.wss?uid=swg21644197 http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_July •

CVSS: 9.3EPSS: 2%CPEs: 62EXPL: 0

Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a different vulnerability than CVE-2013-3009 and CVE-2013-3012. Vulnerabilidad sin especificar en Java Runtime Environment (JRE) en IBM Java 1.4.2 anterior a 1.4.2 SR13-FP18, 5.0 anterior a 5.0 SR16-FP3, 6 anterior a 6 SR14, 6.0.1 anterior a 6.0.1 SR6, y 7 anterior a 7 SR5, permite a atacantes remotos comprometer la disponibilidad, confidencialidad e integridad a través de vectores no especificados. Vulnerabilidad distinta de CVE-2013-3009 y CVE-2013-3012. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-08 •