java security update

CentOS Errata and Security Advisory CESA-2018:1270 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

DPDK Memory Disclosure Vulnerability

DPDK is a set of open source drivers for fast packet processing. A security vulnerability exists in the vhost-user interface in versions of DPDK prior to 18.02.1. An attacker can exploit this vulnerability to disclose vhost-user backend process memory...

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Install. Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE...

OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JMX. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with...

MyScript SDK for Android Deserialization Code Execution Vulnerability

MyScript SDK for Android is a software development kit for MyScript handwriting input recognition engine based on Android platform. A security vulnerability exists in versions of MyScript SDK for Android prior to version 1.3. The vulnerability can be exploited to execute arbitrary code via the...

CVE-2016-8365

OSIsoft PI System software Applications using PI Asset Framework AF Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit SDK versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI...

CVE-2016-8365

OSIsoft PI System software Applications using PI Asset Framework AF Client versions prior to PI AF Client 2016, Version 2.8.0; Applications using PI Software Development Kit SDK versions prior to PI SDK 2016, Version 1.4.6; PI Buffer Subsystem, versions prior to and including, Version 4.4; and PI...

CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2018:0349)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)

It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...

OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)

It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...

The vulnerability of the Primetime SDK component of the Flash Player software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Primetime SDK software platform’s Flash Player component is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

SUSE SLES11 Security Update : ncurses (SUSE-SU-2018:0178-1)

This update for ncurses fixes the following issues: Security issue fixed : - CVE-2017-13733: Fix illegal address access in the fmtentry function bsc1056127. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998)

It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions...

JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: insufficient strength of key agreement (JCE, 8185292)

It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using...

Denial of Service Vulnerability in Zhejiang Dahua Playback Library SDK (CNVD-2018-01922)

Playback Library SDK is a development kit based on Dahua's private code stream encapsulation protocol developed to serve network DVRs, network video servers, network cameras, network dome cameras, intelligent devices and other products. A denial-of-service vulnerability exists in dhplay.dll in th...

How to script removing and rescanning "Ghost NIC" devices in Windows

It's sometimes necessary to run DevMgr in "nonpresent device" mode to remove all nonpresent NIC devices, and sometimes the present NIC too, and then rescan the network to fix problems. It's possible, using the Microsoft Windows Development Kit tool DEVCON.EXE, to script this operation if you know...