RHEL 6 : java-1.8.0-ibm (RHSA-2017:3453)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3453 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

CentOS 6 / 7 : java-1.7.0-openjdk (CESA-2017:3392)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

USN-3497-1 openjdk-7 vulnerabilities

It was discovered that the Smart Card IO subsystem in OpenJDK did not properly maintain state. An attacker could use this to specially construct an untrusted Java application or applet to gain access to a smart card, bypassing sandbox restrictions. CVE-2017-10274 Gaston Traberg discovered that th...

RHEL 7 : java-1.7.0-oracle (RHSA-2017:3046)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3046 advisory. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades...

Important: Red Hat Security Advisory: java-1.7.0-oracle security update

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:2998)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2998 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

CVE-2017-12822

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...

Helping Mobile Operators Keep Customers Safe with Virtualized Network Security

At Trend Micro we’re always looking for innovative new ways to support our customers and help overcome their cybersecurity challenges. Mobile network operators MNOs are increasingly adopting virtualization and software acceleration technologies to become more agile in how they deploy and operate...

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

NewSouth Innovations Kakadu SDK Buffer Overflow Vulnerability

NewSouth Innovations Kakadu SDK is a JPEG2000 software development kit from NewSouth Innovations, Australia. A buffer overflow vulnerability exists in version 7.9 of the NewSouth Innovations Kakadu SDK, which originates when the program fails to properly perform bounds detection on user-submitted...

OpenJDK: insufficient access control checks in ServiceRegistry (ImageIO, 8172461)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: ImageIO. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: JAR verifier incorrect handling of missing digest (Security, 8169392)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successfu...

OpenJDK: incorrect range checks in LambdaFormEditor (Libraries, 8184185)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-0691

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453...

Important: Red Hat Security Advisory: Red Hat Container Development Kit 3.0.0 security update

An update is now available for Red Hat Container Development Kit 3.0.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2017-6667

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit SDK could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known...

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

RHEL 6 : java-1.7.1-ibm (RHSA-2017:1216)

An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.7 and Red Hat Satellite 5.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...