211 matches found
Important: Red Hat Security Advisory: java-1.7.0-openjdk security update
An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20181018)
Security Fixes : - OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-3183 - OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 8199177 CVE-2018-3149 - OpenJDK: Incorrect handli...
RHEL 7 : java-1.8.0-openjdk (RHSA-2018:2942)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2942 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...
OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2018-14803
Philips e-Alert Unit non-medical device, Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to t...
DEBIAN-CVE-2018-14369
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression...
UBUNTU-CVE-2018-14369
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before proceeding to header decompression...
CVE-2016-5358
epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service application crash via a crafted packet...
The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.
The vulnerability of the exifprocessIFDTag function ext/exif/exif.c in the PHP interpreter exists due to incorrect checking of arguments for the spprintf function. Exploiting this vulnerability can allow a malicious actor to trigger a service failure memory overflow or potentially cause other...
The vulnerability of the PHP interpreter, which allows attackers to trigger a service failure or exert other effects.
The vulnerability of the exifprocessTIFFinJPEG function ext/exif/exif.c in the PHP interpreter is caused by buffer overflow. Exploiting this vulnerability could allow a malicious actor to cause service failures or potentially other effects such as out-of-memory reading through specially crafted...
CVE-2016-4544
The exifprocessTIFFinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...
CVE-2016-4543
The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...
CVE-2016-4542
The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
Out-of-bounds
The exifprocessIFDTAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted...
CVE-2016-4543
The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...
CVE-2016-4544
Removed by vendor...