CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

Design/Logic Flaw

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

CVE-2017-3544

CVE-2017-3544 is a content spoofing vulnerability in the Networking component of Oracle/OpenJDK’s Java SE/Java SE Embedded/JRockit, specifically an SMTP newline-injection issue in the SMTP client. The connected documents establish that a remote attacker could exploit this via SMTP to manipulate S...

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

CVE-2017-3533

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

CVE-2017-3533

CVE-2017-3533 is an access restriction bypass in the Networking component (FTP client) of Oracle/OpenJDK Java SE. The newline-injection flaw in the FTP client could allow a remote attacker to manipulate FTP connections established by a Java application. Affected: Java SE/Embedded and JRockit vari...

CVE-2017-3509

CVE-2017-3509 affects Oracle/OpenJDK Networking in Java SE and Java SE Embedded, allowing a network-based, unauthenticated attacker to cause low confidentiality/low integrity impacts with potential information exposure, via multiple protocols; exploitation requires user interaction. Affected are ...

CVE-2017-3509

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

CISO Forum 2017

Last week I have attended CISO Forum 2017 in Moscow. I was talking there about "Vulnerability Quadrants: automated hot topic detection in public vulnerability CVE flow". Today I want to share my impressions about the forum itself. To be short, I liked it very much. Both exhibition and...

OPENSUSE-SU-2017:1098-1 Security update for chromium

This update to Chromium 58.0.3029.81 fixes the following security issues bsc1035103: - CVE-2017-5057: Type confusion in PDFium - CVE-2017-5058: Heap use after free in Print Preview - CVE-2017-5059: Type confusion in Blink - CVE-2017-5060: URL spoofing in Omnibox - CVE-2017-5061: URL spoofing in...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

CVE-2017-3509

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

Google Chrome < 58.0.3029.81 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 58.0.3029.81. It is, therefore, affected by multiple vulnerabilities as referenced in the 201704stable-channel-update-for-desktop advisory. - Incorrect handling of DOM changes in Blink in Google Chrome prior to...