OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

Oracle Java SE Multiple Vulnerabilities (April 2017 CPU) (Unix)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 6 Update 151, 7 Update 141, or 8 Update 131. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Networking subcomponent that allows an unauthenticated...

java security update

CentOS Errata and Security Advisory CESA-2017:1109 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

OpenJDK: newline injection in the FTP client (Networking, 8170222)

A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application...

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

CVE-2017-5066

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page...

Oracle JRockit R28.3.13 Multiple Vulnerabilities (April 2017 CPU)

The version of Oracle JRockit installed on the remote Windows host is R28.3.13. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the JCE subcomponent that allows a local attacker to gain elevated privileges. CVE-2017-3511 - An unspecified flaw exists in the...

Google Chrome Security Updates (stable-channel-update-for-desktop-2017-04) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 58 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 58.0.3029.81 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

Oracle Java SE Security Updates (cpuapr2017-3236618) 01 - Linux

Oracle Java SE is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

PT-2017-10803 · Go +3 · Net/Http Package +3

Name of the Vulnerable Software and Affected Versions: net/http package affected versions not specified Description: The issue arises when the net/http package's Request.ParseMultipartForm method handles large multipart requests, potentially leading to a denial-of-service situation. An attacker c...

Cisco IOS XE Software Local Command Execution Vulnerability

Cisco IOS is the interconnected Internet operating system used on most Cisco Systems routers and network switches. The Cisco IOS XE Software startup script does not validate the value of the ROMMON variable effectively, allowing remote attackers to exploit the vulnerability by submitting a specia...

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170321)

Security Fixes : - It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow in scenarios in which actual fragmentation of packets is not needed and could subsequently perform any type of a...

Moderate: Red Hat Security Advisory: kernel security and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Kernel security update: new kernel 2.6.32-042stab123.1, Virtuozzo 6.0 Update 12 Hotfix 7 (6.0.12-)

This update provides a new Virtuozzo 6.0 kernel 2.6.32-042stab123.1 as well as internal stability bug fixes. The new kernel is based on the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.el6 and provides security fixes. Vulnerability id: CVE-2017-6214 A flaw was found in the Linux kernel's handli...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2017:0817 An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Cisco IOS XE ANI Registrar DoS (cisco-sa-20170320-ani)

According to its self-reported version, the Cisco IOS XE software running on the remote device is affected by a denial of service vulnerability in the Autonomic Networking Infrastructure ANI registrar feature due to incomplete input validation of certain crafted packets. An unauthenticated,...

Cisco IOS ANI Registrar DoS (cisco-sa-20170320-ani)

According to its self-reported version, the Cisco IOS software running on the remote device is affected by a denial of service vulnerability in the Autonomic Networking Infrastructure ANI registrar feature due to incomplete input validation of certain crafted packets. An unauthenticated, adjacent...