BlackBerry QNX Software Development Platform Information Disclosure Vulnerability

The BlackBerry QNX Software Development Platform SDP is a suite of software development platforms from BlackBerry Canada dedicated to the development of software based on the QNX system. An information disclosure vulnerability exists in the default configuration of QNX SDP in BlackBerry QNX SDP...

CVE-2017-9371

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...

Default configuration

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...

CVE-2017-9369

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...

Information disclosure

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment...

CVE-2017-3892

In BlackBerry QNX Software Development Platform SDP 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs...

Buffer overflow

In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...

CVE-2017-9371

In BlackBerry QNX Software Development Platform SDP 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control...

CVE-2017-3893 Incomplete vulnerability mitigations

In BlackBerry QNX Software Development Platform SDP 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks...

RHEL 7 : java-1.7.0-oracle (RHSA-2017:3046)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3046 advisory. Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades...

Important: Red Hat Security Advisory: java-1.7.0-oracle security update

An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2017:2998)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:2998 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Moderate: Red Hat Security Advisory: rh-nodejs6-nodejs security update

An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

IBM Operationas Analytics Predictive Insights Java SDK Remote Lift Vulnerability

IBM Operationas Analytics Predictive Insights is a proactive fault management system from IBM, USA. The system monitors the performance of physical and logical infrastructures and provides alerts in the event of failures.Java SDK is one of the Java software development kits. A remote boost...

NewSouth Innovations Kakadu SDK Buffer Overflow Vulnerability

NewSouth Innovations Kakadu SDK is a JPEG2000 software development kit from NewSouth Innovations, Australia. A buffer overflow vulnerability exists in version 7.9 of the NewSouth Innovations Kakadu SDK, which originates when the program fails to properly perform bounds detection on user-submitted...

graphite2 security update

CentOS Errata and Security Advisory CESA-2017:1793 An update for graphite2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CVE-2017-0691

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453...

NSA Opens Github Account — Lists 32 Projects Developed by the Agency

The National Security Agency NSA — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page. The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes,...

CVE-2017-6667

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit SDK could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known...

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...