PT-2020-3530

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261 and 8u251 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. It can be exploited by an unauthenticated...

OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

UBUNTU-CVE-2018-3139

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

CVE-2018-3650

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector...

PT-2019-3785 · Fasterxml +7 · Jackson-Databind +7

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions prior to 2.9.10 FasterXML jackson-databind version 2.8.11.5 FasterXML jackson-databind version 2.6.7.3 Description: A Polymorphic Typing issue was discovered in FasterXML jackson-databind. It is related to...

CVE-2016-8855

Cross-Site Scripting XSS in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 8.1 Update-3 allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2...

Novell Filr Cross-Site Request Forgery Vulnerability

Novell Filr is a file access and sharing solution for the enterprise from Novell, USA. A cross-site request forgery vulnerability exists in the management interface in Novell Filr 2.0 Security Update 1 and prior versions and 1.2 Security Update 2. A remote attacker could exploit this vulnerabilit...

Siemens SIMATIC and SIMATIC WinCC HMI Comfort Panels Denial of Service Vulnerability

Siemens SIMATIC WinCC is a complete Supervisory Control and Data Acquisition SCADA solution for industry, ranging from single-user systems to multi-user systems supporting redundant servers and remote Web client solutions. A security vulnerability in Siemens SIMATIC HMI Comfort Panels WinCC TIA...

OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors...

OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

PT-2012-1238 · Oracle +4 · Java Runtime Environment +5

Name of the Vulnerable Software and Affected Versions: Java Runtime Environment versions 5.0 Update 33 and earlier Java Runtime Environment versions 6 Update 30 and earlier Java Runtime Environment versions 7 Update 2 and earlier Description: The issue is related to an unspecified vulnerability i...

PT-2010-1110 · Freetype +2 · Freetype +2

Name of the Vulnerable Software and Affected Versions: FreeType versions prior to 2.4.0 FreeType versions prior to 2.4.8 Description: The issue is related to an integer overflow in the gray render span function in smooth/ftgrays.c, which allows remote attackers to cause a denial of service or...

Update 2 for Windows Server Solutions Best Practices Analyzer 1.0 is available

None None...

KB5023127 - Cumulative Update 2 for SQL Server 2022

None None...