OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

RHEL 7 : java-1.8.0-openjdk (RHSA-2019:1815)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1815 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20190722)

Security Fixes : - OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 - OpenJDK: Insufficient checks of suppressed exceptions in deserialization Utilities, 8212328 CVE-2019-2762 - OpenJDK: Unbounded memory allocation during deserialization in...

Oracle Linux 7 : java-1.8.0-openjdk (ELSA-2019-1815)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1815 advisory. 1:1.8.0.222.b10-0 - Update to aarch64-shenandoah-jdk8u222-b10. - Resolves: rhbz1724452 1:1.8.0.222.b09-0 - Update to aarch64-shenandoah-jdk8u222-b09. -...

RHEL 8 : java-1.8.0-openjdk (RHSA-2019:1816)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1816 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

RHEL 6 : java-1.8.0-openjdk (RHSA-2019:1811)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1811 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20190722)

Security Fixes : - OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 - OpenJDK: Insufficient checks of suppressed exceptions in deserialization Utilities, 8212328 CVE-2019-2762 - OpenJDK: Unbounded memory allocation during deserialization in...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-6142

Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-6142

Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-6142

Array bounds check failure in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

CVE-2018-6142

CVE-2018-6142 describes an out-of-bounds read vulnerability in Google Chrome’s V8 engine (pre-67.0.3396.62) that can be triggered by a crafted PDF file, allowing remote memory access. Connected advisories (Debian DSA-4237-1) indicate a fix in Chromium-based packages and note updates to version 67...

CVE-2018-6142

Removed by vendor...

The vulnerability in the implementation of the hfcsusbprobe handler in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the hfcsusbprobe handler in the loaded module of the drivers/isdn/hardware/mISDN/hfcsusb.ko kernel of the Linux operating system is related to accessing beyond the array boundaries. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting th...

Design/Logic Flaw

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted...

bro -- Null pointer dereference and Signed integer overflow

Jon Siwek of Corelight reports: This is a security patch release to address potential Denial of Service vulnerabilities: Null pointer dereference in the RPC analysis code. RPC analyzers e.g. MOUNT or NFS are not enabled in the default configuration. Signed integer overflow in BinPAC-generated...

CVE-2019-6522

Moxa IKS and EDS fails to properly check array bounds which may allow an attacker to read device memory on arbitrary addresses, and may allow an attacker to retrieve sensitive data or cause device reboot...

CVE-2019-6522

CVE-2019-6522 affects Moxa IKS and EDS industrial switches. The vulnerability stems from a failure to properly check array bounds, enabling an out-of-bounds read of device memory on arbitrary addresses. This can allow an attacker to retrieve sensitive data or cause the device to reboot. Public de...