Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMapblocClass A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It...

Oracle Java Runtime Environment - Heap Out-of-Bounds AlternateSubstitutionSubtable

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process ----------------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment...

Oracle Java Runtime Environment - Heap Out-of-Bounds OpenTypeLayoutEngine

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions ----------------------------------------------------------------------------------- A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont...

TAU Threat Intelligence Notification: Java Embedded MSI Files

Summary Application whitelisting provides environments with access controls to stop unauthorized software from executing. This is accomplished by utilizing file and folder attributes including but not limited to file path, filename, digital signature, publisher, cryptographic hash and product nam...

Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...

Unauthorized Time Zone Modification

IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server has a vulnerability which affects the time zone information of the application. The vulnerability is possible because java.util.TimeZone fails to prevent the untrusted Java application or applet to change the time zo...

Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-1656; CVE-2018-2973; CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® Runtime Environment that is bundled along with IBM Rational Build Forge. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 ,...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1 (CVE-2018-1656, CVE-2018-0732, CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in July 2018. An Open Source OpenSSL vulnerabilitiy has also been addressed. Vulnerability Details If you run your own Jav...

CentOS 6 : java-1.7.0-openjdk (CESA-2018:3409)

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in July 2018. Vulnerability Details CVEID: CVE-2017-3736 DESCRIPTION: OpenSSL could allow a...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Lombardi Edition

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 used by IBM Process Designer. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1656 DESCRIPTION: The IBM Java Runtime Environment's Diagnostic Tooling Framewo...

Oracle Linux 6 : java-1.8.0-openjdk (ELSA-2018-2943)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-2943 advisory. 1:1.8.0.191.b12-0 - Update to aarch64-shenandoah-jdk8u191-b12. - Resolves: rhbz1633817 1:1.8.0.191.b10-0 - Update to aarch64-shenandoah-jdk8u191-b10. -...

TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

Overview The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an...

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

JDK: path traversal flaw in the Diagnostic Tooling Framework

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

CVE-2018-1656

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

CVE-2018-1656

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java DTFJ IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882...

java security update

CentOS Errata and Security Advisory CESA-2018:2286 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...