OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Utilities. Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

UBUNTU-CVE-2019-2778

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

Oracle Java SE 1.7.0_231 / 1.8.0_221 / 1.11.0_4 / 1.12.0_2 Multiple Vulnerabilities (Jul 2019 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 7 Update 231, 8 Update 221, 11 Update 4, or 12 Update 2. It is, therefore, affected by multiple vulnerabilities: - Unspecified vulnerabilities in the utilities and JCE subcomponents of Oracle...

Oracle Application Testing Suite Multiple Vulnerabilities (Jul 2019 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities: - A deserialization vulnerability exists in Apache Commons FileUpload library. An unauthenticated, remote attacker can exploit this, via customized Java serialised object, to...

PT-2019-4920 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.26 and prior MySQL Server versions 8.0.16 and prior Description: The issue is related to inadequate access control in the MySQL Server component, specifically in the Server: Security: Privileges subcomponent. This...

Denial of service

VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available...

DEBIAN-CVE-2019-10639

The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols e.g....

Security update for gnome-shell (moderate)

openSUSE Security Update: Security update for gnome-shell Announcement ID: openSUSE-SU-2019:1582-1 Rating: moderate References: 1124493 Cross-References: CVE-2019-3820 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: Th...

Code injection

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2018-13909

Metadata verification and partial hash system calls by bootloader may corrupt parallel hashing state in progress resulting in unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2018-13907

The CVE-2018-13907 entry describes a vulnerability in Qualcomm/Snapdragon components where deserializing a key blob during key operations can trigger a buffer overflow, potentially exposing partial key information across a wide range of Snapdragon devices (IPQ4019, IPQ8074, MDM9... and many SD/So...

SUSE SLED15 / SLES15 Security Update : gnome-shell (SUSE-SU-2019:1459-1)

This update for gnome-shell fixes the following issues : Security issue fixed : CVE-2019-3820: Fixed a partial lock screen bypass bsc1124493. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to...

Information Disclosure Vulnerability in Multiple Intel Products (CNVD-2019-25499)

Intel Core X-series Processors are products of Intel Corporation.Intel Core X-series Processors are X-series central processing units CPUs.4th Generation Intel Core i5 Processors are 4th generation Core i5-series central processing units CPUs.4th Generation Intel Core i3 Processors are 4th...

JDK: unspecified vulnerability fixed in 8u201 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...