GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling

A flaw was found in GStreamer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. The flaw exists within the handling of palette data in AVI files, where a lack of proper validation of user-supplied data can lead to an integer overflow...

MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.201-2.6.16.1.0.1.el7.AXS7 (AXSA:2019-3680:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3680:01 advisory. OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 81991...

SUSE CVE-2017-18233

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file...

The vulnerability of the RIFF::List::GetSubList function in the RIFF.cpp component of the libgig processing library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the RIFF::List::GetSubList function in the RIFF.cpp component of the file processing library libgig is related to writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause servic...

Important: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2018-1386)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2019-1777)

According to the version of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenJDK: Infinite loop in RIFF format reader CVE-2018-3214 Note that Tenable Network Security has extracted the preceding description...

EulerOS 2.0 SP2 : java-1.8.0-openjdk (EulerOS-SA-2018-1416)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Improper field access checks CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine CVE-2018-3183 - OpenJDK:...

OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2018-1386)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Improper field access checks CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine CVE-2018-3183 - OpenJDK:...

RHEL 7 : java-1.7.1-ibm (RHSA-2018:3672)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3672 advisory. IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IB...

OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...

RHEL 7 : java-1.8.0-ibm (RHSA-2018:3534)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3534 advisory. - OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests Security, 8194534 CVE-2018-3136 - OpenJDK: Leak of sensitive...

OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Sound. Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with...

Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests Security, 8194534 CVE-2018-3136. Leak of sensitive header data via HTTP redirect Networking, 8196902 CVE-2018-3139. Incomplete enforcement of the trustURLCodebase...

MGASA-2018-0436 Updated java-1.8.0-openjdk packages fix security vulnerabilities

Updated java-1.8.0-openjdk packages fix security vulnerabilities: Incorrect handling of unsigned attributes in singed Jar manifests Security, 8194534 CVE-2018-3136. Leak of sensitive header data via HTTP redirect Networking, 8196902 CVE-2018-3139. Incomplete enforcement of the trustURLCodebase...

Important: Red Hat Security Advisory: java-1.7.0-openjdk security update

An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x i386/x86_64 (20181018)

Security Fixes : - OpenJDK: Improper field access checks Hotspot, 8199226 CVE-2018-3169 - OpenJDK: Unrestricted access to scripting engine Scripting, 8202936 CVE-2018-3183 - OpenJDK: Incomplete enforcement of the trustURLCodebase restriction JNDI, 8199177 CVE-2018-3149 - OpenJDK: Incorrect handli...

RHEL 7 : java-1.8.0-openjdk (RHSA-2018:2942)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2942 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

UBUNTU-CVE-2018-18196

An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp...