Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security and bug fix update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploi...

SUSE CVE-2018-7442

An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite...

SUSE CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character...

kernel: denial of service via ioctl call in network tun handling

A flaw was found in the Linux kernel's implementation of networking tunnel device ioctl. A local attacker can cause a denial of service NULL pointer dereference and panic via an ioctl TUNSETIFF call with a dev name containing a / character...

kernel: denial of service via ioctl call in network tun handling

A flaw was found in the Linux kernel's implementation of networking tunnel device ioctl. A local attacker can cause a denial of service NULL pointer dereference and panic via an ioctl TUNSETIFF call with a dev name containing a / character...

kernel: denial of service via ioctl call in network tun handling

A flaw was found in the Linux kernel's implementation of networking tunnel device ioctl. A local attacker can cause a denial of service NULL pointer dereference and panic via an ioctl TUNSETIFF call with a dev name containing a / character...

UBUNTU-CVE-2018-7191

In the tun subsystem in the Linux kernel before 4.13.14, devgetvalidname is not called before registernetdevice. This allows local users to cause a denial of service NULL pointer dereference and panic via an ioctlTUNSETIFF call with a dev name containing a / character. This is similar to...

UBUNTU-CVE-2018-14363

An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames...

UBUNTU-CVE-2018-14362

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character...

CVE-2014-9645

The addprobe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / slash character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /sndpcm none /" command...

CVE-2001-1269

CVE-2001-1269 affects Info-ZIP UnZip 5.42 and earlier. The vulnerability allows an attacker to overwrite arbitrary files during archive extraction by using filenames that begin with the slash character (/) in the ZIP archive. The issue is rooted in how the extractor handles archive filenames, ena...

CVE-2001-1269

Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via filenames in the archive that begin with the '/' slash character...