The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Java Oracle

computer vulnerability announce CVE-2018-2938 CVE-2018-2940 CVE-2018-2941

Oracle Java: vulnerabilities of July 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, Domino, Notes, QRadar SIEM, Tivoli Workload Scheduler, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 18/07/2018.
Identifiers: ADV-2018-022, CERTFR-2018-AVI-348, cpujul2018, CVE-2018-2938, CVE-2018-2940, CVE-2018-2941, CVE-2018-2942, CVE-2018-2952, CVE-2018-2964, CVE-2018-2972, CVE-2018-2973, DLA-1590-1, DSA-4268-1, FEDORA-2018-0b6ccd1c68, FEDORA-2018-40decc4158, FEDORA-2018-4d58785bcd, FEDORA-2018-877fdbb3f0, FEDORA-2018-c650019e9c, FEDORA-2018-d4bfa98f6a, ibm10725491, ibm10738401, ibm10742729, ibm10743351, NTAP-20180726-0001, openSUSE-SU-2018:2206-1, openSUSE-SU-2018:2247-1, openSUSE-SU-2018:3057-1, openSUSE-SU-2018:3103-1, openSUSE-SU-2019:0042-1, RHSA-2018:2241-01, RHSA-2018:2242-01, RHSA-2018:2253-01, RHSA-2018:2254-01, RHSA-2018:2255-01, RHSA-2018:2256-01, RHSA-2018:2283-01, RHSA-2018:2286-01, RHSA-2018:2568-01, RHSA-2018:2569-01, RHSA-2018:2575-01, RHSA-2018:2576-01, RHSA-2018:3007-01, RHSA-2018:3008-01, SB10247, SUSE-SU-2018:2083-1, SUSE-SU-2018:2574-1, SUSE-SU-2018:2583-1, SUSE-SU-2018:2649-1, SUSE-SU-2018:2839-1, SUSE-SU-2018:3045-1, SUSE-SU-2018:3064-1, SUSE-SU-2018:3064-3, SUSE-SU-2018:3082-1, SUSE-SU-2019:0049-1, USN-3734-1, USN-3735-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-26767.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-14048

libpng/pnm2png: denial of service via png_free_data

Synthesis of the vulnerability

An attacker can generate a fatal error via png_free_data() of libpng/pnm2png, in order to trigger a denial of service.
Impacted products: libpng, Java OpenJDK, Java Oracle, Slackware.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/07/2018.
Identifiers: 238, cpuoct2018, CVE-2018-14048, SSA:2019-107-01, VIGILANCE-VUL-26753.

Description of the vulnerability

An attacker can generate a fatal error via png_free_data() of libpng/pnm2png, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-13785

libpng: integer overflow via png_check_chunk_length

Synthesis of the vulnerability

An attacker can generate an integer overflow via png_check_chunk_length() of libpng, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, AIX, IBM i, libpng, McAfee Web Gateway, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/07/2018.
Identifiers: cpuoct2018, CVE-2018-13785, FEDORA-2018-04eded822e, FEDORA-2018-3e04e9fe54, ibm10743955, openSUSE-SU-2019:0042-1, openSUSE-SU-2019:0043-1, RHSA-2018:3000-01, RHSA-2018:3001-01, RHSA-2018:3002-01, RHSA-2018:3003-01, RHSA-2018:3007-01, RHSA-2018:3008-01, RHSA-2018:3533-01, RHSA-2018:3534-01, RHSA-2018:3671-01, RHSA-2018:3672-01, SB10255, SUSE-SU-2018:3868-1, SUSE-SU-2018:3920-1, SUSE-SU-2018:3921-1, SUSE-SU-2018:3933-1, SUSE-SU-2018:4064-1, SUSE-SU-2019:0049-1, SUSE-SU-2019:0057-1, SUSE-SU-2019:0057-2, SUSE-SU-2019:0058-1, USN-3712-1, USN-3712-2, VIGILANCE-VUL-26692.

Description of the vulnerability

An attacker can generate an integer overflow via png_check_chunk_length() of libpng, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-11212

libjpeg: denial of service via alloc_sarray

Synthesis of the vulnerability

An attacker can generate a fatal error via alloc_sarray() of libjpeg, in order to trigger a denial of service.
Impacted products: Debian, Fedora, AIX, IBM i, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/07/2018.
Identifiers: cpujan2019, CVE-2018-11212, DLA-1638-1, FEDORA-2019-362387a66d, FEDORA-2019-b084fa3ea5, ibm10875554, ibm10878376, NTAP-20190118-0001, openSUSE-SU-2019:0161-1, openSUSE-SU-2019:0346-1, openSUSE-SU-2019:1439-1, RHSA-2019:0469-01, RHSA-2019:0472-01, RHSA-2019:0473-01, RHSA-2019:0474-01, RHSA-2019:1238-01, SUSE-SU-2019:0221-1, SUSE-SU-2019:0574-1, SUSE-SU-2019:0604-1, SUSE-SU-2019:0617-1, SUSE-SU-2019:1219-1, SUSE-SU-2019:13975-1, SUSE-SU-2019:13978-1, USN-3706-1, USN-3706-2, VIGILANCE-VUL-26667.

Description of the vulnerability

An attacker can generate a fatal error via alloc_sarray() of libjpeg, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-2783 CVE-2018-2790 CVE-2018-2794

Oracle Java: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, Tivoli Storage Manager, Tivoli System Automation, Tivoli Workload Scheduler, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 18/04/2018.
Identifiers: 2016282, CERTFR-2018-AVI-188, cpuapr2018, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815, CVE-2018-2825, CVE-2018-2826, DSA-4185-1, DSA-4225-1, FEDORA-2018-40c4930c83, FEDORA-2018-579ff80ed8, FEDORA-2018-77533e644b, FEDORA-2018-9aa8064e12, ibm10713455, ibm10715641, ibm10716001, ibm10717125, ibm10717149, ibm10717207, ibm10717275, ibm10717537, ibm10718843, ibm10719319, ibm10719993, K15217245, K33924005, K44923228, K70321874, openSUSE-SU-2018:1710-1, openSUSE-SU-2018:1719-1, RHSA-2018:1188-01, RHSA-2018:1191-01, RHSA-2018:1201-01, RHSA-2018:1202-01, RHSA-2018:1203-01, RHSA-2018:1204-01, RHSA-2018:1205-01, RHSA-2018:1206-01, RHSA-2018:1270-01, RHSA-2018:1278-01, RHSA-2018:1721-01, RHSA-2018:1722-01, RHSA-2018:1723-01, RHSA-2018:1724-01, SB10234, SUSE-SU-2018:1447-1, SUSE-SU-2018:1458-1, SUSE-SU-2018:1690-1, SUSE-SU-2018:1692-1, SUSE-SU-2018:1738-1, SUSE-SU-2018:1764-1, SUSE-SU-2018:1938-1, SUSE-SU-2018:1938-2, SUSE-SU-2018:2068-1, swg22016419, USN-3644-1, USN-3691-1, USN-3747-1, USN-3747-2, VIGILANCE-VUL-25899, ZDI-18-306, ZDI-18-307.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-2579 CVE-2018-2581 CVE-2018-2582

Oracle Java: vulnerabilities of January 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IBM i, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, Puppet, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 17/01/2018.
Identifiers: 2013818, 2014315, 2015656, 2016042, 2016207, 2016278, 2016496, 2016502, CERTFR-2018-AVI-036, cpujan2018, CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2675, CVE-2018-2677, CVE-2018-2678, DLA-1339-1, DSA-4144-1, DSA-4166-1, FEDORA-2018-223d8fc52a, FEDORA-2018-a82015aa02, FEDORA-2018-d50769efa0, FEDORA-2018-e2e52fb0bf, ibm10715641, ibm10717143, ibm10717207, ibm10718843, ibm10719115, ibm10719319, JSA10873, N1022544, openSUSE-SU-2018:0679-1, openSUSE-SU-2018:0684-1, RHSA-2018:0095-01, RHSA-2018:0099-01, RHSA-2018:0100-01, RHSA-2018:0115-01, RHSA-2018:0349-01, RHSA-2018:0351-01, RHSA-2018:0352-01, RHSA-2018:0458-01, RHSA-2018:0521-01, SB10225, SUSE-SU-2018:0630-1, SUSE-SU-2018:0645-1, SUSE-SU-2018:0661-1, SUSE-SU-2018:0663-1, SUSE-SU-2018:0665-1, SUSE-SU-2018:0694-1, USN-3613-1, USN-3614-1, VIGILANCE-VUL-25082.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 24749

TLS: information disclosure via ROBOT Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Impacted products: Bouncy Castle JCE, Cisco ACE, BIG-IP Hardware, TMOS, Mule ESB, Java OpenJDK, Java Oracle, Palo Alto Firewall PA***, PAN-OS, RabbitMQ, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-ALE-020, cisco-sa-20171212-bleichenbacher, CSCvg74693, CTX230238, K21905460, PAN-SA-2017-0032, ROBOT Attack, VIGILANCE-VUL-24749, VU#144389.

Description of the vulnerability

An attacker can bypass access restrictions to data via ROBOT Attack of TLS, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-10274 CVE-2017-10281 CVE-2017-10285

Oracle Java: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 18/10/2017.
Identifiers: 2010282, 2010560, 2011264, 2012279, 2013081, 2013150, 2013545, 2014202, 2014981, 2015655, 2015825, 2016207, CERTFR-2017-AVI-366, cpuoct2017, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10341, CVE-2017-10342, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10380, CVE-2017-10386, CVE-2017-10388, DLA-1187-1, DSA-4015-1, DSA-4048-1, FEDORA-2017-7b17451b82, FEDORA-2017-98a361c2b5, FEDORA-2017-b1492e4844, FEDORA-2017-e7938fd7d7, ibm10718843, JSA10873, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, RHSA-2017:2998-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, RHSA-2017:3264-01, RHSA-2017:3267-01, RHSA-2017:3268-01, RHSA-2017:3392-01, SB10212, SRC-2017-0028, SUSE-SU-2017:2989-1, SUSE-SU-2017:3235-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:0061-1, swg22012279, Synology-SA-17:66, USN-3473-1, USN-3497-1, VIGILANCE-VUL-24161.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 23778

Oracle Java, Apache Xerces: denial of service via FTP

Synthesis of the vulnerability

An attacker can interrupt a FTP transfer, in order to trigger a denial of service on the Oracle Java or Apache Xerces client.
Impacted products: Xerces Java, Java OpenJDK, Java Oracle.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 08/09/2017.
Identifiers: VIGILANCE-VUL-23778.

Description of the vulnerability

An attacker can interrupt a FTP transfer, in order to trigger a denial of service on the Oracle Java or Apache Xerces client.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-10053 CVE-2017-10067 CVE-2017-10074

Oracle Java: vulnerabilities of July 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, Domino, Notes, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, SnapManager, Java OpenJDK, openSUSE Leap, Java Oracle, JavaFX, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 32.
Creation date: 19/07/2017.
Identifiers: 2007002, 2008025, 2008360, 2008362, 2008757, 2009206, 2009232, 2009253, 2009415, 2009663, 2011594, 2012301, CERTFR-2017-AVI-223, cpujul2017, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10104, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10117, CVE-2017-10118, CVE-2017-10121, CVE-2017-10125, CVE-2017-10135, CVE-2017-10145, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243, DLA-1073-1, DSA-3919-1, DSA-3954-1, DSA-4005-1, FEDORA-2017-605557de96, FEDORA-2017-721314e3b3, FEDORA-2017-735e2ae663, FEDORA-2017-be3df4fe14, FEDORA-2017-fe57cf60c3, ibm10718843, JSA10873, NTAP-20170720-0001, openSUSE-SU-2017:2211-1, openSUSE-SU-2018:0042-1, RHSA-2017:1789-01, RHSA-2017:1790-01, RHSA-2017:1791-01, RHSA-2017:1792-01, RHSA-2017:2424-01, RHSA-2017:2469-01, RHSA-2017:2481-01, RHSA-2017:2530-01, SB10208, SUSE-SU-2017:2175-1, SUSE-SU-2017:2263-1, SUSE-SU-2017:2280-1, SUSE-SU-2017:2281-1, SUSE-SU-2018:0005-1, USN-3366-1, USN-3366-2, USN-3396-1, VIGILANCE-VUL-23289.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Java Oracle: