rpm package
suse/java-1_8_0-openjdk&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/java-1_8_0-openjdk&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (184)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-3214 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated | ||
| CVE-2018-3183 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated att | ||
| CVE-2018-3180 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti | ||
| CVE-2018-3169 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network acce | ||
| CVE-2018-3149 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti | ||
| CVE-2018-3139 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with ne | ||
| CVE-2018-3136 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Oct 17, 2018 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with netw | ||
| CVE-2018-16435 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Sep 4, 2018 | Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile. | ||
| CVE-2016-8635 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Aug 1, 2018 | It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. | ||
| CVE-2016-9574 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Jul 19, 2018 | nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. | ||
| CVE-2018-2973 | — | < 1.8.0.181-27.26.2 | 1.8.0.181-27.26.2 | Jul 18, 2018 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with netw | ||
| CVE-2018-2952 | — | < 1.8.0.181-27.26.2 | 1.8.0.181-27.26.2 | Jul 18, 2018 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows | ||
| CVE-2018-2940 | — | < 1.8.0.181-27.26.2 | 1.8.0.181-27.26.2 | Jul 18, 2018 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with n | ||
| CVE-2018-2938 | — | < 1.8.0.181-27.26.2 | 1.8.0.181-27.26.2 | Jul 18, 2018 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise | ||
| CVE-2018-13785 | — | < 1.8.0.191-27.29.1 | 1.8.0.191-27.29.1 | Jul 9, 2018 | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. | ||
| CVE-2017-5469 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Jun 11, 2018 | Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | ||
| CVE-2017-5465 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Jun 11, 2018 | An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F | ||
| CVE-2017-5464 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Jun 11, 2018 | During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 5 | ||
| CVE-2017-5462 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Jun 11, 2018 | A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28. | ||
| CVE-2017-5460 | — | < 1.8.0.121-23.4 | 1.8.0.121-23.4 | Jun 11, 2018 | A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox |
- CVE-2018-3214Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated
- CVE-2018-3183Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated att
- CVE-2018-3180Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti
- CVE-2018-3169Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network acce
- CVE-2018-3149Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenti
- CVE-2018-3139Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with ne
- CVE-2018-3136Oct 17, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with netw
- CVE-2018-16435Sep 4, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
- CVE-2016-8635Aug 1, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.
- CVE-2016-9574Jul 19, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
- CVE-2018-2973Jul 18, 2018affected < 1.8.0.181-27.26.2fixed 1.8.0.181-27.26.2
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with netw
- CVE-2018-2952Jul 18, 2018affected < 1.8.0.181-27.26.2fixed 1.8.0.181-27.26.2
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows
- CVE-2018-2940Jul 18, 2018affected < 1.8.0.181-27.26.2fixed 1.8.0.181-27.26.2
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with n
- CVE-2018-2938Jul 18, 2018affected < 1.8.0.181-27.26.2fixed 1.8.0.181-27.26.2
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise
- CVE-2018-13785Jul 9, 2018affected < 1.8.0.191-27.29.1fixed 1.8.0.191-27.29.1
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
- CVE-2017-5469Jun 11, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.
- CVE-2017-5465Jun 11, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
An out-of-bounds read while processing SVG content in "ConvolvePixel". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, F
- CVE-2017-5464Jun 11, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 5
- CVE-2017-5462Jun 11, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.
- CVE-2017-5460Jun 11, 2018affected < 1.8.0.121-23.4fixed 1.8.0.121-23.4
A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox
Page 2 of 10