OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

CVE-2023-21890

Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications component: Core. Supported versions that are affected are 7.1.0 and 8.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via UDP to compromise Oracle...

UBUNTU-CVE-2023-21835

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

Oracle Communications Converged Application Server 安全漏洞

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation. A security vulnerability exists in Oracle Communications Converged Application Server versions 7.1...

PT-2023-1184 · Oracle · Oracle Communications Converged Application Server

Name of the Vulnerable Software and Affected Versions: Oracle Communications Converged Application Server versions 7.1.0 through 8.0.0 Description: The issue is related to insufficient input validation in the Core component of the Oracle Communications Converged Application Server, allowing an...

[SECURITY] Fedora 37 Update: golang-github-graylog2-gelf-2.0.0-6.20201111git1550ee6.fc37

GELF Graylog Extended Log Format is an application-level logging protocol t hat avoids many of the shortcomings of syslog. While it can be run over any stream or datagram transport protocol, it has special support chunking to allow lo ng messages to be split over multiple datagrams...

DEBIAN-CVE-2022-47516

An issue was discovered in the libsofia-sip fork in drachtio-server before 0.8.20. It allows remote attackers to cause a denial of service daemon crash via a crafted UDP message that leads to a failure of the libsofia-sip-ua/tport/tport.c self assertion...

drachtio-server 安全漏洞

drachtio-server is a drachtio open source SIP server built on the sofia SIP stack. A security vulnerability exists in drachtio-server prior to version 0.8.20, which stems from a vulnerability that could allow a remote attacker to cause a denial of service daemon crash via a crafted UDP message,...

DEBIAN-CVE-2022-46393

An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLSSSLDTLSCONNECTIONID is enabled and MBEDTLSSSLCIDINLENMAX 2 MBEDTLSSSLCIDOUTLENMAX...

erlang/otp: Client Authentication Bypass

A Client Authentication Bypass was found in Erlang/OTP. This issue occurs in certain client-certification situations for SSL, TLS, and DTLS...

BKG Professional NtripCaster 访问控制错误漏洞

BKG Professional NtripCaster is an application organized by the Federal Agency for Cartography and Geodesy in Germany. It allows the distribution of GNSS real-time data streams over the Internet. A security vulnerability exists in BKG Professional NtripCaster version 2.0.39, which originates from...

PT-2022-26692 · Bkg · Bkg Professional Ntripcaster

Name of the Vulnerable Software and Affected Versions: BKG Professional NtripCaster version 2.0.39 Description: The issue allows querying information over the UDP protocol without authentication. The NTRIP sourcetable, which is typically quite long, can be requested with a small packet, presentin...

PT-2022-35455 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.152 Description: The issue concerns the udp update reuse mechanism. It has been identified that there is a potential security risk, although the actual impact and attack plausibility have not yet been...

PT-2022-35351 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...

PT-2022-35856 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: The issue is related to the Linux Kernel's rds tcp reset callbacks function, where the sock lock is held when cancelling work. This could potentially lead to security vulnerabilities,...