wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...

OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

DEBIAN-CVE-2020-14579

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols ...

CVE-2020-1206

An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka 'Windows SMBv3 Client/Server Information Disclosure Vulnerability'...

DEBIAN-CVE-2019-20797

An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by ISendPacket or ISendPacketTo in inetwork.c...

UBUNTU-CVE-2019-20797

An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by ISendPacket or ISendPacketTo in inetwork.c...

Microsoft Windows Client Server Run-Time Subsystem Information Disclosure Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. The Windows Client Server Run-Time Subsystem CSRSS is one of the Windows Client Server...

The vulnerability of the NIO-infrastructure client/server architecture for Java Netty, related to the inconsistent interpretation of http requests, allows attackers to compromise data integrity.

The vulnerability of the NIO-server/client infrastructure for Java Netty is related to improper handling of double colon gaps in HTTP headers. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

SUSE-SU-2020:1072-1 Security update for pacemaker

This update for pacemaker fixes the following issues: - CVE-2018-16877: Fixed an issue with insufficient local IPC client-server authentication on the client's side bsc1131356. - CVE-2018-16878: Fixed a denial of service related to insufficient verification of uncontrolled processes bsc1131353...

OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl...

OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

DEBIAN-CVE-2020-2767

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

UBUNTU-CVE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

Samsung Mobile Device Path Traversal Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A path traversal vulnerability exists in Samsung mobile devices, which can be exploited by an attacker to modify the client-server data flow in order to insert a...

GE CIMPLICITY Elevation of Privilege Vulnerability

GE CIMPLICITY is a client/server based HMI/SCADA solution from General Electric GE. The solution is capable of capturing and sharing real-time and historical data across all levels of the enterprise, enabling operational visualization of processes, equipment, and resource monitoring. An elevation...

[SECURITY] Fedora 30 Update: nghttp2-1.40.0-1.fc30

This package contains the HTTP/2 client, server and proxy programs...

[SECURITY] [DLA 2109-1] netty security update

Package : netty Version : 1:3.2.6.Final-2+deb8u2 CVE ID : CVE-2019-20444 CVE-2019-20445 CVE-2020-7238 Debian Bug : 950966 950967 Several vulnerabilities were discovered in the HTTP server provided by Netty, a Java NIO client/server socket framework: CVE-2019-20444 HttpObjectDecoder.java allows an...

golang: invalid public key causes panic in dsa.Verify

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...