7687 matches found
CVE-2022-42916
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...
Oracle GoldenGate (Oct 2022 CPU)
The version of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in Oracle GoldenGate component: Oracle GoldenGate Microservices Dell BSAFE Micro Edition Suite. The supported version that is affected is...
Amazon Linux 2022 : java-11-amazon-corretto, java-11-amazon-corretto-devel, java-11-amazon-corretto-headless (ALAS2022-2022-153)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-153 advisory. Title: Wider MultiByte conversionsBuffer overflow is possible due to incorrect byte count should be charactercount. CVE-2022-21618 Title: Improve NTLM supportwriteSecurityBuffer writes a...
Oracle Linux 9 : java-1.8.0-openjdk (ELSA-2022-7007)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7007 advisory. 1.8.0.352.b08-2.0.1 - Replace upstream references Orabug: 34340145 1:1.8.0.352.b08-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 -...
AlmaLinux 8 : java-1.8.0-openjdk (ALSA-2022:7006)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7006 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affect...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
Oracle Java SE Multiple Vulnerabilities (October 2022 CPU)
The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS...
Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability
Talos Vulnerability Report TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetserialmac OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29472 SUMMARY An OS command injection vulnerability exists in the web interface utilsetserialmac...
Amazon Linux 2022 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2022-2022-152)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-152 advisory. Title: Wider MultiByte conversionsBuffer overflow is possible due to incorrect byte count should be charactercount. CVE-2022-21618 Title: Improve NTLM supportwriteSecurityBuffer writes a...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
nodejs: Improper handling of URI Subject Alternative Names
A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...
CVE-2022-21626
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...