OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

IBM Planning Analytics Licensing Issues Vulnerabilities

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics version 2.0, which stems from the...

The vulnerability in the implementation of the VPN Secure Sockets Layer (SSL) function of the microprogramming software for Cisco Small Business RV340, Cisco Small Business RV340W, Cisco Small Business RV345, and Cisco Small Business RV345P allows a hacker to cause a service failure.

The vulnerability of the VPN Secure Sockets Layer SSL implementation in microprogramming software for Cisco Small Business RV340, Cisco Small Business RV340W, Cisco Small Business RV345, and Cisco Small Business RV345P routers exists due to insufficient validation of input data. Exploiting this...

CVE-2020-4527

IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the Secure flag for the session cookie in TLS mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie an...

CVE-2020-1651

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine PFE on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker...

CVE-2020-1649

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...

Memory corruption

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine PFE on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker...

CVE-2020-1651 Junos OS: MX Series: PFE on the line card may crash due to memory leak.

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine PFE on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker...

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

CVE-2019-19326

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. Through modifying the X-Original-Url and X-HTTP-Method-Override headers, responses with malicious HTTP headers can return...

CVE-2020-14655

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware component: SSL API. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracl...

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

CVE-2020-1982

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitati...

nodejs: TLS session reuse can lead to hostname verification bypass

A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...

CVE-2020-4355

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer SSL renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this...

CVE-2017-1712

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat ROBOT attack. An attacker could iteratively query a server running a vulnerable TLS stack...

DEBIAN-CVE-2020-14058

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs becaus...

CVE-2020-12040

Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...

Code injection

Sigma Spectrum Infusion System v's6.x model 35700BAX and Baxter Spectrum Infusion System Versions 8.x model 35700BAX2 at the application layer uses an unauthenticated clear-text communication channel to send and receive system status and operational data. This could allow an attacker that has...

The vulnerability of the statem/statem.cc component in the OpenSSL library allows a attacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.

The vulnerability of the statem/statem.cc component in the OpenSSL library is related to the use of memory areas after they are freed. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, or compromise data integrity through...