ALPINE-CVE-2020-13777

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

PT-2020-13675 · Gnu +7 · Gnutls +7

Name of the Vulnerable Software and Affected Versions: GnuTLS versions 3.6.4 through 3.6.14 Description: The issue is related to incorrect cryptography used for encrypting a session ticket, leading to a loss of confidentiality in TLS 1.2 and an authentication bypass in TLS 1.3. This allows an...

App Layering 2001: Can't Finalize Layer - An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'

After installing the latest Cumulative Update, Cannot finalize the Version. Getting Error Message: An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'...

Error: "Invalid Certificate" When Installing SSL Certificate on ADC Appliance

When attempting to install an Secure Socket Layer SSL certificate on an ADCappliance, the process fails with error "invalid certificate"...

Bogus Security Technology: An Anti-5G USB Stick

The 5GBioShield sells for £339.60, and the description sounds like snake oil: ...its website, which describes it as a USB key that "provides protection for your home and family, thanks to the wearable holographic nano-layer catalyser, which can be worn or placed near to a smartphone or any other...

USN-4369-2: Linux kernel regression

USN-4369-1 fixed vulnerabilities in the 5.3 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. We apologize for the inconvenience. Original advisory details: It was discovered that the btrfs implementation in the Linux kernel did not...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...

Axel Trust Management Issues Vulnerabilities

Axel is a lightweight download gas pedal. A security vulnerability exists in the ssl.c file in versions of Axel prior to 2.17.8 that stems from a TLS connection failing to validate the server's hostname. No details of the vulnerability are provided at this time...

DEBIAN-CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

ALPINE-CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

UBUNTU-CVE-2020-13614

An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification...

EM-HTTP-Request Trust Management Issues Vulnerability

EM-HTTP-Request is an asynchronous HTTP client from Ilya Grigorik Software Developers of the United States , which supports automatic gzip and deflate decoding , streaming response processing , streaming file uploads and authentication . A trust management issue vulnerability exists in...

The vulnerability in the implementation of the TLS (Transport Layer Security) protocol in Windows operating systems allows a attacker to induce a service failure.

The vulnerability of the TLS Transport Layer Security protocol implementation in Windows operating systems is related to insufficient input validation. Exploiting this vulnerability can allow a malicious actor to cause service failures...

USN-4367-1 linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 It was...

USN-4369-1: Linux kernel vulnerabilities

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 Trista...

USN-4369-1 linux, linux-aws, linux-aws-5.3, linux-azure, linux-azure-5.3, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-oracle-5.3, linux-raspi2 vulnerabilities

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 Trista...

CVE-2020-1118

A denial of service vulnerability exists in the Windows implementation of Transport Layer Security TLS when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'...

Google Chrome ANGLE Resource Management Error Vulnerability

Google Chrome is a web browser from Google.Almost Native Graphics Layer Engine ANGLE is a graphics layer engine that allows Windows users to run WebGL and other OpenGL ES 2.0 content by translating the OpenGL ES 2.0 API to DirectX 9 or DirectX 11 API calls. DirectX 11 API calls to run WebGL and...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4367-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4367-1 advisory. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker...