USN-4337-1 openjdk-8, openjdk-lts vulnerabilities

It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. CVE-2020-2754, CVE-2020-2755 It was discovered that OpenJDK incorrectly handled class...

OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581)

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

The vulnerability in the implementation of the TLS protocol in Google Chrome allows a perpetrator to compromise data integrity.

The vulnerability in the implementation of the TLS protocol in Google Chrome relates to insecure management of privileges. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created TLS connection...

UBUNTU-CVE-2020-1967

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

CVE-2020-11494

A flaw was discovered in slcbump in drivers/net/can/slcan.c in CAN Communication Protocol. It allows a local attacker with special user privilege or root to read sensitive kernel stack information considering CONFIGINITSTACKALL is not enabled when a partially initialized data structure is exposed...

CVE-2019-20785

An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 January 2019...

Multiple NETGEAR Products Trust Management Issue Vulnerabilities

The NETGEAR R8900, among others, is a wireless router from NETGEAR. A security vulnerability exists in several NETGEAR products. The vulnerability can be exploited by an attacker to obtain the private key of a Transport Layer Security TLS certificate...

mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.

A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive...

Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014

Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014 INTRODUCTION Microsoft has released a security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the...

Design/Logic Flaw

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

CVE-2020-11710

CVE-2020-11710 affects docker-kong/Kong up to version 2.0.3, where the Admin API port may be exposed on interfaces other than 127.0.0.1. The evidence in connected documents centers on a Kong admin API access issue via docker-kong templates, with a vendor note that the scope/patch references are d...

PT-2020-12797 · Kong · Docker-Kong

Name of the Vulnerable Software and Affected Versions: docker-kong versions through 2.0.3 Description: An issue was discovered where the admin API port may be accessible on interfaces other than 127.0.0.1. The vendor argues that this is not a vulnerability because it has an inaccurate bug scope a...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service...

Denial Of Service (DoS)

The kernel is vulnerable to denial of service DoS. The attack is due to Numerous reference count leaks in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service...

Denial Of Service (DoS)

kernel is vulnerabel to denial of service. Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service...

An update that enables Internet Explorer in Windows Vista or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available

An update that enables Internet Explorer in Windows Vista or in Windows Server 2008 to parse fragmented TLS/SSL handshake messages is available Warning: The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain...