OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacke...

UBUNTU-CVE-2021-35550

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

Oracle Java SE 输入验证错误漏洞

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...

PT-2021-7847

Name of the Vulnerable Software and Affected Versions Java SE versions 7u311, 8u301, 11.0.12 Oracle GraalVM Enterprise Edition versions 20.3.3, 21.2.0 Description The issue is related to the JSSE component and allows an unauthenticated attacker with network access via TLS to compromise Java SE an...

ARM mbed TLS 安全漏洞

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. A security vulnerability exists in ARM mbed TLS versions prior to 2.24.0, which stems from a lack of clearing of the plaintext buffer in mbedtlssslread to erase unused application data from...

ALPINE-CVE-2021-32686

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback a...

Cisco Firepower Threat Defense 输入验证错误漏洞

Cisco Firepower Threat Defense FTD is unified software that provides next-generation firewall services. A denial-of-service vulnerability exists in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense, which can be exploited by an attacker to cause a process crash by sendi...

AZL-45213 CVE-2021-31597 affecting package js-jquery 3.5.0-4

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized when the property exists but is undefined is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected...

Vulnerabilities fixed in IBM MQ

An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated malicious agent to obtain sensitive information and cause the initiation of a denial-of-service DoS IBM has released updates to fix the vulnerability. More information can be found on the page...

puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL

A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List CRL. The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a...

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

...

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...

PT-2020-3528

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, and 14.0.1 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE and Java SE Embedded. This can allow a remote attacker t...

Error: "Invalid Certificate" When Installing SSL Certificate on ADC Appliance

When attempting to install an Secure Socket Layer SSL certificate on an ADCappliance, the process fails with error "invalid certificate"...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...