OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...

Unspecified Vulnerability in Oracle Java SE JSSE Component (CNVD-2020-72708)

Oracle Java SE is a for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments. A security vulnerability exists in the JSSE component in Oracle Java SE versions 11.0.6 and 14. An attacker could exploit the vulnerability to gain unauthoriz...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2020-72706)

Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...

UBUNTU-CVE-2020-2816

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability c...

PT-2020-2599

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.6 and 14 Description The issue is related to insufficient input validation in the JSSE component of Oracle Java SE. It allows an unauthenticated attacker with network access via HTTPS to compromise Java SE, resulting in...

CVE-2020-0757

An elevation of privilege vulnerability exists when Windows improperly handles Secure Socket Shell remote commands, aka 'Windows SSH Elevation of Privilege Vulnerability'...

KB4532691: Windows 10 Version 1809 and Windows Server 2019 February 2020 Security Update

The remote Windows host is missing security update 4532691. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this...

The vulnerability of the Java Secure Socket Extension (JSSE) component in Oracle Java SE software allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Java Secure Socket Extension JSSE in Oracle Java SE software platforms is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to modify, add, or delete data, or gain unauthorized access to protected information using the HTT...

Types of NetScaler and NetScaler Gateway Licenses

This article describes the types of licenses available for NetScaler and NetScaler Gateway appliances. NetScaler licenses are assigned to physical MPX and virtual VPX appliances. Logical SDX appliances require licenses for each physical appliance and each virtual instance. Refer to NetScaler...

PT-2020-1415

Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.5 and 13.0.1 Description The issue is related to a vulnerability in the Java Secure Socket Extension JSSE component of Oracle Java SE, which is difficult to exploit and allows an unauthenticated attacker with network acce...

Milesight IP security cameras trust management issue vulnerability (CNVD-2019-40063)

Milesight IP security cameras are IP camera products from China Pulse Digital Technology Milesight. A security vulnerability exists in Milesight IP security cameras version 2016-11-14 and earlier, which stems from a hardcoded SSL private key stored in the /etc/config directory. No details of the...

The vulnerability of the Java Secure Socket Extension (JSSE) component of the OpenJDK project, a programming language for Java, allows attackers to gain access to confidential data.

The vulnerability of the Java Secure Socket Extension JSSE component of the OpenJDK project, a programming language, is related to errors in processing the attached OCSP response during TLS handshake. Exploiting this vulnerability can allow an attacker operating remotely to gain access to...

Oracle Java SE Access Control Error Vulnerability (CNVD-2019-26746)

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. A security vulnerability exists in the JSSE subcomponent of Oracle Java SE versions 11.0.3 and 12.0.1. An attacker could...

Security Bulletin: Multiple vulnerabilities exist in the current IBM SDK for Java used in IBM System Networking Switch Center (CVE-2014-0411 & CVE-2014-0460)

Summary IBM System Networking Switch Center ships with IBM Java 7 JRE. Two vulnerabilities are fixed in the April 2014 Critical Patch Update. 1 CVE-2014-0460: JNDI DNS service provider has several implementation flaws that make spoofing DNS responses much easier; 2 CVE-2014-0411: Vulnerability in...

Cisco Firepower Threat Defense Input Validation Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. An input validation vulnerability exists in the detection engine in Cisco FTD, which can be exploited by a remote attacker to cause a denial of...

Security Bulletin: Vulnerability in RC4 cipher stream (CVE-2015-2808) and multiple vulnerabilities in IBM SDK Java Technology Edition affects IBM Systems Director.

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in January and April 2015. This bulletin also addresses the RC4 bar mitzvah attack on SSL/TLS. Vulnerability Detail...

OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...

CVE-2018-15317

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BADRECORDMAC errors. Clients will be unable to access the...