MiracleLinux 9 : java-17-openjdk-17.0.7.0.7-1.el9 (AXSA:2023-5309:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5309:06 advisory. OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

java-1.8.0-openjdk security and bug fix update

An update is available for java-1.8.0-openjdk. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

ALSA-2023:1895 Important: java-11-openjdk security update

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: improper connection handling during TLS handshake 8294474 CVE-2023-21930 OpenJDK: Swing HTML parsing issue 8296832 CVE-2023-21939 OpenJDK:...

SAMSUNG Mobile Chipset 缓冲区错误漏洞

SAMSUNG Mobile Chipset is a family of chips from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile Chipset that originates from a memory corruption that may occur during session description negotiation when processing video configuration attributes. The following products and...

DEBIAN-CVE-2021-26906

An issue was discovered in respjsipsession.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash...

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

This module checks for the OpenSSL ChangeCipherSpec CCS Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this...

CVE-2005-3426

Cisco CSS 11500 Content Services Switch CSS with SSL termination services allows remote attackers to cause a denial of service memory corruption and device reload via a malformed client certificate during SSL session negotiation...

CVE-2005-3426

Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services is affected by CVE-2005-3426. The vulnerability allows remote attackers to trigger a denial of service via memory corruption during SSL session negotiation when a malformed client certificate is presented. The entry notes...

Delegate buffer overflow

Stack overflow on SSL session negotiation...