321 matches found
nodejs: TLS session reuse can lead to hostname verification bypass
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...
nodejs: TLS session reuse can lead to hostname verification bypass
A TLS Hostname verification bypass vulnerability exists in NodeJS. This flaw allows an attacker to bypass TLS Hostname verification when a TLS client reuses HTTPS sessions...
RHEL 8 : nodejs:12 (RHSA-2020:2847)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2847 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:1606-1)
This update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.18.0 CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass bsc1172441...
SUSE-SU-2020:1606-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.18.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass bsc117244...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
ALPINE-CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
Design/Logic Flaw
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
UBUNTU-CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
CVE-2020-8172
CVE-2020-8172 affects Node.js TLS session reuse that can bypass host certificate verification in Node.js versions prior to 12.18.0 and 14.4.0. Connected advisories confirm the issue and indicate remediation via upgrading Node.js to patched releases. The ALSA advisory notes the security fix upgrad...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
CVE-2020-8172
TLS session reuse can lead to host certificate verification bypass in node version 12.18.0 and 14.4.0...
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...
CVE-2020-12258
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259...
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...
OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to...