what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

CVE-2020-2655

Status Candidate

Overview

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

Related Files

Red Hat Security Advisory 2024-4352-03
Posted Jul 8, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4352-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

tags | advisory, kernel, spoof, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-26555
SHA-256 | 6753d1ede114a88a701f57d325732b54425b4efd7136a2e309ec55415143e4d5
Red Hat Security Advisory 2024-4211-03
Posted Jul 2, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

tags | advisory, kernel, spoof, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-26555
SHA-256 | 1371ac36bc148dc61e35201a09acf72512a7984de48d7d6416e8beed509acffa
Red Hat Security Advisory 2024-2394-03
Posted Apr 30, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability, code execution, memory leak
systems | linux, redhat
advisories | CVE-2020-26555
SHA-256 | 86435dbd1e42e1cb6babcb7c70863a0ed35c27cc178b52ec0cd6a1f94cb358cd
Gentoo Linux Security Advisory 202209-16
Posted Sep 30, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-16 - Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution. Versions less than 5.63 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2020-26558, CVE-2021-0129, CVE-2021-3588, CVE-2022-0204
SHA-256 | 665e641a5e8b1bb883f56bf358f09daf4066682c626f4aaf8eea49daf5ff2361
Ubuntu Security Notice USN-5343-1
Posted Mar 23, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5343-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. It was discovered that the aufs file system in the Linux kernel did not properly restrict mount namespaces, when mounted with the non-default allow_userns option set. A local attacker could use this to gain administrative privileges.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-2853, CVE-2016-2854, CVE-2018-5995, CVE-2019-19449, CVE-2020-12655, CVE-2020-25670, CVE-2020-25673, CVE-2020-26139, CVE-2020-26147, CVE-2020-26555, CVE-2020-26558, CVE-2020-36322, CVE-2020-36385, CVE-2021-20292, CVE-2021-20317, CVE-2021-23134, CVE-2021-28688, CVE-2021-28972, CVE-2021-29650, CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-33098, CVE-2021-34693, CVE-2021-3483, CVE-2021-3506, CVE-2021-3564
SHA-256 | f52b839ff13c30e863d5be66f515f639c4bbf6c3ac1911f54911c3a1db6abad1
Red Hat Security Advisory 2021-4432-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4432-03 - The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts, and pcmcia configuration files.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-26558
SHA-256 | 6eca52b6194bbf394e7c5bf9b7c89b2b330a1affb01866344f9db229f21dc236
Debian Security Advisory 4951-1
Posted Aug 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4951-1 - Several vulnerabilities were discovered in Bluez, the Linux Bluetooth protocol stack.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2020-26558, CVE-2020-27153, CVE-2021-0129
SHA-256 | 431d311d6156400aa4dd4fd7ef9b5e86f90421e808c0e7e5aa7f6a4c7ef192fe
Ubuntu Security Notice USN-5050-1
Posted Aug 24, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5050-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573, CVE-2021-38208
SHA-256 | 15f18b4a1645df7896d1474336043a68629898f3145352b2946dd200efd3f028
Ubuntu Security Notice USN-5046-1
Posted Aug 18, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5046-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Michael Brown discovered that the Xen netback driver in the Linux kernel did not properly handle malformed packets from a network PV frontend, leading to a use-after-free vulnerability. An attacker in a guest VM could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-28691, CVE-2021-3564, CVE-2021-3573, CVE-2021-3587
SHA-256 | 911bcc859f7a0c9a9d1bae83c2f53e3ca1b9840869a5229252148bb51ba89399
Ubuntu Security Notice USN-5018-1
Posted Jul 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5018-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-24586, CVE-2020-24587, CVE-2020-26139, CVE-2020-26147, CVE-2020-26558, CVE-2021-23134, CVE-2021-31829, CVE-2021-32399, CVE-2021-33034, CVE-2021-33200, CVE-2021-33909
SHA-256 | 4c1acb01997501488d94e4f295f9a8b096b13216c5f32c0bc98642127cd2ea8a
Ubuntu Security Notice USN-5017-1
Posted Jul 21, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5017-1 - It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service or execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly perform access control. An authenticated attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2021-33909
SHA-256 | 2eeefb31a25b77fe7591b7712630bbf4e79e970217c6805c3eafc7c444d44c09
Ubuntu Security Notice USN-4989-2
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153
SHA-256 | 8720c245ff9d32e615ac12072fd408a3b7ff8626c06e4a6d72353f5814177f3a
Ubuntu Security Notice USN-4989-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153, CVE-2021-3588
SHA-256 | 9ce6d46d00d0a483d4190324ad1b23e72ff227a846328a5bacca58006f043db1
MailDepot 2033 2.3.3022 Cross Site Scripting
Posted Nov 16, 2020
Authored by Micha Borrmann, Thomas Engel | Site syss.de

MailDepot version 2033 (2.3.3022) suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-26554
SHA-256 | f82776b6e406fc3d421c55e64c73955573843831dc5dcd361b30f289b3c99402
Ubuntu Security Notice USN-4257-1
Posted Jan 29, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4257-1 - It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655, CVE-2020-2659
SHA-256 | 6ff75ec4f2760a95daaed763e796bf97b21dbc327f79938f280f8cf9600b8e58
Red Hat Security Advisory 2020-0232-01
Posted Jan 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0232-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655
SHA-256 | dcaf913ddc62f88e450aedd0e102887694a3fddde090c49c4b56264136114ab6
Debian Security Advisory 4605-1
Posted Jan 19, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4605-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655
SHA-256 | 81ae3831a6c6b68ea22139b22950515a537562ba94ed1d25737ae9682d223bdc
Red Hat Security Advisory 2020-0122-01
Posted Jan 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0122-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655
SHA-256 | bdab1bfe4a84d3390eb90e48e33251d4b03b5a8842fcbd0f79be5056b303984f
Red Hat Security Advisory 2020-0128-01
Posted Jan 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0128-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655
SHA-256 | 5617d29628ffce51248eb0b2e505408cf48cbd53d7e49c4947c1db6e437c17a5
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close