Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5879 matches found

CNVD
CNVDadded 2021/09/02 12:0 a.m.14 views

MIK.starlight has unspecified vulnerabilities

MIK.starlight is the departmental access and creation dashboard, reporting and planning environment. A security vulnerability exists in MIK.starlight version 7.9.5.24363, which stems from the use of hard-coded keys in the software, which allows an attacker to decrypt credentials via an unspecifie...

5.5CVSS5.6AI score0.00046EPSS
Exploits0References1
Cvelist
Cvelistadded 2021/08/31 5:45 p.m.11 views

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

5.6AI score0.00046EPSS
Exploits0References2
NVD
NVDadded 2021/08/30 5:15 p.m.12 views

CVE-2021-29723

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100...

7.5CVSS0.00142EPSS
Exploits0References3
OSV
OSVadded 2021/08/30 5:15 p.m.2 views

CVE-2021-29722

IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095...

7.5CVSS5.5AI score
Exploits0References3
CNNVD
CNNVDadded 2021/08/30 12:0 a.m.1 views

IBM Sterling Secure Proxy 加密问题漏洞

IBM Sterling Secure Proxy creates a security barrier for trusted networks by preventing direct connections between external partners and internal servers. IBM Sterling Secure Proxy versions 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contain a weak encryption algorithm vulnerability. An attacker could...

7.5CVSS5.6AI score0.00142EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2021/08/25 12:0 a.m.39 views

FreeBSD : OpenSSL -- multiple vulnerabilities (96811d4a-04ec-11ec-9b84-d4c9ef517024)

The OpenSSL project reports : SM2 Decryption Buffer Overflow CVE-2021-3711: High Read buffer overruns processing ASN.1 strings CVE-2021-3712 : Moderate %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML...

9.8CVSS7.1AI score0.02544EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2021/08/25 12:0 a.m.31 views

SUSE SLED12 / SLES12 Security Update : openssl-1_1 (SUSE-SU-2021:2833-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2833-1 advisory. - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

9.8CVSS7.4AI score0.02544EPSS
Exploits1References7
OpenVAS
OpenVASadded 2021/08/25 12:0 a.m.17 views

OpenSSL: SM2 Decryption Buffer Overflow (20210824) - Windows

OpenSSL is prone to a buffer overflow vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.9AI score0.02544EPSS
Exploits1References1
OpenVAS
OpenVASadded 2021/08/25 12:0 a.m.23 views

OpenSSL: SM2 Decryption Buffer Overflow (20210824) - Linux

OpenSSL is prone to a buffer overflow vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.9AI score0.02544EPSS
Exploits1References1
OSV
OSVadded 2021/08/24 3:26 p.m.2 views

USN-5051-1 openssl vulnerabilities

John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. CVE-2021-3711 Ingo Schwarze discovered that OpenSSL...

9.8CVSS6.8AI score0.02544EPSS
Exploits1References3
Debian
Debianadded 2021/08/24 3:16 p.m.186 views

[SECURITY] [DSA 4963-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4963-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2021 https://www.debian.org/security/faq -...

9.8CVSS9AI score0.02544EPSS
Exploits1
Debian
Debianadded 2021/08/24 3:16 p.m.100 views

[SECURITY] [DSA 4963-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4963-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 24, 2021 https://www.debian.org/security/faq -...

7.5CVSS1.2AI score0.02544EPSS
Exploits1
OSV
OSVadded 2021/08/24 3:15 p.m.2 views

AZL-6779 CVE-2021-3711 affecting package openssl for versions less than 1.1.1k-11

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS7AI score0.02544EPSS
Exploits1References1
OSV
OSVadded 2021/08/24 3:15 p.m.0 views

ALPINE-CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS7.5AI score0.02544EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2021/08/24 2:50 p.m.59 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS8.3AI score0.02544EPSS
Exploits1
Cvelist
Cvelistadded 2021/08/24 2:50 p.m.19 views

CVE-2021-3711 SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.9AI score0.02544EPSS
Exploits1References17
RedhatCVE
RedhatCVEadded 2021/08/24 2:40 p.m.78 views

CVE-2021-3711

A flaw was found in openssl. A miscalculation of a buffer size was found in openssl's SM2 decryption function, allowing up to 62 arbitrary bytes to be written outside of the buffer. A remote attacker could use this flaw to crash an application supporting SM2 signature or encryption algorithm, or,...

9.8CVSS2.3AI score0.02544EPSS
Exploits1References4
RustSec
RustSecadded 2021/08/24 12:0 p.m.47 views

SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS9.5AI score0.02544EPSS
Exploits1Affected Software1
OSV
OSVadded 2021/08/24 12:0 p.m.85 views

RUSTSEC-2021-0097 SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS9.1AI score0.02544EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2021/08/24 12:0 a.m.63 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS7.1AI score0.02544EPSS
Exploits1References3
Rows per page
Query Builder