18 matches found
CVE-2019-1559
OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...
CVE-2020-7595
CVE-2020-7595 affects libxml2, specifically the xmlStringLenDecodeEntities function in parser.c of version 2.9.10, which can enter an infinite loop in certain end-of-file situations. Several connected advisories (e.g., ASA-202011-15) corroborate the issue and describe the impact as potential deni...
CVE-2021-3537
Summary: CVE-2021-3537 affects libxml2 up to 2.9.11. In XML mixed content parsing, errors were not propagated, causing a NULL dereference when an untrusted document is parsed in recovery mode and post-validated, with availability as the highest impact. The connected documents confirm the vulnerab...
CVE-2021-3517
CVE-2021-3517 is a libxml2 vulnerability affecting versions before 2.9.11. A flaw in the xml entity encoding functionality could allow processing of a crafted XML file to trigger an out‑of‑bounds read, with availability impact and potential confidentiality/integrity impact if memory information i...
CVE-2019-20388
CVE-2019-20388 affects libxml2 2.9.10. The Broadcom advisory BSNSA36819 confirms a memory leak in xmlSchemaValidateStream (xmlschemas.c) that can impact availability (memory exhaustion) when processing XML schemas. Affected component: libxml2’s xmlSchemaValidateStream; root cause relates to a lea...
CVE-2018-0735
CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...
CVE-2021-3541
CVE-2021-3541 describes a vulnerability in libxml2 where exponential entity expansion can bypass protections and cause a denial of service. The Initial Description confirms the flaw and its DoS impact, and connected documents (e.g., Astra Linux bulletin and BSNSA entries) reiterate libxml2 involv...
CVE-2022-23308
CVE-2022-23308 affects libxml2 before 2.9.13, caused by a use-after-free in ID/IDREF attributes in valid.c. The NVD data shows a CVSS 3.1 base score of 7.5 (NETWORK, PR:N, UI:N, S:U, C:N/I:N/A:H) and CVSS 2.0 base score of 4.3 (NETWORK, A:P). Connected advisories confirm the same flaw and referen...
CVE-2020-24977
CVE-2020-24977 affects GNOME libxml2 up to version 2.9.10. The issue is a global buffer over-read in xmlEncodeEntitiesInternal (libxml2/entities.c), which can lead to information disclosure or crash conditions. The vulnerability was fixed in the commit 50f06b3e. Connected advisories corroborate l...
CVE-2021-3518
CVE-2021-3518 details (libxml2): A use-after-free exists in libxml2 before v2.9.11 when processing crafted input files through an application linked with libxml2. This can impact confidentiality, integrity, and availability. The issue is triggered by processing a specially crafted file via libxml...
CVE-2022-29824
Summary: CVE-2022-29824 affects libxml2 up to version 2.9.14. Several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) fail to check integer overflows, causing out-of-bounds memory writes when processing crafted XML files. This vulnerability also affects software that uses lib...
CVE-2018-12015
CVE-2018-12015 affects the Archive::Tar module in Perl (up to 5.26.2). The vulnerability lets a crafted tar archive bypass directory-traversal protection and overwrite arbitrary files when a tar contains a symlink and a regular file with the same name. Affected advisories/archives confirm the iss...
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2018-18313
Perl before 5.26.3 is affected by a buffer over-read triggered by crafted regular expressions, which can disclose sensitive data from process memory. Public sources (e.g., USN-3834-1, Debian/CVE trackers) confirm CVE-2018-18313 and list affected platforms, noting that upgrading to Perl 5.26.3 or ...
CVE-2018-18312
Perl 5.26.3 and 5.28.0 before 5.28.1 are affected by CVE-2018-18312 due to a buffer overflow in handling crafted regular expressions (regcomp.c). The issue enables invalid writes when parsing certain regex patterns. Affected versions: Perl before 5.26.3 and 5.28.0 before 5.28.1. Fixes are availab...
CVE-2018-18314
CVE-2018-18314 affects Perl before 5.26.3, with a buffer overflow triggered by a crafted regular expression that leads to invalid write operations during compilation. Connected sources corroborate the issue and mention related details, including a root cause in regcomp.c (S_regatom) and potential...
CVE-2015-8960
The CVE-2015-8960 entry concerns TLS protocol versions 1.2 and earlier. The root cause is that certain ClientCertificateType values (rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, ecdsa_fixed_ecdh) are supported but the protocol does not document the ability to compute the master secret in scenarios...
CVE-2015-8544
CVE-2015-8544 affects NetApp SnapDrive for Windows. The vulnerability could allow a remote attacker to obtain sensitive information due to disclosure of data in cleartext. Affected versions include SnapDrive for Windows 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1; IBM's bulletin specifies affected rel...