13 matches found
CVE-2020-11022
CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.
CVE-2021-23017
CVE-2021-23017 affects nginx's resolver. A security issue arises from an off-by-one in ngx_resolver_copy when DNS labels are followed by a root-domain pointer, allowing a crafted UDP response to overwrite the least significant byte of the next heap chunk metadata. This can lead to a worker proces...
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2020-1971
CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...
CVE-2021-3711
CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2021-29425
CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2022-21381
The CVE-2022-21381 entry concerns Oracle Communications’ Oracle Enterprise Session Border Controller (ESC) WebUI. Affected versions are 8.4 and 9.0. The vulnerability allows a low-privilege attacker who can reach the device over HTTP to compromise the ESC, potentially leading to unauthorized upda...
CVE-2022-21382
CVE-2022-21382 affects Oracle Communications’ Oracle Enterprise Session Border Controller (WebUI) for the 8.4 and 9.0 ranges. A low-privilege, network-accessible attacker (via HTTP) can compromise the device, potentially enabling unauthorized creation, deletion or modification of data on the ECSB...
CVE-2022-21383
CVE-2022-21383 affects Oracle Communications’ Oracle Enterprise Session Border Controller (E-SBC), specifically the “Log” component. Affected software versions are 8.4 and 9.0. The vulnerability allows a low-privilege, network-authenticated attacker (via HTTP) to compromise the E-SBC and can lead...
CVE-2023-22083
CVE-2023-22083 pertains to Oracle’s Enterprise Session Border Controller (ESBC) Web UI. The issue, affecting ESBC versions 9.0–9.2, arises from insufficient input validation in the Web UI. An unauthenticated attacker who can reach the ESBC over HTTPS can trigger a read access to a subset of data,...
CVE-2020-14630
CVE-2020-14630 is a vulnerability in Oracle Enterprise Session Border Controller (E-SBC) File Upload, affecting 8.1.0/8.2.0/8.3.0. The issue enables a high-privileged attacker who can reach the E-SBC over HTTP to cause a hang/crash (DOS) and unauthorized data modifications/reads. The base CVSS v3...