Lucene search
K
OracleEssbase

23 matches found

CVE
CVE
added 2021/02/16 4:55 p.m.2008 views

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

5.9CVSS7AI score0.07471EPSS
CVE
CVE
added 2020/12/08 3:30 p.m.1190 views

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

5.9CVSS5.7AI score0.06968EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.763 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.709 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2020/12/14 7:39 p.m.556 views

CVE-2020-8286

The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...

7.5CVSS7.6AI score0.04575EPSS
CVE
CVE
added 2021/04/01 5:45 p.m.445 views

CVE-2021-22876

The Connected documents confirm CVE-2021-22876 affects curl/libcurl 7.1.1 through 7.75.0, where libcurl fails to remove user credentials from URLs when populating the Referer header, leading to leakage of credentials to the server of the second request. The root cause is improper handling of cred...

5.3CVSS5.7AI score0.05301EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.407 views

CVE-2021-22898

CVE-2021-22898 affects curl before the patch levels that fix TELNET option handling. Specifically, curl 7.7–7.76.1 could disclose information when using the -t option (CURLOPT_TELNETOPTIONS) to send NEW_ENV variables due to a flaw in the option parser that passes uninitialized data from a stack b...

3.1CVSS5.3AI score0.04385EPSS
CVE
CVE
added 2020/12/14 7:39 p.m.400 views

CVE-2020-8285

CVE-2020-8285 is a curl/libcurl vulnerability in the FTP wildcard match parsing. The issue triggers uncontrolled recursion leading to a stack overflow when the internal callback returns CURL_CHUNK_BGN_FUNC_SKIP repeatedly, potentially causing a crash. Affected software includes curl/libcurl from ...

7.5CVSS7.7AI score0.09917EPSS
CVE
CVE
added 2020/12/14 7:38 p.m.387 views

CVE-2020-8284

CVE-2020-8284 affects curl's handling of FTP PASV responses, enabling a malicious FTP server to coax curl into connecting to an attacker-controlled IP/port and potentially reveal private services (port scanning, banner extraction). Affects curl prior to patched versions; multiple advisories refer...

4.3CVSS6AI score0.03851EPSS
CVE
CVE
added 2021/04/01 5:46 p.m.360 views

CVE-2021-22890

CVE-2021-22890 affects curl 7.63.0 through 7.75.0. When using TLS 1.3 with an HTTPS proxy, libcurl could confuse TLS session tickets from the proxy as if they came from the remote server, potentially causing the host’s session ticket to be resumed incorrectly and bypass server certificate checks,...

4.3CVSS4.9AI score0.03141EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.294 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.264 views

CVE-2021-22901

CVE-2021-22901 affects curl/libcurl up to version 7.76.x for builds using OpenSSL. A use-after-free during TLS 1.3 session-ticket handling on a single connection can lead to remote code execution in rare cases. Impact is tied to memory access after freeing objects when a session ticket arrives on...

8.1CVSS8.2AI score0.60122EPSS
CVE
CVE
added 2019/08/29 12:0 a.m.228 views

CVE-2019-12402

CVE-2019-12402 affects Apache Commons Compress 1.15–1.18, where the internal file-name encoding can loop infinitely and cause DoS when processing crafted archives. Connected docs show multiple vendors referencing this CVE in product advisories (e.g., Atlassian Confluence with dependency notes; IB...

7.5CVSS7.1AI score0.16157EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.202 views

CVE-2021-22897

CVE-2021-22897 affects curl/libcurl when built with Schannel TLS. A bug stores the CURLOP SSL_CIPHER_LIST selection in a single static variable, causing the last cipher set to apply to all concurrent transfers. This can lead to exposure of data to the wrong session and weaker transport security. ...

5.3CVSS5.5AI score0.02979EPSS
CVE
CVE
added 2020/10/30 11:10 a.m.197 views

CVE-2020-7760

This CVE-2020-7760 affects CodeMirror prior to 5.58.2 (and org.apache.marmotta.webjars:codemirror) with a ReDOs vulnerability in a JavaScript mode regex (sub-pattern (s|/. ?/) ). IBM’s bulletin confirms the same issue and notes watsonx.data is affected (version 2.2.1) and that remediation is to u...

7.5CVSS6.1AI score0.05197EPSS
CVE
CVE
added 2021/05/20 1:15 a.m.144 views

CVE-2021-20718

The CVE-2021-20718 issue affects mod_auth_openidc versions 2.4.0 through 2.4.7, enabling a remote attacker to cause a denial-of-service (DoS) via unspecified vectors. Connected advisories indicate a fixed version (e.g., 2.4.8.x/2.4.8.4) has been released in some distributions (Fedora/Mageia Debia...

7.5CVSS7.2AI score0.03395EPSS
CVE
CVE
added 2022/07/19 9:6 p.m.68 views

CVE-2022-21508

CVE-2022-21508 affects Oracle Essbase (Security and Provisioning) with affected version 21.3. The vulnerability enables a high-privilege attacker, who has logon and user interaction, to access or modify critical Oracle Essbase data. CVSS v3.1 base score is 5.8 (Confidentiality and Integrity impac...

5.8CVSS5.4AI score0.00244EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.64 views

CVE-2023-21943

Oracle Essbase 21.4 (Security and Provisioning) is affected by CVE-2023-21943. The vulnerability allows an unauthenticated, network-accessible attacker (HTTP) to compromise Essbase, requiring user interaction and potentially leading to unauthorized access to sensitive data. CVSS v3.1 base score i...

5.3CVSS5AI score0.00513EPSS
CVE
CVE
added 2023/07/18 8:18 p.m.63 views

CVE-2023-22010

The CVE-2023-22010 vulnerability affects Oracle Essbase Security and Provisioning in version 21.4.3.0.0. It is described as a difficult-to-exploit information-disclosure issue that can let a high-privileged attacker with network access over HTTP read a subset of data. Multiple connected sources c...

2.2CVSS1.9AI score0.0033EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.54 views

CVE-2023-21942

CVE-2023-21942 affects Oracle Essbase (Security and Provisioning) with affected version 21.4. The vulnerability enables an unauthenticated attacker over the network (via HTTP) to compromise Essbase; exploitation requires user interaction from someone other than the attacker, and can lead to unaut...

5.3CVSS5AI score0.00513EPSS
CVE
CVE
added 2023/04/18 7:54 p.m.50 views

CVE-2023-21944

CVE-2023-21944 affects Oracle Essbase (Security and Provisioning), with vulnerable version 21.4. An unauthenticated attacker can access via HTTP over the network; exploitation requires user interaction and can lead to unauthorized access to data. The issue is one of several in the Oracle Essbase ...

5.3CVSS5AI score0.00513EPSS
CVE
CVE
added 2025/10/21 8:3 p.m.15 views

CVE-2025-61763

Summary (mode C): CVE-2025-61763 affects Oracle Essbase (Essbase Web Platform) with v21.7.3.0.0. The vulnerability allows an unauthenticated, network-accessing attacker over HTTP to cause unauthorized creation/deletion/modification of data or complete data access, with CVSS v3.1 score 8.1 (High) ...

8.1CVSS6.2AI score0.00246EPSS