Lucene search
+L

7 matches found

CVE
CVE
added 2021/08/24 2:50 p.m.766 views

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

9.8CVSS9.9AI score0.87816EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.713 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.413 views

CVE-2021-22898

CVE-2021-22898 affects curl before the patch levels that fix TELNET option handling. Specifically, curl 7.7–7.76.1 could disclose information when using the -t option (CURLOPT_TELNETOPTIONS) to send NEW_ENV variables due to a flaw in the option parser that passes uninitialized data from a stack b...

3.1CVSS5.3AI score0.04385EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.299 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.265 views

CVE-2021-22901

CVE-2021-22901 affects curl/libcurl up to version 7.76.x for builds using OpenSSL. A use-after-free during TLS 1.3 session-ticket handling on a single connection can lead to remote code execution in rare cases. Impact is tied to memory access after freeing objects when a session ticket arrives on...

8.1CVSS8.2AI score0.60122EPSS
CVE
CVE
added 2021/06/11 3:49 p.m.202 views

CVE-2021-22897

CVE-2021-22897 affects curl/libcurl when built with Schannel TLS. A bug stores the CURLOP SSL_CIPHER_LIST selection in a single static variable, causing the last cipher set to apply to all concurrent transfers. This can lead to exposure of data to the wrong session and weaker transport security. ...

5.3CVSS5.5AI score0.02979EPSS
CVE
CVE
added 2021/05/20 1:15 a.m.144 views

CVE-2021-20718

The CVE-2021-20718 issue affects mod_auth_openidc versions 2.4.0 through 2.4.7, enabling a remote attacker to cause a denial-of-service (DoS) via unspecified vectors. Connected advisories indicate a fixed version (e.g., 2.4.8.x/2.4.8.4) has been released in some distributions (Fedora/Mageia Debia...

7.5CVSS7.2AI score0.03395EPSS