Essbase Security Vulnerabilities and Issues — Essbase CVE List

Lucene search

OracleEssbase

10 matches found

CVE•added 2021/02/16 5:15 p.m.•1934 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.00706EPSS

CVE•added 2021/03/25 3:15 p.m.•759 views

CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a...

5.9CVSS6.7AI score0.15408EPSS

CVE•added 2021/08/24 3:15 p.m.•651 views

CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size req...

9.8CVSS9.9AI score0.03046EPSS

CVE•added 2021/08/24 3:15 p.m.•632 views

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byt...

7.4CVSS8AI score0.01294EPSS

CVE•added 2021/04/01 6:15 p.m.•409 views

CVE-2021-22876

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header fiel...

5.3CVSS5.7AI score0.00053EPSS

CVE•added 2021/06/11 4:15 p.m.•378 views

CVE-2021-22898

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uni...

3.1CVSS5.3AI score0.00143EPSS

CVE•added 2021/04/01 6:15 p.m.•333 views

CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived fro...

4.3CVSS4.9AI score0.00143EPSS

CVE•added 2021/06/11 4:15 p.m.•230 views

CVE-2021-22901

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. Wh...

8.1CVSS8.2AI score0.00344EPSS

CVE•added 2021/06/11 4:15 p.m.•169 views

CVE-2021-22897

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising...

5.3CVSS5.5AI score0.01081EPSS

CVE•added 2021/05/20 2:15 a.m.•129 views

CVE-2021-20718

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.

7.5CVSS7.2AI score0.0306EPSS