Lucene search
K
StormshieldStormshield Management Center

8 matches found

CVE
CVE
added 2023/02/08 7:1 p.m.1366 views

CVE-2023-0286

CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...

7.4CVSS7.7AI score0.59501EPSS
CVE
CVE
added 2023/02/08 7:3 p.m.972 views

CVE-2023-0215

CVE-2023-0215 describes a use-after-free in OpenSSL’s BIO_new_NDEF path used with SMIME/CMS/PKCS7 streaming. When a CMS recipient key is invalid, the filter BIO is freed but the caller’s BIO still holds pointers, allowing use-after-free on BIO_pop(); this can crash the process. Affected internal ...

7.5CVSS7.9AI score0.04494EPSS
CVE
CVE
added 2023/02/08 7:3 p.m.726 views

CVE-2023-0216

CVE-2023-0216 : OpenSSL contains an invalid pointer dereference on read when an application loads malformed PKCS7 data via d2i_PKCS7(), d2i_PKCS7_bio(), or d2i_PKCS7_fp(). This can cause an application crash and potentially a denial of service. The description notes that the TLS implementation it...

7.5CVSS7.6AI score0.01846EPSS
CVE
CVE
added 2023/02/08 7:0 p.m.717 views

CVE-2023-0401

CVE-2023-0401 describes a NULL pointer dereference during PKCS7 data verification in OpenSSL. The digest initialization can fail when the signature hash algorithm is known but the implementation is unavailable, due to a missing check on the initialization return value. This can lead to invalid di...

7.5CVSS7.7AI score0.01846EPSS
CVE
CVE
added 2021/11/11 12:0 a.m.401 views

CVE-2002-20001

CVE-2002-20001 describes a Diffie-Hellman key exchange weakness where a remote attacker (from the client side) can send non-public values to induce expensive server-side DHE modular-exponentiation, potentially impacting availability. The description specifies that the attack is most disruptive wh...

7.5CVSS7.3AI score0.23061EPSS
CVE
CVE
added 2022/07/14 12:0 a.m.255 views

CVE-2022-32215

CVE-2022-32215 concerns the llhttp parser used by Node.js. The http module can mis-handle multi-line Transfer-Encoding headers in vulnerable builds, enabling HTTP Request Smuggling (HRS). Affected are Node.js ships with llhttp < v14.20.1, < v16.17.1, and

6.5CVSS7.1AI score0.68796EPSS
CVE
CVE
added 2022/07/14 12:0 a.m.254 views

CVE-2022-32213

CVE-2022-32213 concerns the llhttp parser in Node.js’ http module, where the parser may incorrectly parse and validate Transfer-Encoding headers, enabling HTTP Request Smuggling (HRS). The vulnerability is cited in multiple advisories (Debian, Red Hat, and Amazon Linux family) as part of a set in...

6.5CVSS7.2AI score0.41954EPSS
CVE
CVE
added 2022/07/14 12:0 a.m.223 views

CVE-2022-32214

CVE-2022-32214 affects the Node.js http module via the llhttp parser, where versions <14.20.1, <16.17.1, and =14.20.1, >=16.17.1, >=18.9.1 or newer Node.js releases that bundle these llhttp versions). If exploitation details or CVSS changes are needed, refer to the linked advisories i...

6.5CVSS7AI score0.81464EPSS