• git://
#Vulnerabilities 5085
Date Id Summary Products Score Patch Annotated
2017-02-03 CVE-2016-4571 The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. Debian_linux, Mini\-Xml 5.5
2019-12-20 CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Log4j, Ubuntu_linux, Debian_linux, Oncommand_system_manager, Oncommand_workflow_automation, Leap, Application_testing_suite, Communications_network_integrity, Endeca_information_discovery_studio, Financial_services_lending_and_leasing, Primavera_gateway, Rapid_planning, Retail_extract_transform_and_load, Retail_service_backbone, Weblogic_server 9.8
2021-01-27 CVE-2021-26117 The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. Activemq, Activemq_artemis, Debian_linux, Oncommand_workflow_automation 7.5
2021-02-15 CVE-2021-23336 The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can... Debian_linux, Django, Fedora, Inventory_collect_tool, Ontap_select_deploy_administration_utility, Snapcenter, Zfs_storage_appliance, Python 5.9
2021-02-16 CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these... Debian_linux, Openssl, Enterprise_manager_ops_center, Graalvm, Mysql_server, Nosql_database, Log_correlation_engine, Nessus_network_monitor 7.5
2021-02-16 CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function... Ipad_os, Iphone_os, Macos, Safari, Debian_linux, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Openssl, Enterprise_manager_ops_center, Graalvm, Mysql_enterprise_monitor, Mysql_server, Nessus_network_monitor, Tenable\.sc 5.9
2021-03-25 CVE-2021-3449 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default... Multi\-Domain_management_firmware, Quantum_security_gateway_firmware, Quantum_security_management_firmware, Debian_linux, Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Storagegrid, Openssl, Graalvm, Mysql_server, Mysql_workbench, Secure_global_desktop, Log_correlation_engine, Nessus, Nessus_network_monitor, Tenable\.sc 5.9
2021-05-13 CVE-2021-32917 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth. Debian_linux, Fedora, Prosody 5.3
2021-05-13 CVE-2021-32921 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker. Debian_linux, Fedora, Prosody 5.9
2021-06-09 CVE-2021-26313 Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. Cortex\-A72, Bcm2711, Debian_linux, Core_i7\-10700k, Core_i7\-7700k, Core_i9\-9900k, Xeon_silver_4214, Xen 5.5