2020-12-08
|
CVE-2020-1971
|
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp...
|
Debian_linux, Fedora, Active_iq_unified_manager, Aff_a250_firmware, Clustered_data_ontap_antivirus_connector, Data_ontap, E\-Series_santricity_os_controller, Ef600a_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_smi\-S_provider, Snapcenter, Solidfire, Node\.js, Openssl, Api_gateway, Business_intelligence, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_diameter_intelligence_hub, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_manager_base_platform, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Graalvm, Http_server, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Log_correlation_engine, Nessus_network_monitor
|
5.9
|
|
|
2021-08-24
|
CVE-2021-3711
|
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out"...
|
Debian_linux, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Santricity_smi\-S_provider, Snapcenter, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Nessus_network_monitor, Tenable\.sc
|
9.8
|
|
|
2021-08-24
|
CVE-2021-3712
|
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the...
|
Debian_linux, Epolicy_orchestrator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Santricity_smi\-S_provider, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_console, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Nessus_network_monitor, Tenable\.sc
|
7.4
|
|
|
2019-04-20
|
CVE-2019-11358
|
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
|
Backdrop, Debian_linux, Drupal, Fedora, Joomla\!, Jquery, Junos, Oncommand_system_manager, Snapcenter, Backports_sle, Leap, Agile_product_lifecycle_management_for_process, Application_express, Application_service_level_management, Application_testing_suite, Banking_digital_experience, Banking_enterprise_collections, Banking_platform, Bi_publisher, Big_data_discovery, Business_process_management_suite, Communications_analytics, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_services_gatekeeper, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_webrtc_session_controller, Diagnostic_assistant, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_enterprise_financial_performance_analytics, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Financial_services_retail_customer_analytics, Financial_services_retail_performance_analytics, Financial_services_revenue_management_and_billing, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_guest_access, Hospitality_materials_control, Hospitality_simphony, Identity_manager, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_ifrs_17_analyzer, Insurance_insbridge_rating_and_underwriting, Insurance_performance_insight, Jd_edwards_enterpriseone_tools, Jdeveloper, Jdeveloper_and_adf, Knowledge, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Rest_data_services, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_point\-Of\-Service, Retail_returns_management, Service_bus, Siebel_mobile_applications, Siebel_ui_framework, Storagetek_tape_analytics_sw_tool, System_utilities, Tape_library_acsls, Transportation_management, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server, Cloudforms, Virtualization_manager
|
6.1
|
|
|
2019-11-08
|
CVE-2019-10219
|
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
|
Active_iq_unified_manager, Element, Management_services_for_element_software_and_netapp_hci, Snapcenter_plug\-In, Access_manager, Agile_engineering_data_management, Agile_plm, Agile_product_lifecycle_analytics, Agile_product_lifecycle_management_integration_pack, Airlines_data_model, Application_express, Application_performance_management, Application_testing_suite, Argus_analytics, Argus_insight, Argus_safety, Banking_apis, Banking_deposits_and_lines_of_credit_servicing, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_loans_servicing, Banking_party_management, Banking_platform, Bi_publisher, Big_data_spatial_and_graph, Business_activity_monitoring, Business_intelligence, Business_process_management_suite, Clinical, Commerce_guided_search, Commerce_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_calendar_server, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_binding_support_function, Communications_cloud_native_core_console, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_convergent_charging_controller, Communications_data_model, Communications_design_studio, Communications_diameter_signaling_route, Communications_eagle_application_processor, Communications_instant_messaging_server, Communications_interactive_session_recorder, Communications_messaging_server, Communications_metasolv_solution, Communications_network_charging_and_control, Communications_network_integrity, Communications_offline_mediation_controller, Communications_operations_monitor, Communications_pricing_design_center, Communications_service_broker, Communications_services_gatekeeper, Communications_session_border_controller, Communications_unified_inventory_management, Communications_webrtc_session_controller, Data_integrator, Database_server, Demantra_demand_management, Documaker, E\-Business_suite, Enterprise_communications_broker, Enterprise_data_quality, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Essbase_administration_services, Financial_services_analytical_applications_infrastructure, Financial_services_behavior_detection_platform, Financial_services_enterprise_case_management, Financial_services_foreign_account_tax_compliance_act_management, Financial_services_model_management_and_governance, Financial_services_trade\-Based_anti_money_laundering, Flexcube_investor_servicing, Flexcube_private_banking, Fujitsu_m10\-1_firmware, Fujitsu_m10\-4_firmware, Fujitsu_m10\-4s_firmware, Fujitsu_m12\-1_firmware, Fujitsu_m12\-2_firmware, Fujitsu_m12\-2s_firmware, Fusion_middleware, Fusion_middleware_mapviewer, Goldengate, Goldengate_application_adapters, Graalvm, Graph_server_and_client, Health_sciences_clinical_development_analytics, Health_sciences_inform_crf_submit, Health_sciences_information_manager, Healthcare_data_repository, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_shipboard_property_management_system, Hospitality_opera_5_property_services, Hospitality_reporting_and_analytics, Hospitality_suite8, Http_server, Hyperion_financial_management, Hyperion_ilearning, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Insurance_data_gateway, Insurance_insbridge_rating_and_underwriting, Insurance_policy_administration, Insurance_policy_administration_j2ee, Insurance_rules_palette, Java_se, Jd_edwards_enterpriseone_orchestrator, Jdk, Managed_file_transfer, Mysql_cluster, Mysql_connectors, Mysql_server, Mysql_workbench, Nosql_database, Oss_support_tools, Peoplesoft_enterprise_cs_sa_integration_pack, Peoplesoft_enterprise_people_tools, Peoplesoft_enterprise_peopletools, Policy_automation, Primavera_analytics, Primavera_data_warehouse, Primavera_gateway, Primavera_p6_enterprise_project_portfolio_management, Primavera_p6_professional_project_management, Primavera_portfolio_management, Primavera_unifier, Rapid_planning, Real\-Time_decision_server, Real_user_experience_insight, Rest_data_services, Retail_allocation, Retail_analytics, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_eftlink, Retail_extract_transform_and_load, Retail_financial_integration, Retail_fiscal_management, Retail_integration_bus, Retail_invoice_matching, Retail_merchandising_system, Retail_order_broker, Retail_order_management_system, Retail_point\-Of\-Sale, Retail_predictive_application_server, Retail_price_management, Retail_returns_management, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Sd\-Wan_aware, Sd\-Wan_edge, Secure_backup, Siebel_applications, Solaris, Spatial_studio, Thesaurus_management_system, Timesten_in\-Memory_database, Utilities_framework, Utilities_testing_accelerator, Vm_virtualbox, Webcenter_portal, Weblogic_server, Zfs_storage_appliance_kit, Zfs_storage_application_integration_engineering_software, Fuse, Hibernate_validator, Jboss_data_grid, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On
|
6.1
|
|
|
2020-04-29
|
CVE-2020-11022
|
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
|
Debian_linux, Drupal, Fedora, Jquery, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Max_data, Oncommand_insight, Oncommand_system_manager, Snap_creator_framework, Snapcenter, Leap, Agile_product_lifecycle_management_for_process, Agile_product_supplier_collaboration_for_process, Application_testing_suite, Banking_digital_experience, Blockchain_platform, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router_idih\:, Communications_eagle_application_processor, Communications_services_gatekeeper, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Healthcare_foundation, Hospitality_materials_control, Hospitality_simphony, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_insbridge_rating_and_underwriting, Jdeveloper, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Retail_back_office, Retail_customer_management_and_segmentation_foundation, Retail_returns_management, Siebel_ui_framework, Storagetek_acsls, Weblogic_server, Log_correlation_engine
|
6.1
|
|
|
2021-04-13
|
CVE-2021-29425
|
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
|
Commons_io, Debian_linux, Active_iq_unified_manager, Access_manager, Agile_engineering_data_management, Agile_plm, Application_performance_management, Application_testing_suite, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_enterprise_default_managment, Banking_party_management, Banking_platform, Blockchain_platform, Commerce_guided_search, Communications_application_session_controller, Communications_billing_and_revenue_management_elastic_charging_engine, Communications_cloud_native_core_network_repository_function, Communications_cloud_native_core_policy, Communications_cloud_native_core_unified_data_repository, Communications_contacts_server, Communications_converged_application_server_\-_service_controller, Communications_convergence, Communications_design_studio, Communications_diameter_intelligence_hub, Communications_interactive_session_recorder, Communications_offline_mediation_controller, Communications_order_and_service_management, Communications_policy_management, Communications_pricing_design_center, Communications_service_broker, Enterprise_communications_broker, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Flexcube_core_banking, Fusion_middleware_mapviewer, Health_sciences_data_management_workbench, Health_sciences_information_manager, Healthcare_data_repository, Helidon, Insurance_policy_administration, Insurance_rules_palette, Oss_support_tools, Primavera_unifier, Real_user_experience_insight, Rest_data_services, Retail_assortment_planning, Retail_integration_bus, Retail_merchandising_system, Retail_order_broker, Retail_pricing, Retail_service_backbone, Retail_size_profile_optimization, Retail_xstore_point_of_service, Solaris_cluster, Utilities_testing_accelerator, Webcenter_portal, Weblogic_server
|
4.8
|
|
|
2021-06-01
|
CVE-2021-23017
|
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
|
Nginx, Fedora, Ontap_select_deploy_administration_utility, Openresty, Blockchain_platform, Communications_control_plane_monitor, Communications_fraud_monitor, Communications_operations_monitor, Communications_session_border_controller, Enterprise_communications_broker, Enterprise_session_border_controller, Enterprise_telephony_fraud_monitor, Goldengate
|
7.7
|
|
|
2023-10-17
|
CVE-2023-22083
|
Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a...
|
Enterprise_session_border_controller
|
4.3
|
|
|