|
2021-07-13
|
CVE-2021-35517
|
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
|
Commons_compress, Active_iq_unified_manager, Oncommand_insight, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_party_management, Banking_payments, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Commerce_guided_search, Communications_billing_and_revenue_management, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_messaging_server, Communications_session_route_manager, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Healthcare_data_repository, Insurance_policy_administration, Peoplesoft_enterprise_peopletools, Primavera_unifier, Utilities_testing_accelerator, Webcenter_portal
|
7.5
|
|
|
|
2021-07-13
|
CVE-2021-36090
|
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
|
Commons_compress, Active_iq_unified_manager, Oncommand_insight, Banking_apis, Banking_digital_experience, Banking_enterprise_default_management, Banking_party_management, Banking_payments, Banking_platform, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Commerce_guided_search, Communications_billing_and_revenue_management, Communications_cloud_native_core_automated_test_suite, Communications_cloud_native_core_service_communication_proxy, Communications_cloud_native_core_unified_data_repository, Communications_diameter_intelligence_hub, Communications_element_manager, Communications_messaging_server, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Financial_services_analytical_applications_infrastructure, Financial_services_crime_and_compliance_management_studio, Financial_services_enterprise_case_management, Flexcube_universal_banking, Healthcare_data_repository, Insurance_policy_administration, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Utilities_testing_accelerator, Webcenter_portal
|
7.5
|
|
|
|
2021-08-12
|
CVE-2021-32808
|
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
|
Ckeditor, Fedora, Application_express, Banking_party_management, Commerce_guided_search, Commerce_merchandising, Documaker, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Siebel_ui_framework, Webcenter_sites
|
5.4
|
|
|
|
2021-08-12
|
CVE-2021-32809
|
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in...
|
Ckeditor, Fedora, Application_express, Banking_party_management, Commerce_guided_search, Commerce_merchandising, Documaker, Financial_services_analytical_applications_infrastructure, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools
|
5.4
|
|
|
|
2021-08-13
|
CVE-2021-37695
|
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2.
|
Ckeditor, Debian_linux, Fedora, Application_express, Banking_party_management, Commerce_guided_search, Commerce_merchandising, Documaker, Financial_services_analytical_applications_infrastructure, Financial_services_model_management_and_governance, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools
|
5.4
|
|
|
|
2021-08-18
|
CVE-2021-37714
|
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available...
|
Jsoup, Management_services_for_element_software_and_netapp_hci, Banking_trade_finance, Banking_treasury_management, Business_process_management_suite, Communications_messaging_server, Financial_services_crime_and_compliance_management_studio, Flexcube_universal_banking, Hospitality_token_proxy_service, Middleware_common_libraries_and_tools, Peoplesoft_enterprise_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Stream_analytics, Webcenter_portal, Quarkus
|
7.5
|
|
|
|
2021-08-24
|
CVE-2021-3711
|
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out"...
|
Debian_linux, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Santricity_smi\-S_provider, Snapcenter, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Nessus_network_monitor, Tenable\.sc
|
9.8
|
|
|
|
2021-08-24
|
CVE-2021-3712
|
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the...
|
Debian_linux, Epolicy_orchestrator, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, E\-Series_santricity_os_controller, Hci_management_node, Manageability_software_development_kit, Santricity_smi\-S_provider, Solidfire, Storage_encryption, Openssl, Communications_cloud_native_core_console, Communications_cloud_native_core_security_edge_protection_proxy, Communications_cloud_native_core_unified_data_repository, Communications_session_border_controller, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_session_border_controller, Essbase, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_enterprise_monitor, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_backup, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Nessus_network_monitor, Tenable\.sc
|
7.4
|
|
|
|
2021-09-16
|
CVE-2021-34798
|
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
|
Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc
|
7.5
|
|
|
|
2021-09-16
|
CVE-2021-36160
|
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
|
Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Communications_cloud_native_core_network_function_cloud_native_environment, Enterprise_manager_base_platform, Http_server, Instantis_enterprisetrack, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit
|
7.5
|
|
|