2013-03-15
|
CVE-2013-2566
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
|
Ubuntu_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, Sparc_enterprise_m3000_firmware, Sparc_enterprise_m4000_firmware, Sparc_enterprise_m5000_firmware, Sparc_enterprise_m8000_firmware, Sparc_enterprise_m9000_firmware, Firefox, Seamonkey, Thunderbird, Thunderbird_esr, Communications_application_session_controller, Http_server, Integrated_lights_out_manager_firmware
|
5.9
|
|
|
2021-02-16
|
CVE-2021-23840
|
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these...
|
Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Epolicy_orchestrator, Node\.js, Openssl, Business_intelligence, Communications_cloud_native_core_policy, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_server, Nosql_database, Log_correlation_engine, Nessus_network_monitor
|
7.5
|
|
|
2020-12-14
|
CVE-2020-8284
|
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
|
Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Curl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder
|
3.7
|
|
|
2020-12-14
|
CVE-2020-8177
|
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
|
Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Curl, Sinec_infrastructure_network_services, Universal_forwarder
|
7.8
|
|
|
2020-12-14
|
CVE-2020-8285
|
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
|
Mac_os_x, Macos, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Libcurl, Clustered_data_ontap, Hci_bootstrap_os, Hci_management_node, Hci_storage_node_firmware, Solidfire, Communications_billing_and_revenue_management, Communications_cloud_native_core_policy, Essbase, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Universal_forwarder
|
7.5
|
|
|
2017-11-13
|
CVE-2016-8610
|
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.
|
Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Data_ontap, Data_ontap_edge, E\-Series_santricity_os_controller, Host_agent, Oncommand_balance, Oncommand_unified_manager, Oncommand_workflow_automation, Ontap_select_deploy, Service_processor, Smi\-S_provider, Snapcenter_server, Snapdrive, Storagegrid, Storagegrid_webscale, Openssl, Adaptive_access_manager, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Peoplesoft_enterprise_peopletools, Retail_predictive_application_server, Timesten_in\-Memory_database, Weblogic_server, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Jboss_enterprise_application_platform
|
7.5
|
|
|
2019-01-31
|
CVE-2019-6109
|
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
|
Ubuntu_linux, Debian_linux, Fedora, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Element_software, Ontap_select_deploy, Storage_automation_store, Openssh, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Scalance_x204rna_eec_firmware, Scalance_x204rna_firmware, Winscp
|
6.8
|
|
|
2019-01-31
|
CVE-2019-6111
|
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate...
|
Mina_sshd, Ubuntu_linux, Debian_linux, Fedora, Freebsd, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Openssh, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Scalance_x204rna_eec_firmware, Scalance_x204rna_firmware, Winscp
|
5.9
|
|
|
2021-01-27
|
CVE-2021-3326
|
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
|
Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Glibc, E\-Series_santricity_os_controller, Ontap_select_deploy_administration_utility, Communications_cloud_native_core_security_edge_protection_proxy
|
7.5
|
|
|
2019-01-10
|
CVE-2018-20685
|
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
|
Ubuntu_linux, Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Element_software, Ontap_select_deploy, Steelstore_cloud_integrated_storage, Storage_automation_store, Openssh, Solaris, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Scalance_x204rna_eec_firmware, Scalance_x204rna_firmware, Winscp
|
5.3
|
|
|