Page 11 of 222 results (0.017 seconds)

CVSS: 9.8EPSS: 5%CPEs: 42EXPL: 0

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. • http://www.openwall.com/lists/oss-security/2021/08/26/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E https://security.gentoo.org/glsa/202209-02 https://security.ge • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. La función wordexp de la biblioteca GNU C (también se conoce como glibc) versiones hasta 2.33, puede bloquearse o leer memoria arbitraria en la función parse_param (en el archivo posix/wordexp.c) cuando se llama con un patrón diseñado que no es confiable, resultando en una denegación de servicio o divulgación de información. Esto ocurre porque atoi fue usado pero debería haber sido usado strtoul para asegurar cálculos correctos An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input. • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html https://security.gentoo.org/glsa/202208-24 https://security.netapp.com/advisory/ntap-20210827-0005 https://sourceware.org/bugzilla/show_bug.cgi?id=28011 https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c https://sourceware.org/glibc/wiki/Security%20Exceptions https://access.redhat.com/security/cve/CVE-2021-35942 https://bugzilla.redhat.com/show_bug.cgi?id=1977975 • CWE-190: Integer Overflow or Wraparound •

CVSS: 5.3EPSS: 44%CPEs: 22EXPL: 3

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser diseñados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variación de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5 • https://www.exploit-db.com/exploits/50478 https://github.com/ColdFusionX/CVE-2021-34429 https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •

CVSS: 3.6EPSS: 0%CPEs: 19EXPL: 0

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Para Eclipse Jetty versiones anteriores a 9.4.40 incluyéndola, versiones anteriores a 10.0.2 incluyéndola, versiones anteriores a 11.0.2 incluyéndola, si es lanzada una excepción desde el método SessionListener#sessionDestroyed(), el ID de sesión no es invalidado en el administrador de ID de sesión. En despliegues con sesiones agrupadas y múltiples contextos esto puede resultar en que una sesión no sea invalidada. • https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zo • CWE-613: Insufficient Session Expiration •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of Service (DoS) to the web server. E-Series SANtricity OS Controller Software versiones 11.x anteriores a versión 11.70.1, son susceptibles a una vulnerabilidad que, cuando se explota con éxito, podría permitir a un atacante remoto causar una denegación de servicio (DoS) parcial en el servidor web • https://security.netapp.com/advisory/NTAP-20210610-0001 •