cve

openssl/openssl Vulnerability Summary Vendor name: openssl Product name: openssl Total vulnerabilities: 213 (as 2023-05-04) openssl/openssl Vulnerability List CVE-2021-4160: There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms… Published: 2022-01-28T22:15:00 Last Modified: 2022-02-07T15:24:00 Summary There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys.

pyopenssl_project/pyopenssl Vulnerability Summary Vendor name: pyopenssl_project Product name: pyopenssl Total vulnerabilities: 1 (as 2023-05-04) pyopenssl_project/pyopenssl Vulnerability List CVE-2018-1000808: Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to… Published: 2018-10-08T15:29:00 Last Modified: 2021-08-04T17:14:00 Summary Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted.

pyopenssl/pyopenssl Vulnerability Summary Vendor name: pyopenssl Product name: pyopenssl Total vulnerabilities: 1 (as 2023-05-04) pyopenssl/pyopenssl Vulnerability List CVE-2018-1000807: Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use… Published: 2018-10-08T15:29:00 Last Modified: 2021-08-04T17:14:00 Summary Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.

redhat/amq_online Vulnerability Summary Vendor name: redhat Product name: amq_online Total vulnerabilities: 2 (as 2023-05-04) redhat/amq_online Vulnerability List CVE-2020-14348: It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace… Published: 2020-09-16T18:15:00 Last Modified: 2020-09-23T16:58:00 Summary It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

redhat/amq Vulnerability Summary Vendor name: redhat Product name: amq Total vulnerabilities: 7 (as 2023-05-04) redhat/amq Vulnerability List CVE-2020-14348: It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace… Published: 2020-09-16T18:15:00 Last Modified: 2020-09-23T16:58:00 Summary It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.

redhat/ansible_engine Vulnerability Summary Vendor name: redhat Product name: ansible_engine Total vulnerabilities: 26 (as 2023-05-04) redhat/ansible_engine Vulnerability List CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This… Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00 Summary A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters.

redhat/ansible_tower Vulnerability Summary Vendor name: redhat Product name: ansible_tower Total vulnerabilities: 65 (as 2023-05-04) redhat/ansible_tower Vulnerability List CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This… Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00 Summary A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters.

redhat/ansible Vulnerability Summary Vendor name: redhat Product name: ansible Total vulnerabilities: 105 (as 2023-05-04) redhat/ansible Vulnerability List CVE-2021-3583: A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This… Published: 2021-09-22T12:15:00 Last Modified: 2021-10-05T16:12:00 Summary A flaw was found in Ansible, where a user’s controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters.

redhat/enterprise_linux Vulnerability Summary Vendor name: redhat Product name: enterprise_linux Total vulnerabilities: 2390 (as 2023-05-04) redhat/enterprise_linux Vulnerability List CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in… Published: 2022-02-04T23:15:00 Last Modified: 2022-02-09T20:00:00 Summary A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.

redhat/etcd Vulnerability Summary Vendor name: redhat Product name: etcd Total vulnerabilities: 6 (as 2023-05-04) redhat/etcd Vulnerability List CVE-2020-15114: In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for… Published: 2020-08-06T23:15:00 Last Modified: 2021-11-18T18:31:00 Summary In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint.

redhat/fedora_core Vulnerability Summary Vendor name: redhat Product name: fedora_core Total vulnerabilities: 83 (as 2023-05-04) redhat/fedora_core Vulnerability List CVE-2008-2944: Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat… Published: 2008-06-30T21:41:00 Last Modified: 2022-02-07T19:50:00 Summary Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.

redhat/fedora Vulnerability Summary Vendor name: redhat Product name: fedora Total vulnerabilities: 526 (as 2023-05-04) redhat/fedora Vulnerability List CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such… Published: 2022-01-20T18:15:00 Last Modified: 2022-01-26T19:49:00 Summary AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow. Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.

redhat/openssl Vulnerability Summary Vendor name: redhat Product name: openssl Total vulnerabilities: 28 (as 2023-05-04) redhat/openssl Vulnerability List CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x… Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00 Summary An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true.

ruby-lang/openssl Vulnerability Summary Vendor name: ruby-lang Product name: openssl Total vulnerabilities: 2 (as 2023-05-04) ruby-lang/openssl Vulnerability List CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x… Published: 2018-11-16T18:29:00 Last Modified: 2019-10-03T00:03:00 Summary An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true.

All the Common Weakness Enumeration (CWE) list in a single page. CWE is a catalog of vulnerabilities found in both software and hardware, created by the community. Its purpose is to provide a standardized vocabulary, establish a benchmark for security tools, and serve as a foundation for identifying, mitigating, and preventing weaknesses. CWE-2: 7PK - Environment Status: Draft Weakness Abstractions: Category This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence).

The latest CVE Vulnerability list for popular products auth0 auth0/auth0 apache apache/http_server apache/hadoop apache/harmony apache/groovy apache/activemq apache/apr apache/apr-util apache/maven apache/log4j apache/log4net apache/lucene apache/mod_fcgid apache/mod_imap apache/mod_jk apache/mod_perl apache/mod_python apache/rocketmq apache/sentry apache/tomcat apache/xerces-c apache/zookeeper apache/hbase apache/hive apache-ssl apache-ssl/apache-ssl lua-openssl_project lua-openssl_project/lua-openssl nginx nginx/nginx node-openssl_project node-openssl_project/node-openssl openssl_project openssl_project/openssl openssl openssl/openssl pyopenssl_project pyopenssl_project/pyopenssl pyopenssl pyopenssl/pyopenssl redhat redhat/amq redhat/amq_online redhat/ansible redhat/ansible_engine redhat/ansible_tower redhat/enterprise_linux redhat/etcd redhat/fedora redhat/fedora_core redhat/openssl ruby-lang ruby-lang/openssl

The latest CVE Vulnerability list for popular products of apache apache/http_server apache/hadoop apache/harmony apache/groovy apache/activemq apache/apr apache/apr-util apache/maven apache/log4j apache/log4net apache/lucene apache/mod_fcgid apache/mod_imap apache/mod_jk apache/mod_perl apache/mod_python apache/rocketmq apache/sentry apache/tomcat apache/xerces-c apache/zookeeper apache/hbase apache/hive See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of apache-ssl apache-ssl/apache-ssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of auth0 auth0/auth0 See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of lua-openssl_project lua-openssl_project/lua-openssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of nginx nginx/nginx See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of node-openssl_project node-openssl_project/node-openssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of openssl openssl/openssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of openssl_project openssl_project/openssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of pyopenssl pyopenssl/pyopenssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of pyopenssl_project pyopenssl_project/pyopenssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of redhat redhat/amq redhat/amq_online redhat/ansible redhat/ansible_engine redhat/ansible_tower redhat/enterprise_linux redhat/etcd redhat/fedora redhat/fedora_core redhat/openssl See also: All the last popular products CVE vulnerabilities

The latest CVE Vulnerability list for popular products of ruby-lang ruby-lang/openssl See also: All the last popular products CVE vulnerabilities

redhat/analog_real-time_synthesizer Vulnerability Summary Vendor name: redhat Product name: analog_real-time_synthesizer Total vulnerabilities: 1 (as 2023-04-30) redhat/analog_real-time_synthesizer Vulnerability List CVE-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of… Published: 2003-08-27T04:00:00 Last Modified: 2017-10-11T01:29:00 Summary KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the “user:password@host” form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

redhat/fedora_8 Vulnerability Summary Vendor name: redhat Product name: fedora_8 Total vulnerabilities: 1 (as 2023-04-30) redhat/fedora_8 Vulnerability List CVE-2008-2359: The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8… Published: 2008-06-02T21:30:00 Last Modified: 2017-08-08T01:30:00 Summary The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration. Common Weakness Enumeration (CWE): CWE-16 Scores