CVE-2021-2163
- EPSS 0.12%
- Published 22.04.2021 22:15:13
- Last modified 21.11.2024 06:02:30
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM E...
CVE-2021-2161
- EPSS 0.27%
- Published 22.04.2021 22:15:13
- Last modified 21.11.2024 06:02:30
Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM E...
CVE-2021-22890
- EPSS 0.13%
- Published 01.04.2021 18:15:12
- Last modified 09.06.2025 15:15:24
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving fro...
CVE-2021-22876
- EPSS 0.06%
- Published 01.04.2021 18:15:12
- Last modified 09.06.2025 15:15:23
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically...
- EPSS 6.41%
- Published 08.01.2021 16:15:15
- Last modified 21.11.2024 05:39:04
Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an unauthenticated remote attacker to perform arbitrary code execution.
CVE-2020-8284
- EPSS 0.1%
- Published 14.12.2020 20:15:13
- Last modified 21.11.2024 05:38:39
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed,...
CVE-2020-1971
- EPSS 0.34%
- Published 08.12.2020 16:15:11
- Last modified 21.11.2024 05:11:45
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...
- EPSS 0.08%
- Published 28.11.2020 07:15:11
- Last modified 21.11.2024 05:23:55
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
- EPSS 0.45%
- Published 22.10.2020 21:15:12
- Last modified 21.11.2024 04:31:31
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer ove...
- EPSS 0.04%
- Published 21.10.2020 15:15:20
- Last modified 27.05.2025 16:40:04
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol...