CVE-2021-3449
- EPSS 62.91%
- Veröffentlicht 25.03.2021 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:21:33
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but incl...
CVE-2021-23840
- EPSS 50.73%
- Veröffentlicht 16.02.2021 17:15:13
- Zuletzt bearbeitet 16.04.2026 15:16:45
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value ...
CVE-2020-1971
- EPSS 6.97%
- Veröffentlicht 08.12.2020 16:15:11
- Zuletzt bearbeitet 29.05.2026 16:16:20
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...
CVE-2020-11022
- EPSS 99.02%
- Veröffentlicht 29.04.2020 22:15:11
- Zuletzt bearbeitet 13.04.2026 15:16:29
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in...
CVE-2020-11023
- EPSS 83.83%
- Veröffentlicht 29.04.2020 21:15:11
- Zuletzt bearbeitet 07.11.2025 19:32:52
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex...
CVE-2020-1967
- EPSS 53.34%
- Veröffentlicht 21.04.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:45
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...
CVE-2019-1551
- EPSS 14.3%
- Veröffentlicht 06.12.2019 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:36:48
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d...
CVE-2016-9261
- EPSS 0.7%
- Veröffentlicht 28.02.2017 18:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- EPSS 7.04%
- Veröffentlicht 09.06.2016 16:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.