CVE-2021-23841
- EPSS 0.67%
- Published 16.02.2021 17:15:13
- Last modified 21.11.2024 05:51:55
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...
CVE-2021-23839
- EPSS 0.29%
- Published 16.02.2021 17:15:13
- Last modified 21.11.2024 05:51:55
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clie...
CVE-2021-23337
- EPSS 0.86%
- Published 15.02.2021 13:15:12
- Last modified 21.11.2024 05:51:31
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-28500
- EPSS 0.2%
- Published 15.02.2021 11:15:12
- Last modified 21.11.2024 05:22:55
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2020-7793
- EPSS 2.86%
- Published 11.12.2020 14:15:11
- Last modified 21.11.2024 05:37:48
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
CVE-2020-28168
- EPSS 0.21%
- Published 06.11.2020 20:15:13
- Last modified 21.11.2024 05:22:25
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
CVE-2020-12762
- EPSS 0.28%
- Published 09.05.2020 18:15:11
- Last modified 30.05.2025 20:15:25
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.