CVE-2022-0235
- EPSS 1.65%
- Veröffentlicht 16.01.2022 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:38:12
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0155
- EPSS 2.43%
- Veröffentlicht 10.01.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:38:01
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2021-22945
- EPSS 6.22%
- Veröffentlicht 23.09.2021 13:15:08
- Zuletzt bearbeitet 09.06.2025 15:15:25
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.
CVE-2021-3749
- EPSS 8.52%
- Veröffentlicht 31.08.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 06:22:19
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-25217
- EPSS 6.12%
- Veröffentlicht 26.05.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 05:54:34
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspecti...
CVE-2021-23841
- EPSS 7.47%
- Veröffentlicht 16.02.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:51:55
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while...
CVE-2021-23839
- EPSS 2.96%
- Veröffentlicht 16.02.2021 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:51:55
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clie...
CVE-2021-23337
- EPSS 22.41%
- Veröffentlicht 15.02.2021 13:15:12
- Zuletzt bearbeitet 21.11.2024 05:51:31
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2020-28500
- EPSS 7.34%
- Veröffentlicht 15.02.2021 11:15:12
- Zuletzt bearbeitet 21.11.2024 05:22:55
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2020-7793
- EPSS 3.88%
- Veröffentlicht 11.12.2020 14:15:11
- Zuletzt bearbeitet 21.11.2024 05:37:48
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).