Skip to main content

Communications Unified Session Manager

3 CVEs product

Monthly

CVE-2021-3711 Cargo CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux Active Iq Unified Manager Clustered Data Ontap +27
NVD
CVSS 3.1
9.8
EPSS
87.8%
CVE-2020-1971 MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference Debian Linux Fedora +41
NVD VulDB
CVSS 3.1
5.9
EPSS
0.3%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
EPSS 88% CVSS 9.8
CRITICAL PATCH Act Now

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow OpenSSL Debian Linux +29
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

OpenSSL Denial Of Service Null Pointer Dereference +43
NVD VulDB
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy