5.7.32

DATE	CVE	VULNERABILITY TITLE	RISK
2021-03-25	CVE-2021-3450	Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. network high complexity openssl freebsd netapp windriver fedoraproject tenable oracle mcafee sonicwall nodejs CWE-295	7.4
2021-03-25	CVE-2021-3449	NULL Pointer Dereference vulnerability in multiple products An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. network high complexity openssl debian freebsd netapp tenable fedoraproject mcafee checkpoint oracle sonicwall siemens nodejs CWE-476	5.9
2021-03-23	CVE-2021-21351	XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle critical	9.1
2021-03-23	CVE-2021-21348	Resource Exhaustion vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-400	7.5
2021-03-23	CVE-2021-21344	XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle critical	9.8
2021-02-16	CVE-2021-23841	NULL Pointer Dereference vulnerability in multiple products The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. network high complexity openssl debian tenable apple netapp oracle siemens CWE-476	5.9
2021-02-16	CVE-2021-23840	Integer Overflow or Wraparound vulnerability in multiple products Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. network low complexity openssl debian tenable oracle mcafee fujitsu nodejs CWE-190	7.5
2020-12-08	CVE-2020-1971	NULL Pointer Dereference vulnerability in multiple products The X.509 GeneralName type is a generic type for representing different types of names. network high complexity openssl debian fedoraproject oracle netapp tenable siemens nodejs CWE-476	5.9
2020-11-06	CVE-2020-28196	Uncontrolled Recursion vulnerability in multiple products MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. network low complexity mit fedoraproject netapp oracle CWE-674	7.5
2019-11-08	CVE-2019-10219	A vulnerability was found in Hibernate-Validator. network low complexity redhat netapp oracle	6.1