These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-5363 is an OpenSSL bug in the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() path where keylen and ivlen parameters inside an OSSL_PARAM array are processed too late. That can cause truncation or overruns of key and IV values for some symmetric ciphers and modes. The most security-relevant case is IV truncation in CCM, GCM, or OCB, where it can lead to IV reuse and loss of [truncated]
CVE-2023-28531 is a critical OpenSSH issue in which ssh-add can add smartcard keys to ssh-agent without the intended per-hop destination constraints. The supplied corpus says the earliest affected version is 8.9, and NVD lists the vulnerable OpenSSH range as 8.9 through 9.2. Because the issue touches SSH authentication and agent key handling, organizations that rely on constrained agent workflows should t [truncated]
CVE-2022-43945 is a Linux kernel NFSD buffer overflow that can be triggered by a network client sending a TCP RPC message with trailing garbage data. NVD lists impacted Linux kernel ranges as versions before 5.19.17 and 6.0 through 6.0.1, and the issue is rated high severity because it can cause a denial of service. The record was published on 2022-11-04 and later modified by NVD, but the original publica [truncated]
CVE-2021-4090 is an out-of-bounds write in Linux NFSD’s bitmap decode path. A local user with low privileges may be able to write past the end of a bitmap buffer, which can threaten kernel memory integrity and confidentiality. NVD also maps the issue to several NetApp H-series firmware CPEs, so both Linux kernel and affected appliance inventories should be checked.
CVE-2021-41617 is a local privilege-escalation issue in OpenSSH sshd that affects versions 6.2 through 8.x before 8.8 when specific non-default configuration options are used. In the affected setup, helper programs for AuthorizedKeysCommand or AuthorizedPrincipalsCommand may inherit unexpected group-related privileges from the sshd process, which can let a user with limited access gain elevated privileges.
CVE-2021-38202 is a network-reachable denial-of-service issue in the Linux kernel’s nfsd trace path. According to the CVE description and NVD, remote attackers can send NFS traffic that triggers an out-of-bounds read in strlen when the trace event framework is being used for nfsd. The issue is fixed in Linux kernel 5.13.4 and is mapped by NVD to affected NetApp-related CPE entries as well as the Linux kernel CPE.