Export limit exceeded: 23219 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23219 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22946 | 9 Apple, Debian, Fedoraproject and 6 more | 40 Macos, Debian Linux, Fedora and 37 more | 2024-11-21 | 7.5 High |
| A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. | ||||
| CVE-2021-22925 | 8 Apple, Fedoraproject, Haxx and 5 more | 28 Mac Os X, Macos, Fedora and 25 more | 2024-11-21 | 5.3 Medium |
| curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | ||||
| CVE-2021-22923 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-11-21 | 5.3 Medium |
| When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. | ||||
| CVE-2021-22922 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-11-21 | 6.5 Medium |
| When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. | ||||
| CVE-2021-22904 | 2 Redhat, Rubyonrails | 2 Satellite, Rails | 2024-11-21 | 7.5 High |
| The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. | ||||
| CVE-2021-22902 | 2 Redhat, Rubyonrails | 2 Satellite, Rails | 2024-11-21 | 7.5 High |
| The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. | ||||
| CVE-2021-22901 | 6 Haxx, Netapp, Oracle and 3 more | 35 Curl, Active Iq Unified Manager, Cloud Backup and 32 more | 2024-11-21 | 8.1 High |
| curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. | ||||
| CVE-2021-22898 | 7 Debian, Fedoraproject, Haxx and 4 more | 13 Debian Linux, Fedora, Curl and 10 more | 2024-11-21 | 3.1 Low |
| curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | ||||
| CVE-2021-22885 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Actionpack Page-caching and 1 more | 2024-11-21 | 7.5 High |
| A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. | ||||
| CVE-2021-22543 | 5 Debian, Fedoraproject, Linux and 2 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | ||||
| CVE-2021-22137 | 2 Elastic, Redhat | 3 Elasticsearch, Camel Quarkus, Integration | 2024-11-21 | 5.3 Medium |
| In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | ||||
| CVE-2021-22135 | 2 Elastic, Redhat | 2 Elasticsearch, Camel Quarkus | 2024-11-21 | 5.3 Medium |
| Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view. | ||||
| CVE-2021-22133 | 2 Elastic, Redhat | 2 Apm Agent, Openshift | 2024-11-21 | 2.4 Low |
| The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent. | ||||
| CVE-2021-22132 | 3 Elastic, Oracle, Redhat | 4 Elasticsearch, Communications Cloud Native Core Automated Test Suite, Camel Quarkus and 1 more | 2024-11-21 | 4.8 Medium |
| Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2 | ||||
| CVE-2021-22119 | 3 Oracle, Redhat, Vmware | 3 Communications Cloud Native Core Policy, Jboss Fuse, Spring Security | 2024-11-21 | 7.5 High |
| Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. A malicious user or attacker can send multiple requests initiating the Authorization Request for the Authorization Code Grant, which has the potential of exhausting system resources using a single session or multiple sessions. | ||||
| CVE-2021-22118 | 4 Netapp, Oracle, Redhat and 1 more | 34 Hci, Management Services For Element Software, Commerce Guided Search and 31 more | 2024-11-21 | 7.8 High |
| In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | ||||
| CVE-2021-22096 | 4 Netapp, Oracle, Redhat and 1 more | 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more | 2024-11-21 | 4.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | ||||
| CVE-2021-22060 | 3 Oracle, Redhat, Vmware | 4 Communications Cloud Native Core Console, Communications Cloud Native Core Service Communication Proxy, Jboss Fuse and 1 more | 2024-11-21 | 4.3 Medium |
| In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase. | ||||
| CVE-2021-21806 | 2 Redhat, Webkitgtk | 3 Enterprise Linux, Rhel Els, Webkitgtk | 2024-11-21 | 8.8 High |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. | ||||
| CVE-2021-21781 | 3 Linux, Oracle, Redhat | 5 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 2 more | 2024-11-21 | 3.3 Low |
| An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 | ||||