Filtered by vendor Redhat
Subscriptions
Total
21501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22925 | 8 Apple, Fedoraproject, Haxx and 5 more | 28 Mac Os X, Macos, Fedora and 25 more | 2024-11-21 | 5.3 Medium |
| curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. | ||||
| CVE-2021-22924 | 8 Debian, Fedoraproject, Haxx and 5 more | 55 Debian Linux, Fedora, Libcurl and 52 more | 2024-11-21 | 3.7 Low |
| libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. | ||||
| CVE-2021-22923 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-11-21 | 5.3 Medium |
| When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. | ||||
| CVE-2021-22922 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-11-21 | 6.5 Medium |
| When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. | ||||
| CVE-2021-22918 | 3 Nodejs, Redhat, Siemens | 5 Node.js, Enterprise Linux, Rhel Eus and 2 more | 2024-11-21 | 5.3 Medium |
| Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo(). | ||||
| CVE-2021-22904 | 2 Redhat, Rubyonrails | 2 Satellite, Rails | 2024-11-21 | 7.5 High |
| The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive regular expression. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. | ||||
| CVE-2021-22902 | 2 Redhat, Rubyonrails | 2 Satellite, Rails | 2024-11-21 | 7.5 High |
| The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine. | ||||
| CVE-2021-22901 | 6 Haxx, Netapp, Oracle and 3 more | 35 Curl, Active Iq Unified Manager, Cloud Backup and 32 more | 2024-11-21 | 8.1 High |
| curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. | ||||
| CVE-2021-22898 | 7 Debian, Fedoraproject, Haxx and 4 more | 13 Debian Linux, Fedora, Curl and 10 more | 2024-11-21 | 3.1 Low |
| curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. | ||||
| CVE-2021-22890 | 9 Broadcom, Debian, Fedoraproject and 6 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2024-11-21 | 3.7 Low |
| curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. | ||||
| CVE-2021-22885 | 3 Debian, Redhat, Rubyonrails | 4 Debian Linux, Satellite, Actionpack Page-caching and 1 more | 2024-11-21 | 7.5 High |
| A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the `redirect_to` or `polymorphic_url`helper with untrusted user input. | ||||
| CVE-2021-22884 | 6 Fedoraproject, Netapp, Nodejs and 3 more | 16 Fedora, Active Iq Unified Manager, E-series Performance Analyzer and 13 more | 2024-11-21 | 7.5 High |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | ||||
| CVE-2021-22883 | 6 Fedoraproject, Netapp, Nodejs and 3 more | 12 Fedora, E-series Performance Analyzer, Node.js and 9 more | 2024-11-21 | 7.5 High |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. | ||||
| CVE-2021-22876 | 9 Broadcom, Debian, Fedoraproject and 6 more | 15 Fabric Operating System, Debian Linux, Fedora and 12 more | 2024-11-21 | 5.3 Medium |
| curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | ||||
| CVE-2021-22696 | 3 Apache, Oracle, Redhat | 8 Cxf, Business Intelligence, Communications Diameter Intelligence Hub and 5 more | 2024-11-21 | 7.5 High |
| CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10. | ||||
| CVE-2021-22573 | 2 Google, Redhat | 3 Oauth Client Library For Java, Camel Spring Boot, Jboss Fuse | 2024-11-21 | 8.7 High |
| The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above | ||||
| CVE-2021-22570 | 6 Debian, Fedoraproject, Google and 3 more | 11 Debian Linux, Fedora, Protobuf and 8 more | 2024-11-21 | 6.5 Medium |
| Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. | ||||
| CVE-2021-22569 | 3 Google, Oracle, Redhat | 14 Google-protobuf, Protobuf-java, Protobuf-kotlin and 11 more | 2024-11-21 | 7.5 High |
| An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | ||||
| CVE-2021-22555 | 4 Brocade, Linux, Netapp and 1 more | 27 Fabric Operating System, Linux Kernel, Aff 500f and 24 more | 2024-11-21 | 8.3 High |
| A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space | ||||
| CVE-2021-22543 | 5 Debian, Fedoraproject, Linux and 2 more | 29 Debian Linux, Fedora, Linux Kernel and 26 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | ||||