CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2021-36222 – krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
https://notcve.org/view.php?id=CVE-2021-36222
22 Jul 2021 — ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. La función ec_verify en el archivo kdc/kdc_preauth_ec.c en el Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.4 y versiones 1.19.x anteriores a 1... • https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2021-22925 – curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
https://notcve.org/view.php?id=CVE-2021-22925
22 Jul 2021 — curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly when... • http://seclists.org/fulldisclosure/2021/Sep/39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 2CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
22 Jul 2021 — libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' whic... • https://github.com/Trinadh465/external_curl_AOSP10_r33_CVE-2021-22924 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2444 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2444
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2441 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2441
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2440 – mysql: Server: DML unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2440
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2437 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2437
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •
CVSS: 8.1EPSS: 3%CPEs: 2EXPL: 0CVE-2021-2429 – MySQL InnoDB Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-2429
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2427 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2427
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2426 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2426
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •