CVSS: 5.7EPSS: 0%CPEs: 26EXPL: 1CVE-2021-22923 – curl: Metalink download sends credentials
https://notcve.org/view.php?id=CVE-2021-22923
05 Aug 2021 — When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often contrary to the user's expectations and intentions and without telling the user it happened. Cuando es instruido a curl de obtener contenidos usando la funcionalidad metalink, y se usan un nombre de usuario y una contras... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-319: Cleartext Transmission of Sensitive Information CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 1CVE-2021-22926 – Gentoo Linux Security Advisory 202212-01
https://notcve.org/view.php?id=CVE-2021-22926
05 Aug 2021 — libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users ... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-295: Improper Certificate Validation CWE-840: Business Logic Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-33195 – golang: net: lookup functions may return invalid host names
https://notcve.org/view.php?id=CVE-2021-33195
02 Aug 2021 — Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. Go versiones anteriores a 1.15.13 y versiones 1.16.x anteriores a 1.16.5 tiene funciones para las búsquedas de DNS que no validan las respuestas de los servidores DNS, y por lo tanto un valor de retorno puede contener una inyección insegura (por ejemplo, XSS) que no se ajusta al... • https://groups.google.com/g/golang-announce • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-37600 – Gentoo Linux Security Advisory 202401-08
https://notcve.org/view.php?id=CVE-2021-37600
28 Jul 2021 — An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. ** EN DISPUTA ** Un desbordamiento de enteros en util-linux hasta la versión 2.37.1 puede potencialmente causar un desbordamiento de búfer si un atacante fuera capaz de utilizar los recursos del sistema... • https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2021-36222 – krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS
https://notcve.org/view.php?id=CVE-2021-36222
22 Jul 2021 — ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. La función ec_verify en el archivo kdc/kdc_preauth_ec.c en el Centro de Distribución de Claves (KDC) en MIT Kerberos 5 (también se conoce como krb5) versiones anteriores a 1.18.4 y versiones 1.19.x anteriores a 1... • https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32785 – Format string bug in the Redis cache implementation
https://notcve.org/view.php?id=CVE-2021-32785
22 Jul 2021 — mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and l... • https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 0CVE-2021-35942 – glibc: Arbitrary read in wordexp()
https://notcve.org/view.php?id=CVE-2021-35942
22 Jul 2021 — The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. La función wordexp de la biblioteca GNU C (también se conoce como glibc) versiones hasta 2.33, puede bloquearse o leer memoria arbitraria en la función... • https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 45EXPL: 1CVE-2021-22925 – curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
https://notcve.org/view.php?id=CVE-2021-22925
22 Jul 2021 — curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly when... • http://seclists.org/fulldisclosure/2021/Sep/39 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 2CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
22 Jul 2021 — libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' whic... • https://github.com/Trinadh465/external_curl_AOSP10_r33_CVE-2021-22924 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2444 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2021)
https://notcve.org/view.php?id=CVE-2021-2444
20 Jul 2021 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20210723-0001 •