19 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2021-28165
The CVE-2021-28165 issue affects Eclipse Jetty versions 7.2.2–9.4.38, 10.0.0.alpha0–10.0.1, and 11.0.0.alpha0–11.0.1, where handling a large invalid TLS frame can cause CPU usage to reach 100%, leading to resource exhaustion. The underlying cause is described as abnormal processing after receivin...
CVE-2021-23337
CVE-2021-23337 (Lodash) affects Lodash versions prior to 4.17.21, vulnerable to Command Injection via the template function. Affected component: lodash.template; root cause: unsafe template evaluation. Impact per document: potential code execution with privileges of the running environment. Mitig...
CVE-2020-25097
CVE-2020-25097 affects Squid proxy (versions 4.13 and 5.x up to 5.0.4) due to improper input validation while parsing request URIs, enabling HTTP request smuggling by a trusted client and access to services otherwise restricted. The issue is activated for certain uri_whitespace configurations. Pu...
CVE-2021-28651
Concrete details found for CVE-2021-28651 in multiple advisories. Affected software: Squid proxy (versions before 4.15 and 5.x before 5.0.6). Root cause: a buffer-management/memory handling issue in the urn: scheme parsing leading to a memory leak; an attack path exists that can trigger large mem...
CVE-2021-28164
CVE-2021-28164 (Jetty): Affects Jetty 9.4.37.v20210219–9.4.38.v20210224. The default compliance mode allowed URIs containing encoded dot segments (%2e, %2e%2e) to access protected WEB-INF resources (e.g., /context/%2e/WEB-INF/web.xml), exposing sensitive implementation details. Public references ...
CVE-2021-28163
CVE-2021-28163 (Jetty symlink handling) is reported across multiple IBM advisories as a vulnerability in Eclipse Jetty where if the ${jetty.base} or ${jetty.base}/webapps directory is a symlink, an attacker could obtain the contents of the webapps directory. IBM documents list affected products s...
CVE-2021-31807
CVE-2021-31807: Squid before 4.15 and 5.x before 5.0.6 suffers an integer overflow in handling HTTP Range responses, enabling a remote attacker to cause a Denial of Service. The trigger is a header that can appear in normal traffic. Affected products/versions: Squid 4.x before 4.15 and 5.x before...
CVE-2021-31806
CVE-2021-31806 is a memory-management bug in Squid’s HTTP Range request processing that enables a Denial of Service against all clients using the proxy. Affected are Squid releases before 4.15 and 5.x before 5.0.6. Public advisories and vendor/procurer notes corroborate impact as DoS (not informa...
CVE-2021-42550
This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...
CVE-2020-14058
CVE-2020-14058 affects Squid before 4.12 and 5.x before 5.0.3. The DoS condition occurs when opening a TLS connection to an attacker-controlled HTTPS server due to using a potentially dangerous function and mapping unrecognized error values to NULL, with later code expecting valid error strings. ...
CVE-2021-31808
CVE-2021-31808 affects Squid before 4.15 and 5.x before 5.0.6. It stems from an input-validation bug in HTTP Range handling that can be exploited to cause a Denial of Service against all clients using the proxy. Affected component: Squid’s HTTP Range request processing. Impact: availability degra...
CVE-2021-26998
CVE-2021-26998 affects NetApp Cloud Manager prior to 3.9.9, where a flaw allows sensitive information in logs to be exposed to authenticated users. Public sources consistently identify the affected product and version range and confirm the impact as information disclosure. Remediation per the doc...
CVE-2021-26999
CVE-2021-26999 affects NetApp Cloud Manager prior to 3.9.9, where failing an Active Directory connection causes sensitive information to be logged. The logs are available only to authenticated users. Auto-upgrade customers should already be on a fixed version, while users with on‑prem connectors ...
CVE-2021-26992
CVE-2021-26992 affects NetApp Cloud Manager prior to version 3.9.4. The issue allows a remote attacker to cause a Denial of Service (DoS). Documents consistently indicate Cloud Manager, a centralized system for managing local and cloud storage, is vulnerable if running a version before 3.9.4. The...
CVE-2021-26990
CVE-2021-26990 affects NetApp Cloud Manager. Versions prior to 3.9.4 are susceptible to an arbitrary file overwrite vulnerability that could allow a remote attacker to overwrite arbitrary system files. Root cause: a pre-3.9.4 flaw in Cloud Manager. Impact: potential compromise of file integrity a...
CVE-2021-26991
NetApp Cloud Manager before version 3.9.4 is affected by CVE-2021-26991 due to an insecure Cross-Origin Resource Sharing (CORS) policy, which could allow a remote attacker to interact with Cloud Manager. Root cause is a misconfigured CORS policy. The public records do not detail specific exploits...
CVE-2021-27002
CVE-2021-27002 affects NetApp Cloud Manager prior to 3.9.10. Affected component: the web proxy/authorization flow. Root cause: improper validation in the proxy allows a remote unauthenticated attacker to retrieve sensitive data. Impact: exposure of sensitive data via the web proxy. Mitigation: up...