12 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-45105
Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...
CVE-2021-23337
CVE-2021-23337 (Lodash) affects Lodash versions prior to 4.17.21, vulnerable to Command Injection via the template function. Affected component: lodash.template; root cause: unsafe template evaluation. Impact per document: potential code execution with privileges of the running environment. Mitig...
CVE-2020-25097
CVE-2020-25097 affects Squid proxy (versions 4.13 and 5.x up to 5.0.4) due to improper input validation while parsing request URIs, enabling HTTP request smuggling by a trusted client and access to services otherwise restricted. The issue is activated for certain uri_whitespace configurations. Pu...
CVE-2021-28651
Concrete details found for CVE-2021-28651 in multiple advisories. Affected software: Squid proxy (versions before 4.15 and 5.x before 5.0.6). Root cause: a buffer-management/memory handling issue in the urn: scheme parsing leading to a memory leak; an attack path exists that can trigger large mem...
CVE-2021-28164
CVE-2021-28164 (Jetty): Affects Jetty 9.4.37.v20210219–9.4.38.v20210224. The default compliance mode allowed URIs containing encoded dot segments (%2e, %2e%2e) to access protected WEB-INF resources (e.g., /context/%2e/WEB-INF/web.xml), exposing sensitive implementation details. Public references ...
CVE-2021-28163
CVE-2021-28163 (Jetty symlink handling) is reported across multiple IBM advisories as a vulnerability in Eclipse Jetty where if the ${jetty.base} or ${jetty.base}/webapps directory is a symlink, an attacker could obtain the contents of the webapps directory. IBM documents list affected products s...
CVE-2021-31807
CVE-2021-31807: Squid before 4.15 and 5.x before 5.0.6 suffers an integer overflow in handling HTTP Range responses, enabling a remote attacker to cause a Denial of Service. The trigger is a header that can appear in normal traffic. Affected products/versions: Squid 4.x before 4.15 and 5.x before...
CVE-2021-31806
CVE-2021-31806 is a memory-management bug in Squid’s HTTP Range request processing that enables a Denial of Service against all clients using the proxy. Affected are Squid releases before 4.15 and 5.x before 5.0.6. Public advisories and vendor/procurer notes corroborate impact as DoS (not informa...
CVE-2021-42550
This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...
CVE-2020-14058
CVE-2020-14058 affects Squid before 4.12 and 5.x before 5.0.3. The DoS condition occurs when opening a TLS connection to an attacker-controlled HTTPS server due to using a potentially dangerous function and mapping unrecognized error values to NULL, with later code expecting valid error strings. ...
CVE-2021-31808
CVE-2021-31808 affects Squid before 4.15 and 5.x before 5.0.6. It stems from an input-validation bug in HTTP Range handling that can be exploited to cause a Denial of Service against all clients using the proxy. Affected component: Squid’s HTTP Range request processing. Impact: availability degra...