Lucene search
K

12 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6830 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/12/18 11:55 a.m.1186 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2021/02/15 12:15 p.m.587 views

CVE-2021-23337

CVE-2021-23337 (Lodash) affects Lodash versions prior to 4.17.21, vulnerable to Command Injection via the template function. Affected component: lodash.template; root cause: unsafe template evaluation. Impact per document: potential code execution with privileges of the running environment. Mitig...

7.2CVSS7.2AI score0.2241EPSS
CVE
CVE
added 2021/03/19 4:8 a.m.560 views

CVE-2020-25097

CVE-2020-25097 affects Squid proxy (versions 4.13 and 5.x up to 5.0.4) due to improper input validation while parsing request URIs, enabling HTTP request smuggling by a trusted client and access to services otherwise restricted. The issue is activated for certain uri_whitespace configurations. Pu...

8.6CVSS8.4AI score0.08161EPSS
CVE
CVE
added 2021/05/27 12:0 a.m.521 views

CVE-2021-28651

Concrete details found for CVE-2021-28651 in multiple advisories. Affected software: Squid proxy (versions before 4.15 and 5.x before 5.0.6). Root cause: a buffer-management/memory handling issue in the urn: scheme parsing leading to a memory leak; an attack path exists that can trigger large mem...

7.5CVSS7.3AI score0.0745EPSS
CVE
CVE
added 2021/04/01 2:20 p.m.515 views

CVE-2021-28164

CVE-2021-28164 (Jetty): Affects Jetty 9.4.37.v20210219–9.4.38.v20210224. The default compliance mode allowed URIs containing encoded dot segments (%2e, %2e%2e) to access protected WEB-INF resources (e.g., /context/%2e/WEB-INF/web.xml), exposing sensitive implementation details. Public references ...

5.3CVSS5.2AI score0.82371EPSS
CVE
CVE
added 2021/04/01 2:20 p.m.450 views

CVE-2021-28163

CVE-2021-28163 (Jetty symlink handling) is reported across multiple IBM advisories as a vulnerability in Eclipse Jetty where if the ${jetty.base} or ${jetty.base}/webapps directory is a symlink, an attacker could obtain the contents of the webapps directory. IBM documents list affected products s...

4CVSS5.1AI score0.0418EPSS
In wild
CVE
CVE
added 2021/06/08 12:0 a.m.367 views

CVE-2021-31807

CVE-2021-31807: Squid before 4.15 and 5.x before 5.0.6 suffers an integer overflow in handling HTTP Range responses, enabling a remote attacker to cause a Denial of Service. The trigger is a header that can appear in normal traffic. Affected products/versions: Squid 4.x before 4.15 and 5.x before...

6.5CVSS6.8AI score0.15972EPSS
CVE
CVE
added 2021/05/27 12:0 a.m.355 views

CVE-2021-31806

CVE-2021-31806 is a memory-management bug in Squid’s HTTP Range request processing that enables a Denial of Service against all clients using the proxy. Affected are Squid releases before 4.15 and 5.x before 5.0.6. Public advisories and vendor/procurer notes corroborate impact as DoS (not informa...

6.5CVSS6.7AI score0.95785EPSS
CVE
CVE
added 2021/12/16 12:0 a.m.322 views

CVE-2021-42550

This CVE affects Logback 1.2.7 and earlier, where an attacker with write access to configuration files can craft a malicious configuration that loads and executes arbitrary code from LDAP servers. The impact is remote code execution with the attacker’s privileges on systems using vulnerable Logba...

8.5CVSS7AI score0.04439EPSS
CVE
CVE
added 2020/06/30 6:30 p.m.283 views

CVE-2020-14058

CVE-2020-14058 affects Squid before 4.12 and 5.x before 5.0.3. The DoS condition occurs when opening a TLS connection to an attacker-controlled HTTPS server due to using a potentially dangerous function and mapping unrecognized error values to NULL, with later code expecting valid error strings. ...

7.5CVSS7.8AI score0.02609EPSS
CVE
CVE
added 2021/05/27 12:0 a.m.271 views

CVE-2021-31808

CVE-2021-31808 affects Squid before 4.15 and 5.x before 5.0.6. It stems from an input-validation bug in HTTP Range handling that can be exploited to cause a Denial of Service against all clients using the proxy. Affected component: Squid’s HTTP Range request processing. Impact: availability degra...

6.5CVSS6.6AI score0.05492EPSS