Latest siemens sinec infrastructure network services Vulnerabilities

CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIN...
debian/bind9
ISC BIND>=9.3.0<9.11.36
ISC BIND>=9.12.0<9.16.22
ISC BIND>=9.17.0<9.17.19
ISC BIND=9.9.3-s1
ISC BIND=9.9.12-s1
and 46 more
CVE-2020-27304
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request AP...
Civetweb Project Civetweb>=1.8<1.15
Siemens Sinec Infrastructure Network Services<1.0.1.1
CVE-2021-22947
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
redhat/curl<7.79.0
and 62 more
CVE-2021-22946
curl. Multiple issues were addressed by updating to curl version 7.79.1.
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.2
redhat/curl<0:7.61.1-12.el8_2.4
debian/curl<=7.64.0-4+deb10u2
Apple macOS Monterey<12.3
IBM QRadar SIEM<=7.5.0 GA
and 68 more
CVE-2021-39135
Npmjs Arborist<2.8.2
Npmjs Npm<7.20.7
Oracle GraalVM=20.3.3
Oracle GraalVM=21.2.0
Siemens Sinec Infrastructure Network Services<1.0.1.1
CVE-2021-39134
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts...
Npmjs Arborist<2.8.2
Npmjs Npm<7.20.7
Oracle GraalVM=20.3.3
Oracle GraalVM=21.2.0
Siemens Sinec Infrastructure Network Services<1.0.1.1
CVE-2021-37701
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted...
redhat/rh-nodejs14-nodejs<0:14.18.2-1.el7
redhat/rh-nodejs14-nodejs-nodemon<0:2.0.3-6.el7
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
Npmjs Tar<4.4.16
Npmjs Tar>=5.0.0<5.0.8
Npmjs Tar>=6.0.0<6.1.7
and 14 more
CVE-2021-37712
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. T...
redhat/rh-nodejs14-nodejs<0:14.18.2-1.el7
redhat/rh-nodejs14-nodejs-nodemon<0:2.0.3-6.el7
redhat/rh-nodejs12-nodejs<0:12.22.12-2.el7
Npmjs Tar<=4.4.17
Npmjs Tar>=5.0.0<=5.0.9
Npmjs Tar>=6.0.0<=6.1.8
and 19 more
CVE-2021-3712
OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this ...
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 79 more
CVE-2021-22931
A flaw was found in Node.js. These vulnerabilities include remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name S...
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
redhat/nodejs<12.22.5
redhat/nodejs<14.17.5
redhat/nodejs<16.6.2
and 18 more
CVE-2021-22939
Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, an attacker could exp...
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
redhat/nodejs<12.22.5
redhat/nodejs<14.17.5
redhat/nodejs<16.6.2
and 26 more
CVE-2021-22940
Node.js could allow a remote attacker to bypass security restrictions, caused by an incomplete fix for CVE-2021-22930 related to a use-after-free on close http2 on stream canceling. An attacker could ...
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
redhat/nodejs<12.22.5
redhat/nodejs<14.17.5
redhat/nodejs<16.6.2
and 24 more
CVE-2021-22926
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is buil...
Haxx Curl>=7.33.0<7.78.0
Netapp Active Iq Unified Manager Vmware Vsphere
Netapp Active Iq Unified Manager Windows
NetApp Clustered Data ONTAP
Netapp Hci Management Node
NetApp OnCommand Insight
and 40 more
CVE-2021-32804
Node.js tar module could allow a local attacker to traverse directories on the system, caused by insufficient absolute path sanitization. An attacker could use a specially-crafted tar file containing ...
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
Tar Project Tar<3.2.2
Tar Project Tar>=4.0.0<4.4.14
Tar Project Tar>=5.0.0<5.0.6
and 6 more
CVE-2021-32803
### Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted...
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
Tar Project Tar<3.2.3
Tar Project Tar>=4.0.0<4.4.15
Tar Project Tar>=5.0.0<5.0.7
and 14 more
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Dom...
redhat/c-ares<1.17.2
redhat/c-ares<0:1.13.0-6.el8
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
>=1.0.0<1.17.2
and 69 more
CVE-2021-22930
Node.js could allow a remote attacker to bypass security restrictions, caused by a use-after-free on close http2 on stream canceling. An attacker could exploit this vulnerability to corrupt memory to ...
redhat/rh-nodejs14-nodejs<0:14.17.5-1.el7
redhat/rh-nodejs12-nodejs<0:12.22.5-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-5.el7
redhat/nodejs<12.22.4
redhat/nodejs<14.17.4
redhat/nodejs<16.6.0
and 12 more
CVE-2021-22924
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ...
redhat/rh-dotnet31-curl<0:7.61.1-22.el7_9
redhat/curl<0:7.61.1-18.el8_4.1
debian/curl<=7.64.0-4+deb10u2
redhat/curl<7.78.0
Haxx Libcurl>=7.10.4<7.77.0
Fedoraproject Fedora=33
and 98 more
CVE-2021-22923
A flaw was found in curl in the way curl handles credentials when downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to gain access to crede...
redhat/curl<0:7.61.1-18.el8_4.1
redhat/curl<0:7.61.1-12.el8_2.3
redhat/curl<7.78.0
Haxx Curl>=7.27.0<7.78.0
Fedoraproject Fedora=33
Netapp Cloud Backup
and 37 more
CVE-2021-22922
A flaw was found in curl in the way curl handles a file hash mismatch after downloading content using the Metalink feature. This flaw allows malicious actors controlling a hosting server to trick user...
redhat/curl<0:7.61.1-18.el8_4.1
redhat/curl<0:7.61.1-12.el8_2.3
redhat/curl<7.78.0
Haxx Curl>=7.27.0<7.78.0
Fedoraproject Fedora=33
Netapp Cloud Backup
and 37 more
CVE-2021-22921
Node.js could allow a local attacker to gain elevated privileges on the system, caused by improper configuration of permissions in the installation directory. Under certain conditions. An attacker cou...
Nodejs Node.js>=12.0.0<12.22.2
Nodejs Node.js>=14.0.0<14.17.2
Nodejs Node.js>=16.0.0<16.4.1
Microsoft Windows
Siemens Sinec Infrastructure Network Services<1.0.1.1
CVE-2021-22918
Node.js is vulnerable to a denial of service, caused by an out-of-bounds read in the libuv's uv__idna_toascii() function. By invoking the function using dns module's lookup() function, a remote attac...
>=12.0.0<12.22.2
>=14.0.0<14.17.2
>=16.0.0<16.4.1
<1.0.1.1
Nodejs Node.js>=12.0.0<12.22.2
Nodejs Node.js>=14.0.0<14.17.2
and 11 more
CVE-2021-20093
A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticated remote attacker can exploit this issue to disclose heap memory contents or crash the CodeMeter Ru...
Wibu Codemeter<=7.21a
Siemens Pss Cape
Siemens Sicam 230 Firmware
Siemens Sicam 230
Siemens Simatic Information Server=2019-sp1
Siemens Simatic Information Server=2020
and 12 more
CVE-2021-22897
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The se...
Haxx Curl>=7.61.0<=7.76.1
Oracle Communications Cloud Native Core Binding Support Function=1.11.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment=1.10.0
Oracle Communications Cloud Native Core Network Repository Function=1.15.0
Oracle Communications Cloud Native Core Network Repository Function=1.15.1
Oracle Communications Cloud Native Core Network Slice Selection Function=1.8.0
and 45 more
CVE-2021-22925
A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue...
redhat/curl<0:7.61.1-22.el8
Apple Catalina
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM<=7.3.3 GA - 7.3.3 FP10
Apple macOS Big Sur<11.6
and 60 more
CVE-2021-22898
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by a flaw in the option parser for sending NEW_ENV variables. By sending a specially-crafted request using a clear-te...
redhat/curl<0:7.61.1-22.el8
debian/curl<=7.64.0-4+deb10u2
debian/curl<=7.74.0-1.2<=7.64.0-4<=7.64.0-4+deb10u2<=7.64.0-4+deb10u1
Haxx Curl>=7.7<=7.76.1
Debian Debian Linux=9.0
Fedoraproject Fedora=33
and 19 more
CVE-2021-22901
A use-after-free flaw was found in the way curl handled TLS session data. The curl versions using the OpenSSL library as their TLS backend could use freed memory after TLS session renegotiation was pe...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 68 more
CVE-2021-25216
ISC BIND TKEY Query Integer Overflow Remote Code Execution Vulnerability
debian/bind9
ISC BIND
debian/bind9<=1:9.11.5.P4+dfsg-5.1<=1:9.11.5.P4+dfsg-5.1+deb10u3<=1:9.16.13-1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ISC BIND>=9.0.0<9.11.31
and 42 more
CVE-2021-25215
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of th...
debian/bind9<=1:9.11.5.P4+dfsg-5.1+deb10u3<=1:9.11.5.P4+dfsg-5.1<=1:9.16.13-1
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
debian/bind9
Debian Debian Linux=9.0
and 47 more
CVE-2021-25214
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17....
debian/bind9
debian/bind9<=1:9.11.5.P4+dfsg-5.1<=1:9.16.13-1<=1:9.11.5.P4+dfsg-5.1+deb10u3
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
ISC BIND>=9.8.5<=9.8.8
and 47 more
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it...
rust/openssl-src<111.15.0
debian/openssl
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
OpenSSL OpenSSL>=1.1.1<1.1.1k
and 202 more
CVE-2021-22890
curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 28 more
CVE-2021-22876
cURL libcurl could allow a remote attacker to obtain sensitive information, caused by the failure to strip off user credentials from the URL when automatically populating the Referer: HTTP request hea...
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 34 more
CVE-2021-23362
Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the fromUrl function in index.js. By sending a specially-crafted r...
redhat/rh-nodejs12-nodejs<0:12.22.2-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-2.el7
redhat/rh-nodejs14-nodejs<0:14.17.2-1.el7
redhat/rh-nodejs14-nodejs-nodemon<0:2.0.3-2.el7
Npmjs Hosted-git-info>=2.0.0<2.8.9
Npmjs Hosted-git-info>=3.0.0<3.0.8
and 1 more
CVE-2021-27290
npm `ssri` 5.2.2-6.0.1 and 7.0.0-8.0.0, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to de...
npm/ssri=8.0.0
npm/ssri>=7.0.0<7.1.1
npm/ssri>=5.2.2<6.0.2
redhat/ssri<8.0.1
redhat/ssri<7.1.1
redhat/ssri<6.0.2
and 10 more
CVE-2021-22883
Node.js is vulnerable to a denial of service, caused by a file descriptor leak. By making multiple attempts to connect with an 'unknownProtocol', an attacker could exploit this vulnerability to lead t...
redhat/rh-nodejs10-nodejs<0:10.24.0-1.el7
redhat/rh-nodejs14-nodejs<0:14.16.0-1.el7
redhat/rh-nodejs12-nodejs<0:12.21.0-1.el7
ubuntu/nodejs<10.19.0~dfsg-3ubuntu1.2
ubuntu/nodejs<12.21.0~dfsg-1
Nodejs Node.js>=10.0.0<10.24.0
and 17 more
CVE-2021-22884
Node.js is vulnerable to a denial of service, caused by an error when the whitelist includes "localhost6". By controlling the victim's DNS server or spoofing its responses, an attacker could exploit t...
ubuntu/nodejs<8.10.0~dfsg-2ubuntu0.4+
ubuntu/nodejs<10.19.0~dfsg-3ubuntu1.2
ubuntu/nodejs<12.21.0~dfsg-1
debian/nodejs
redhat/rh-nodejs10-nodejs<0:10.24.0-1.el7
redhat/rh-nodejs14-nodejs<0:14.16.0-1.el7
and 27 more
CVE-2020-8625
ISC BIND TKEY Query Heap-based Buffer Overflow Remote Code Execution Vulnerability
debian/bind9
debian/bind9<=1:9.11.5.P4+dfsg-5.1+deb10u2<=1:9.11.5.P4+dfsg-5.1<=1:9.16.11-2
ISC BIND
ISC BIND>=9.5.0<=9.11.27
ISC BIND>=9.12.0<=9.16.11
ISC BIND=9.11.3-s1
and 25 more
CVE-2020-8265
A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite metho...
redhat/rh-nodejs14-nodejs<0:14.15.4-2.el7
redhat/rh-nodejs12-nodejs<0:12.20.1-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-1.el7
redhat/rh-nodejs10-nodejs<0:10.23.1-2.el7
Nodejs Node.js>=10.0.0<10.23.1
Nodejs Node.js>=12.0.0<12.20.1
and 21 more
CVE-2020-8287
A flaw was found in nodejs. Affected versions of Node.js allow two copies of a header field in an HTTP request. The first header field is recognized while the second is ignored leading to HTTP request...
redhat/rh-nodejs14-nodejs<0:14.15.4-2.el7
redhat/rh-nodejs12-nodejs<0:12.20.1-1.el7
redhat/rh-nodejs12-nodejs-nodemon<0:2.0.3-1.el7
redhat/rh-nodejs10-nodejs<0:10.23.1-2.el7
Nodejs Node.js>=10.0.0<10.23.1
Nodejs Node.js>=12.0.0<12.20.1
and 23 more
CVE-2020-8286
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 67 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-8285
curl. A buffer overflow was addressed with improved input validation.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 105 more
CVE-2020-8284
curl. This issue was addressed with improved checks.
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 113 more
CVE-2020-7774
### Overview The npm package `y18n` before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POC ```js const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.u...
npm/y18n>=5.0.0<5.0.5
npm/y18n=4.0.0
npm/y18n<3.2.2
IBM Security Verify Governance<=10.0
<3.2.2
>=5.0.0<5.0.5
and 13 more
CVE-2020-8231
A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience l...
redhat/curl<0:7.61.1-18.el8
debian/curl
debian/curl<=7.64.0-4+deb10u1<=7.64.0-4<=7.68.0-1
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
and 8 more
CVE-2020-8177
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
debian/curl
debian/curl<=7.68.0-1<=7.52.1-1<=7.52.1-5+deb9u10<=7.64.0-4+deb10u1<=7.64.0-1
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
Haxx Curl>=7.20.0<=7.70.0
and 47 more
CVE-2020-15358
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
IBM Security Verify Access<=10.0.0
Apple iCloud for Windows<7.21
Apple macOS Big Sur<11.0.1
Google Android
Apple macOS Big Sur<11.2
Apple Catalina
and 27 more
CVE-2020-8169
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).
redhat/jbcs-httpd24<0:1-18.el8
redhat/jbcs-httpd24-apr<0:1.6.3-105.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-82.el8
redhat/jbcs-httpd24-brotli<0:1.0.6-40.el8
redhat/jbcs-httpd24-curl<0:7.77.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-74.el8
and 24 more
CVE-2020-13871
SQLite is vulnerable to a denial of service, caused by a use-after-free in resetAccumulator in select.c. By sending a specially crafted request, a remote attacker could exploit this vulnerability to c...
IBM Data Risk Manager<=2.0.6
SQLite SQLite=3.32.2
Fedoraproject Fedora=33
Debian Debian Linux=9.0
Oracle Communications Messaging Server=8.1
Oracle Communications Network Charging And Control=6.0.1
and 9 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203