CVE-2022-21824
- EPSS 21.51%
- Veröffentlicht 24.02.2022 19:15:10
- Zuletzt bearbeitet 21.11.2024 06:45:30
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, whi...
CVE-2021-44531
- EPSS 8.37%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting U...
CVE-2021-44532
- EPSS 10.36%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an inje...
CVE-2021-44533
- EPSS 9.36%
- Veröffentlicht 24.02.2022 19:15:09
- Zuletzt bearbeitet 21.11.2024 06:31:10
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a m...
- EPSS 1.27%
- Veröffentlicht 19.01.2022 12:15:16
- Zuletzt bearbeitet 21.11.2024 06:44:33
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v...
- EPSS 3.02%
- Veröffentlicht 19.01.2022 12:15:16
- Zuletzt bearbeitet 21.11.2024 06:44:34
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows hi...
CVE-2021-35639
- EPSS 1.66%
- Veröffentlicht 20.10.2021 11:17:17
- Zuletzt bearbeitet 21.11.2024 06:12:42
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi...
CVE-2021-35604
- EPSS 2.5%
- Veröffentlicht 20.10.2021 11:17:06
- Zuletzt bearbeitet 21.11.2024 06:12:37
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mu...
CVE-2021-35583
- EPSS 2.97%
- Veröffentlicht 20.10.2021 11:16:57
- Zuletzt bearbeitet 21.11.2024 06:12:34
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple proto...
CVE-2021-22946
- EPSS 4.22%
- Veröffentlicht 29.09.2021 20:15:08
- Zuletzt bearbeitet 16.04.2026 15:16:44
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This ...