exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 21 of 21 RSS Feed

CVE-2021-22876

Status Candidate

Overview

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Related Files

Red Hat Security Advisory 2022-1396-01
Posted Apr 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1396-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-25709, CVE-2020-25710, CVE-2021-0920, CVE-2021-20231, CVE-2021-20232, CVE-2021-21684, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23177, CVE-2021-28153, CVE-2021-31566
SHA-256 | 9c6ace15db6cc4f4efff553e069be87d1d00778ed7287b08bb97673bf221855f
Red Hat Security Advisory 2022-1354-01
Posted Apr 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1354-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-22876, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947
SHA-256 | ebde07dce286b9dea0985f0dc954ffea909c665c9cd6016197d8bcb497e1f4f9
Red Hat Security Advisory 2022-1081-01
Posted Mar 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1081-01 - Gatekeeper Operator v0.2 Gatekeeper is an open source project that applies the OPA Constraint Framework to enforce policies on your Kubernetes clusters. This advisory contains the container images for Gatekeeper that include security updates, and container upgrades. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23177, CVE-2021-28153, CVE-2021-31566, CVE-2021-3200, CVE-2021-33560, CVE-2021-3445, CVE-2021-3521, CVE-2021-3580, CVE-2021-36084
SHA-256 | 35e0984360562b4b8fbf9fe40fae589355479f6f0de58360c9bbc860cb6a290e
Red Hat Security Advisory 2022-0856-01
Posted Mar 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0856-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-0465, CVE-2020-0466, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-25709, CVE-2020-25710, CVE-2021-0920, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23434, CVE-2021-25214, CVE-2021-27645, CVE-2021-28153
SHA-256 | 9d0db7328025daa790592d6c412ef4759f15b7dc4e7abefad1619ea7ee5f214b
Red Hat Security Advisory 2022-0842-01
Posted Mar 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0842-01 - Red Hat OpenStack Platform 16.2 (Train) director Operator containers are available for technology preview. A security fix for golang was added.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-27645, CVE-2021-28153, CVE-2021-3200, CVE-2021-33560, CVE-2021-33574, CVE-2021-3426, CVE-2021-3445, CVE-2021-3521, CVE-2021-3572
SHA-256 | 80b74ed477449b078e64bfe4b351cf3ae8952086a5b337aeaac32eb932f1b39e
Red Hat Security Advisory 2022-0580-01
Posted Feb 18, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0580-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a traversal vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-4658, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14145, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20271, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-27645, CVE-2021-28153, CVE-2021-3200, CVE-2021-33560, CVE-2021-33574
SHA-256 | 14e508f8b5ba4605bd8db42f72278f20a3b7e049cd664a90973860fae75556f7
Red Hat Security Advisory 2022-0434-05
Posted Feb 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0434-05 - This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7, 4.8, and 4.9, and includes security and bug fixes and enhancements. For more information, see the documentation listed in the References section. Issues addressed include a memory exhaustion vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-27645, CVE-2021-28153, CVE-2021-29923, CVE-2021-3200, CVE-2021-33560, CVE-2021-33574, CVE-2021-3445, CVE-2021-3580
SHA-256 | 14491b7281705745bd03aadc7664ab3c3eb0abe1d341718c8e9103905c3784c3
Red Hat Security Advisory 2022-0318-06
Posted Jan 28, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0318-06 - An update is now available for Red Hat Openshift distributed tracing 2.1.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-27645, CVE-2021-28153, CVE-2021-29923, CVE-2021-3200, CVE-2021-33560, CVE-2021-33574, CVE-2021-3426, CVE-2021-3445
SHA-256 | 95488ca2caa7c12ad10f5f7f0dc4422f0de507352639644a064fa20f4e8371c8
Red Hat Security Advisory 2021-5038-04
Posted Dec 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5038-04 - Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14145, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-36385, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-20271, CVE-2021-20317, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947
SHA-256 | 8c3861dc2826e4a0c7c98f1040e5e156c43227dbe0c19621db0bee3cb77b04e4
Red Hat Security Advisory 2021-4914-06
Posted Dec 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4914-06 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains the following OpenShift Virtualization 4.8.3 images: RHEL-8-CNV-4.8.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-25648, CVE-2020-36385, CVE-2021-0512, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-20317, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947
SHA-256 | fd59966d097a080a7ded93322ccdd6a60d15159920ee6f8c093487695abfb467
Red Hat Security Advisory 2021-4902-06
Posted Dec 2, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4902-06 - The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.

tags | advisory, remote, web, denial of service, shell, vulnerability
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-27304, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23343, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
SHA-256 | 16dee4f5e0086cb542abff81a08f987124ff16a3f3637cd31b0568fd6f07ae13
Red Hat Security Advisory 2021-4848-07
Posted Nov 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4848-07 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include code execution and denial of service vulnerabilities.

tags | advisory, web, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14145, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-22946, CVE-2021-22947, CVE-2021-23840, CVE-2021-23841, CVE-2021-27218
SHA-256 | 19f369ca91efe5e627e3b6624c087f231da83297e68708c5e0fb2378ecc2b10e
Red Hat Security Advisory 2021-4845-05
Posted Nov 29, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4845-05 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2020-26301, CVE-2020-28493, CVE-2020-8037, CVE-2021-20095, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645
SHA-256 | bd99ec51cad85f3c9c41b87c768abf6cf973e23f96461a729a58645e519e2a99
Red Hat Security Advisory 2021-4032-01
Posted Nov 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4032-01 - Openshift Logging Bug Fix Release. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20673, CVE-2019-13750, CVE-2019-13751, CVE-2019-17594, CVE-2019-17595, CVE-2019-18218, CVE-2019-19603, CVE-2019-20838, CVE-2019-5827, CVE-2020-12762, CVE-2020-13435, CVE-2020-14155, CVE-2020-16135, CVE-2020-24370, CVE-2021-20231, CVE-2021-20232, CVE-2021-20266, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925, CVE-2021-23369, CVE-2021-23383, CVE-2021-23840, CVE-2021-23841, CVE-2021-27645, CVE-2021-28153
SHA-256 | 14f971ee6ac97f93b8de4d06c668c3a26b4bb107cba2ed6ee7eacb091fa3dcc7
Red Hat Security Advisory 2021-4511-03
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4511-03 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

tags | advisory, web, protocol
systems | linux, redhat
advisories | CVE-2021-22876, CVE-2021-22898, CVE-2021-22925
SHA-256 | 2e46a027c588cbe0cdcfacc48339fcf0997de2753cc0d17bbca766f66b962484
Red Hat Security Advisory 2021-2472-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618
SHA-256 | 19735da2179172dfd4dafbdef97ffa2abdb672d9b8f5865fe7fd9e743f621ed9
Red Hat Security Advisory 2021-2471-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618
SHA-256 | c503b0c9787ff152a79b6411488dd21ecce7fa317d626248d8da273122c8eb96
Gentoo Linux Security Advisory 202105-36
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-36 - Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Versions less than 7.77.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901
SHA-256 | 27d653e9c404fce8a51dc5b8eb56846b8d6b8bc2c806dad855056460e4cd9d0d
Ubuntu Security Notice USN-4903-1
Posted Apr 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2021-22876
SHA-256 | 02c8361a95e70f06ae715eb14ee9a526a590f4cc220b11e1c03c911317a1febf
Ubuntu Security Notice USN-4898-1
Posted Mar 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4898-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Mingtao Yang discovered that curl incorrectly handled session tickets when using an HTTPS proxy. A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2021-22876, CVE-2021-22890
SHA-256 | 22173ed9e34384a637f436fbee924cd1e6f822bde6b4c5d87b6d0061740ea569
Debian Security Advisory 4881-1
Posted Mar 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4881-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890
SHA-256 | bc9e30e2495c14523abe0253c23adf2b8510b307a08eb0748a5275eab7b6de70
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close