All the vulnerabilites related to apache - guacamole
var-202106-0521
Vulnerability from variot
curl 7.7 through 7.76.1 suffers from an information disclosure when the -t
command line option, known as CURLOPT_TELNETOPTIONS
in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl Exists in a flaw in resource initialization.Information may be obtained. ==========================================================================
Ubuntu Security Notice USN-5021-1
July 22, 2021
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in curl. (CVE-2021-22898, CVE-2021-22925)
Harry Sintonen discovered that curl incorrectly reused connections in the connection pool. This could result in curl reusing the wrong connections. (CVE-2021-22924)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: curl 7.74.0-1ubuntu2.1 libcurl3-gnutls 7.74.0-1ubuntu2.1 libcurl3-nss 7.74.0-1ubuntu2.1 libcurl4 7.74.0-1ubuntu2.1
Ubuntu 20.04 LTS: curl 7.68.0-1ubuntu2.6 libcurl3-gnutls 7.68.0-1ubuntu2.6 libcurl3-nss 7.68.0-1ubuntu2.6 libcurl4 7.68.0-1ubuntu2.6
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.14 libcurl3-gnutls 7.58.0-2ubuntu3.14 libcurl3-nss 7.58.0-2ubuntu3.14 libcurl4 7.58.0-2ubuntu3.14
In general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2021:4511-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4511 Issue date: 2021-11-09 CVE Names: CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 ==================================================================== 1. Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: TELNET stack contents disclosure (CVE-2021-22898)
-
curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. 1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure 1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-22.el8.src.rpm
aarch64: curl-7.61.1-22.el8.aarch64.rpm curl-debuginfo-7.61.1-22.el8.aarch64.rpm curl-debugsource-7.61.1-22.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-22.el8.aarch64.rpm libcurl-7.61.1-22.el8.aarch64.rpm libcurl-debuginfo-7.61.1-22.el8.aarch64.rpm libcurl-devel-7.61.1-22.el8.aarch64.rpm libcurl-minimal-7.61.1-22.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8.aarch64.rpm
ppc64le: curl-7.61.1-22.el8.ppc64le.rpm curl-debuginfo-7.61.1-22.el8.ppc64le.rpm curl-debugsource-7.61.1-22.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-22.el8.ppc64le.rpm libcurl-7.61.1-22.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-22.el8.ppc64le.rpm libcurl-devel-7.61.1-22.el8.ppc64le.rpm libcurl-minimal-7.61.1-22.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-22.el8.ppc64le.rpm
s390x: curl-7.61.1-22.el8.s390x.rpm curl-debuginfo-7.61.1-22.el8.s390x.rpm curl-debugsource-7.61.1-22.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-22.el8.s390x.rpm libcurl-7.61.1-22.el8.s390x.rpm libcurl-debuginfo-7.61.1-22.el8.s390x.rpm libcurl-devel-7.61.1-22.el8.s390x.rpm libcurl-minimal-7.61.1-22.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-22.el8.s390x.rpm
x86_64: curl-7.61.1-22.el8.x86_64.rpm curl-debuginfo-7.61.1-22.el8.i686.rpm curl-debuginfo-7.61.1-22.el8.x86_64.rpm curl-debugsource-7.61.1-22.el8.i686.rpm curl-debugsource-7.61.1-22.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-22.el8.i686.rpm curl-minimal-debuginfo-7.61.1-22.el8.x86_64.rpm libcurl-7.61.1-22.el8.i686.rpm libcurl-7.61.1-22.el8.x86_64.rpm libcurl-debuginfo-7.61.1-22.el8.i686.rpm libcurl-debuginfo-7.61.1-22.el8.x86_64.rpm libcurl-devel-7.61.1-22.el8.i686.rpm libcurl-devel-7.61.1-22.el8.x86_64.rpm libcurl-minimal-7.61.1-22.el8.i686.rpm libcurl-minimal-7.61.1-22.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-22.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-22.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrePtzjgjWX9erEAQi1vg/+NwMM5Xa95S/32eA64QYnxTQcWSn6wyzC wHAIvXVu4L9kZrLqCm2zeO6US0KFZ6tCEgjamDjgO+9b1mYso3b3R2DDTbWtq4i+ gsbCths+Bqhn45Qsk9kQdhznS/MF+tWeNK06KnkJ02NmgxcuISWLQirx32Xc230e Hs0P9TarBo04m+6HDC7CeloD8rkqpQJ4nJhX8hujaEUbukSPlkizyT/IlWTAFR9l GLZfIkFpifNqtQzn9j6dxcefXq0BcMfAMsSbRsh7E0oJGi9x79ySEO+r5b4dlsqK 30PfEJxjrFZN3TuqzbG7pfdpKRRmUzdXCHpxb5MxXrkeD7xuzPomrorKayUIQi6g YhESs4khV+i+6zqCNHpYdBcDbxuiYJ1w80kg/31YC7u7YEI4IlMISzw7CctzQEhk +SqVOVKxI8Rn7OZSzb3cR6LubmR1UihMblYHHgaJ9mA7r9zAC7evddzhkxMtQ42P 81V3u0YaZKxWAy8d/brDz2YS/1Y7nnGsjNUaRZxTlWxbcjSz2cf/DPu8A5IiHS6T M/OA8MBC4mFkQkBf4v5PKWBZe6K+gEfmJzfjlQ8nTFhYhHwNtC1z8tMP42ugNGYY ejAfwtZ5Tw3AnuOBeb+bm148KSd/W1UPSUyJh6IrgwzMbkfDNKmKy+7gaIXZ3otd clmEcx7lYW4=7Kqb -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 General Availability release images, which provide one or more container updates and bug fixes. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console — with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
CVE-2021-3795 semver-regex: inefficient regular expression complexity
-
CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
Related bugs:
-
RHACM 2.2.10 images (Bugzilla #2013652)
-
Bugs fixed (https://bugzilla.redhat.com/):
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images
- Summary:
The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0521", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "curl", "scope": "gte", "trust": 1.0, "vendor": "haxx", "version": "7.7" }, { "model": "mysql server", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "5.7.34" }, { "model": "communications cloud native core network slice selection function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.8.0" }, { "model": "universal forwarder", "scope": "eq", "trust": 1.0, "vendor": "splunk", "version": "9.1.0" }, { "model": "universal forwarder", "scope": "gte", "trust": 1.0, "vendor": "splunk", "version": "8.2.0" }, { "model": "universal forwarder", "scope": "gte", "trust": 1.0, "vendor": "splunk", "version": "9.0.0" }, { "model": "curl", "scope": "lte", "trust": 1.0, "vendor": "haxx", "version": "7.76.1" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "universal forwarder", "scope": "lt", "trust": 1.0, "vendor": "splunk", "version": "9.0.6" }, { "model": "mysql server", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "8.0.25" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "communications cloud native core binding support function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.11.0" }, { "model": "communications cloud native core network function cloud native environment", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "communications cloud native core service communication proxy", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.15.0" }, { "model": "essbase", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "21.0" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.15.0" }, { "model": "essbase", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "21.3" }, { "model": "universal forwarder", "scope": "lt", "trust": 1.0, "vendor": "splunk", "version": "8.2.12" }, { "model": "essbase", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "11.1.2.4.047" }, { "model": "communications cloud native core network repository function", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "1.15.1" }, { "model": "oracle essbase server", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "mysql", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "guacamole", "scope": null, "trust": 0.8, "vendor": "apache", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "curl", "scope": null, "trust": 0.8, "vendor": "haxx", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "NVD", "id": "CVE-2021-22898" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.76.1", "versionStartIncluding": "7.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.0.25", "versionStartIncluding": "8.0.15", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.7.34", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "21.3", "versionStartIncluding": "21.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "11.1.2.4.047", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22898" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "164886" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165099" } ], "trust": 0.6 }, "cve": "CVE-2021-22898", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 2.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-22898", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 1.6, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.1, "baseSeverity": "Low", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2021-22898", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22898", "trust": 1.8, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202105-1685", "trust": 0.6, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2021-22898", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22898" }, { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "CNNVD", "id": "CNNVD-202105-1685" }, { "db": "NVD", "id": "CVE-2021-22898" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl Exists in a flaw in resource initialization.Information may be obtained. ==========================================================================\nUbuntu Security Notice USN-5021-1\nJuly 22, 2021\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. (CVE-2021-22898,\nCVE-2021-22925)\n\nHarry Sintonen discovered that curl incorrectly reused connections in the\nconnection pool. This could result in curl reusing the wrong connections. \n(CVE-2021-22924)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n curl 7.74.0-1ubuntu2.1\n libcurl3-gnutls 7.74.0-1ubuntu2.1\n libcurl3-nss 7.74.0-1ubuntu2.1\n libcurl4 7.74.0-1ubuntu2.1\n\nUbuntu 20.04 LTS:\n curl 7.68.0-1ubuntu2.6\n libcurl3-gnutls 7.68.0-1ubuntu2.6\n libcurl3-nss 7.68.0-1ubuntu2.6\n libcurl4 7.68.0-1ubuntu2.6\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.14\n libcurl3-gnutls 7.58.0-2ubuntu3.14\n libcurl3-nss 7.58.0-2ubuntu3.14\n libcurl4 7.58.0-2ubuntu3.14\n\nIn general, a standard system update will make all the necessary changes. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1775 - [release-5.2] Syslog output is serializing json incorrectly\nLOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing\nLOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1]\nLOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2021:4511-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4511\nIssue date: 2021-11-09\nCVE Names: CVE-2021-22876 CVE-2021-22898 CVE-2021-22925\n====================================================================\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: TELNET stack contents disclosure (CVE-2021-22898)\n\n* curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n(CVE-2021-22925)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1947493 - Why there is a difference between curl --head output on the RHEL7 and RHEL8. \n1964887 - CVE-2021-22898 curl: TELNET stack contents disclosure\n1970902 - CVE-2021-22925 curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-22.el8.src.rpm\n\naarch64:\ncurl-7.61.1-22.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-22.el8.aarch64.rpm\ncurl-debugsource-7.61.1-22.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8.aarch64.rpm\nlibcurl-7.61.1-22.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-22.el8.aarch64.rpm\nlibcurl-devel-7.61.1-22.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-22.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-22.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-22.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-22.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8.ppc64le.rpm\nlibcurl-7.61.1-22.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-22.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-22.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-22.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-22.el8.s390x.rpm\ncurl-debuginfo-7.61.1-22.el8.s390x.rpm\ncurl-debugsource-7.61.1-22.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8.s390x.rpm\nlibcurl-7.61.1-22.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-22.el8.s390x.rpm\nlibcurl-devel-7.61.1-22.el8.s390x.rpm\nlibcurl-minimal-7.61.1-22.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-22.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-22.el8.i686.rpm\ncurl-debuginfo-7.61.1-22.el8.x86_64.rpm\ncurl-debugsource-7.61.1-22.el8.i686.rpm\ncurl-debugsource-7.61.1-22.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-22.el8.x86_64.rpm\nlibcurl-7.61.1-22.el8.i686.rpm\nlibcurl-7.61.1-22.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-22.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-22.el8.x86_64.rpm\nlibcurl-devel-7.61.1-22.el8.i686.rpm\nlibcurl-devel-7.61.1-22.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-22.el8.i686.rpm\nlibcurl-minimal-7.61.1-22.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-22.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22898\nhttps://access.redhat.com/security/cve/CVE-2021-22925\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrePtzjgjWX9erEAQi1vg/+NwMM5Xa95S/32eA64QYnxTQcWSn6wyzC\nwHAIvXVu4L9kZrLqCm2zeO6US0KFZ6tCEgjamDjgO+9b1mYso3b3R2DDTbWtq4i+\ngsbCths+Bqhn45Qsk9kQdhznS/MF+tWeNK06KnkJ02NmgxcuISWLQirx32Xc230e\nHs0P9TarBo04m+6HDC7CeloD8rkqpQJ4nJhX8hujaEUbukSPlkizyT/IlWTAFR9l\nGLZfIkFpifNqtQzn9j6dxcefXq0BcMfAMsSbRsh7E0oJGi9x79ySEO+r5b4dlsqK\n30PfEJxjrFZN3TuqzbG7pfdpKRRmUzdXCHpxb5MxXrkeD7xuzPomrorKayUIQi6g\nYhESs4khV+i+6zqCNHpYdBcDbxuiYJ1w80kg/31YC7u7YEI4IlMISzw7CctzQEhk\n+SqVOVKxI8Rn7OZSzb3cR6LubmR1UihMblYHHgaJ9mA7r9zAC7evddzhkxMtQ42P\n81V3u0YaZKxWAy8d/brDz2YS/1Y7nnGsjNUaRZxTlWxbcjSz2cf/DPu8A5IiHS6T\nM/OA8MBC4mFkQkBf4v5PKWBZe6K+gEfmJzfjlQ8nTFhYhHwNtC1z8tMP42ugNGYY\nejAfwtZ5Tw3AnuOBeb+bm148KSd/W1UPSUyJh6IrgwzMbkfDNKmKy+7gaIXZ3otd\nclmEcx7lYW4=7Kqb\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 General\nAvailability release images, which provide one or more container updates\nand bug fixes. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. \n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which provide security fixes, bug fixes and\ncontainer upgrades. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-3795 semver-regex: inefficient regular expression complexity\n\n* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of\nCVE-2019-10747\n\nRelated bugs: \n\n* RHACM 2.2.10 images (Bugzilla #2013652)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity\n2013652 - RHACM 2.2.10 images\n\n5. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.5.2 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution\n2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport)\n2006842 - MigCluster CR remains in \"unready\" state and source registry is inaccessible after temporary shutdown of source cluster\n2007429 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2021-22898" }, { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "VULMON", "id": "CVE-2021-22898" }, { "db": "PACKETSTORM", "id": "163637" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "164886" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165099" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22898", "trust": 4.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/07/21/4", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.6 }, { "db": "HACKERONE", "id": "1176461", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2021-008167", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "163637", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "164886", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165209", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "165099", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "166308", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165096", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165129", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165002", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166489", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "162817", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "169318", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165135", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165633", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166051", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165862", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "166789", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "165758", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060321", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021072212", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021111131", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060128", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021122914", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071312", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052711", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021080210", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021052620", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022031104", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3935", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4266", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4172", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4229", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1071", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0716", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3905", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0245", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4095", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2295", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4059", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4254", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3748", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.4019", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0493", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1859", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1837", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2526", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2755", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0394", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1677", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.3146", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2494", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.1841", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202105-1685", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-22898", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165296", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165287", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165631", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22898" }, { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "PACKETSTORM", "id": "163637" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "164886" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165099" }, { "db": "CNNVD", "id": "CNNVD-202105-1685" }, { "db": "NVD", "id": "CVE-2021-22898" } ] }, "id": "VAR-202106-0521", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2024-06-17T11:37:18.530000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Oracle\u00a0Critical\u00a0Patch\u00a0Update\u00a0Advisory\u00a0-\u00a0January\u00a02022", "trust": 0.8, "url": "https://lists.apache.org/thread/ypcjpttlozwxngl5s2x4gco3hnbmx1t8" }, { "title": "HAXX libcurl Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=155744" }, { "title": "Debian CVElist Bug Report Logs: curl: CVE-2021-22898: TELNET stack contents disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=06890b233289ebfb9c405fee6437c7b1" }, { "title": "Red Hat: CVE-2021-22898", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2021-22898" }, { "title": "Amazon Linux AMI: ALAS-2021-1509", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2021-1509" }, { "title": "Arch Linux Advisories: [ASA-202106-9] lib32-libcurl-gnutls: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202106-9" }, { "title": "Arch Linux Advisories: [ASA-202106-8] libcurl-gnutls: information disclosure", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202106-8" }, { "title": "Amazon Linux 2: ALAS2-2021-1653", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1653" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-22898 log" }, { "title": "Arch Linux Advisories: [ASA-202106-4] curl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202106-4" }, { "title": "Arch Linux Advisories: [ASA-202106-7] lib32-libcurl-compat: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202106-7" }, { "title": "Arch Linux Advisories: [ASA-202106-5] lib32-curl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202106-5" }, { "title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-60" }, { "title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-61" }, { "title": "Arch Linux Advisories: [ASA-202106-6] libcurl-compat: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202106-6" }, { "title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-64" }, { "title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-62" }, { "title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-63" }, { "title": "Amazon Linux 2: ALAS2-2021-1700", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1700" }, { "title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-59" }, { "title": "Debian Security Advisories: DSA-5197-1 curl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d9b734e3e9b6712333c95a6263dead82" }, { "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220434 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220318 - security advisory" }, { "title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220842 - security advisory" }, { "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221081 - security advisory" }, { "title": "Red Hat: Important: Red Hat OpenShift GitOps security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220580 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220856 - security advisory" }, { "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221396 - security advisory" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "CVE-2021-22898", "trust": 0.1, "url": "https://github.com/alaial90/cve-2021-22898 " }, { "title": "", "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-22898 " }, { "title": "trivy-operator", "trust": 0.1, "url": "https://github.com/devopstales/trivy-operator " }, { "title": "log4jnotes", "trust": 0.1, "url": "https://github.com/kenlavbah/log4jnotes " }, { "title": "myapp-container-jaxrs", "trust": 0.1, "url": "https://github.com/akiraabe/myapp-container-jaxrs " } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22898" }, { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "CNNVD", "id": "CNNVD-202105-1685" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-909", "trust": 1.0 }, { "problemtype": "Inadequate resource initialization (CWE-909) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "NVD", "id": "CVE-2021-22898" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.openwall.com/lists/oss-security/2021/07/21/4" }, { "trust": 1.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.6, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.6, "url": "https://www.debian.org/security/2022/dsa-5197" }, { "trust": 1.6, "url": "https://curl.se/docs/cve-2021-22898.html" }, { "trust": 1.6, "url": "https://hackerone.com/reports/1176461" }, { "trust": 1.6, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.6, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.6, "url": "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "trust": 1.2, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/pooc3uv7v6l4cj5ka2ptwtnuv5y72t3q/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.6, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3cissues.guacamole.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/pooc3uv7v6l4cj5ka2ptwtnuv5y72t3q/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0245" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1841" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3905" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3748" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165862/red-hat-security-advisory-2022-0434-05.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/6494763" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021080210" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0716" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060321" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052620" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166489/red-hat-security-advisory-2022-1081-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/162817/gentoo-linux-security-advisory-202105-36.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0394" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.1859" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021072212" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4059" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/169318/debian-security-advisory-5197-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166789/red-hat-security-advisory-2022-1396-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4254" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4095" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4172" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4266" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1837" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1677" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-was-identified-and-remediated-in-the-ibm-maas360-cloud-extender-v2-103-000-051-and-modules/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021052711" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164886/red-hat-security-advisory-2021-4511-03.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021111131" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2755" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071312" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1071" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4019" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/curl-information-disclosure-via-telnet-new-env-variables-35539" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.3146" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165633/ubuntu-security-notice-usn-5021-2.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165135/red-hat-security-advisory-2021-4914-06.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021122914" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165129/red-hat-security-advisory-2021-4902-06.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165209/red-hat-security-advisory-2021-5038-04.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165096/red-hat-security-advisory-2021-4845-05.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0493" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060128" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2526" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3935" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.4229" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165002/red-hat-security-advisory-2021-4032-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165099/red-hat-security-advisory-2021-4848-07.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166051/red-hat-security-advisory-2022-0580-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2494" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2295" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/163637/ubuntu-security-notice-usn-5021-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/165758/red-hat-security-advisory-2022-0318-06.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166308/red-hat-security-advisory-2022-0842-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022031104" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-14145" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-20266" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-43527" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-3778" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-3796" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35522" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35524" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35521" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-17541" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36331" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-20673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36332" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3481" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25010" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35523" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.2, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-10001" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20317" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-43267" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20271" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3948" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.74.0-1ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.14" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5021-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.6" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24504" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27777" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20239" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36158" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3635" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36386" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3348" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26140" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3487" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26146" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31440" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3732" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-0129" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24502" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3564" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23133" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26144" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3679" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36312" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29368" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24588" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29646" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3489" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29660" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26139" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28971" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14615" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26143" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3600" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26145" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33200" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33033" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20194" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26147" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24503" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14615" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24502" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31829" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26141" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28950" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24587" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24503" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3659" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37136" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-37137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21409" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4511" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3575" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30758" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41617" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30689" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30682" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-18032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1801" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1765" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26927" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20321" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21779" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27828" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1871" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29338" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30734" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26926" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1789" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3272" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0202" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27824" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36385" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5038" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3795" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23440" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3757" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "PACKETSTORM", "id": "163637" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "164886" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165099" }, { "db": "CNNVD", "id": "CNNVD-202105-1685" }, { "db": "NVD", "id": "CVE-2021-22898" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-22898" }, { "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "db": "PACKETSTORM", "id": "163637" }, { "db": "PACKETSTORM", "id": "165296" }, { "db": "PACKETSTORM", "id": "165287" }, { "db": "PACKETSTORM", "id": "164886" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165099" }, { "db": "CNNVD", "id": "CNNVD-202105-1685" }, { "db": "NVD", "id": "CVE-2021-22898" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-11T00:00:00", "db": "VULMON", "id": "CVE-2021-22898" }, { "date": "2022-03-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "date": "2021-07-22T23:15:11", "db": "PACKETSTORM", "id": "163637" }, { "date": "2021-12-15T15:27:05", "db": "PACKETSTORM", "id": "165296" }, { "date": "2021-12-15T15:20:43", "db": "PACKETSTORM", "id": "165287" }, { "date": "2021-11-10T17:12:32", "db": "PACKETSTORM", "id": "164886" }, { "date": "2022-01-20T17:48:29", "db": "PACKETSTORM", "id": "165631" }, { "date": "2021-12-09T14:50:37", "db": "PACKETSTORM", "id": "165209" }, { "date": "2021-11-30T14:44:48", "db": "PACKETSTORM", "id": "165099" }, { "date": "2021-05-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1685" }, { "date": "2021-06-11T16:15:11.043000", "db": "NVD", "id": "CVE-2021-22898" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2021-22898" }, { "date": "2022-03-07T02:20:00", "db": "JVNDB", "id": "JVNDB-2021-008167" }, { "date": "2023-06-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202105-1685" }, { "date": "2024-03-27T15:47:36.380000", "db": "NVD", "id": "CVE-2021-22898" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "163637" }, { "db": "CNNVD", "id": "CNNVD-202105-1685" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "curl\u00a0 Vulnerability in resource initialization deficiency in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008167" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202105-1685" } ], "trust": 0.6 } }
var-201702-0415
Vulnerability from variot
Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed. Guacamole is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Guacamole 0.9.8 and 0.9.9 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0415", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "eq", "trust": 1.8, "vendor": "apache", "version": "0.9.8" }, { "model": "guacamole", "scope": "eq", "trust": 1.8, "vendor": "apache", "version": "0.9.9" }, { "model": "guacamole", "scope": "eq", "trust": 0.6, "vendor": "guac dev", "version": "0.9.8" }, { "model": "guacamole", "scope": "eq", "trust": 0.6, "vendor": "guac dev", "version": "0.9.9" }, { "model": "guacamole", "scope": "eq", "trust": 0.3, "vendor": "guacamole", "version": "0.9.9" }, { "model": "guacamole", "scope": "eq", "trust": 0.3, "vendor": "guacamole", "version": "0.9.8" } ], "sources": [ { "db": "BID", "id": "96366" }, { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "NVD", "id": "CVE-2016-1566" }, { "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:0.9.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:guacamole:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-1566" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guacamole", "sources": [ { "db": "BID", "id": "96366" } ], "trust": 0.3 }, "cve": "CVE-2016-1566", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-1566", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.4, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2016-1566", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-1566", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201702-008", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "NVD", "id": "CVE-2016-1566" }, { "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed. Guacamole is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nGuacamole 0.9.8 and 0.9.9 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2016-1566" }, { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "BID", "id": "96366" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-1566", "trust": 2.7 }, { "db": "JVNDB", "id": "JVNDB-2016-007113", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201702-008", "trust": 0.6 }, { "db": "BID", "id": "96366", "trust": 0.3 } ], "sources": [ { "db": "BID", "id": "96366" }, { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "NVD", "id": "CVE-2016-1566" }, { "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "id": "VAR-201702-0415", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-18T12:04:40.825000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "http://guacamole.apache.org/" }, { "title": "Security Advisory - Stored XSS (CVE-2016-1566 / GUAC-1465)", "trust": 0.8, "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" }, { "title": "Apache Guacamole Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67398" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "NVD", "id": "CVE-2016-1566" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1566" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1566" }, { "trust": 0.3, "url": "https://sourceforge.net/projects/guacamole/" } ], "sources": [ { "db": "BID", "id": "96366" }, { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "NVD", "id": "CVE-2016-1566" }, { "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "96366" }, { "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "db": "NVD", "id": "CVE-2016-1566" }, { "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-02-02T00:00:00", "db": "BID", "id": "96366" }, { "date": "2017-02-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "date": "2017-02-02T15:59:00.140000", "db": "NVD", "id": "CVE-2016-1566" }, { "date": "2017-02-03T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-03-07T02:06:00", "db": "BID", "id": "96366" }, { "date": "2017-02-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-007113" }, { "date": "2021-05-07T18:33:45.173000", "db": "NVD", "id": "CVE-2016-1566" }, { "date": "2021-05-08T00:00:00", "db": "CNNVD", "id": "CNNVD-201702-008" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201702-008" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guacamole File browser cross-site scripting vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2016-007113" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201702-008" } ], "trust": 0.6 } }
var-202007-1188
Vulnerability from variot
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. Apache Guacamole Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH.
There are security vulnerabilities in Apache Guacamole 1.1.0 and earlier versions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1188", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.1.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "guacamole", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "1.1.0" }, { "model": "guacamole", "scope": "lte", "trust": 0.6, "vendor": "apache", "version": "\u003c=1.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "NVD", "id": "CVE-2020-9498" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9498" } ] }, "cve": "CVE-2020-9498", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 1.9, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.2, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "JVNDB-2020-007465", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 1.9, "id": "CNVD-2020-41808", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.7, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007465", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9498", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-007465", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-41808", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202007-134", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "NVD", "id": "CVE-2020-9498" }, { "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. Apache Guacamole Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. \n\r\n\r\nThere are security vulnerabilities in Apache Guacamole 1.1.0 and earlier versions", "sources": [ { "db": "NVD", "id": "CVE-2020-9498" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "CNVD", "id": "CNVD-2020-41808" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9498", "trust": 3.0 }, { "db": "PULSESECURE", "id": "SA44525", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2020-007465", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-41808", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2289", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3925", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47095", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-134", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "NVD", "id": "CVE-2020-9498" }, { "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "id": "VAR-202007-1188", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" } ], "trust": 0.90092594 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" } ] }, "last_update_date": "2023-12-18T12:42:50.622000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling (r26fb17)", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc@%3cannounce.apache.org%3e" }, { "title": "[SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling (rff824b)", "trust": 0.8, "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3cannounce.guacamole.apache.org%3e" }, { "title": "Patch for Apache Guacamole buffer overflow vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/226411" }, { "title": "Apache Guacamole Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123481" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "CWE-119", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "NVD", "id": "CVE-2020-9498" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9498" }, { "trust": 1.6, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44525" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3cannounce.guacamole.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "trust": 1.6, "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3cannounce.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc%40%3cannounce.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3cannounce.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tvv5k2x4exsavuul7ij3muj3adwmvsbm/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wns7uhbofv6jhwh5xoezte3bregrssq3/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9498" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3cannounce.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wns7uhbofv6jhwh5xoezte3bregrssq3/" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tvv5k2x4exsavuul7ij3muj3adwmvsbm/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3cannounce.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc@%3cannounce.apache.org%3e" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-guacamole-memory-corruption-via-rdp-server-static-virtual-channels-33845" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3925/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47095" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2289/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41808" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "NVD", "id": "CVE-2020-9498" }, { "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-41808" }, { "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "db": "NVD", "id": "CVE-2020-9498" }, { "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-41808" }, { "date": "2020-08-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "date": "2020-07-02T13:15:11.090000", "db": "NVD", "id": "CVE-2020-9498" }, { "date": "2020-07-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-23T00:00:00", "db": "CNVD", "id": "CNVD-2020-41808" }, { "date": "2020-08-14T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007465" }, { "date": "2023-11-07T03:26:56.067000", "db": "NVD", "id": "CVE-2020-9498" }, { "date": "2021-02-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-134" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-134" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole Buffer error vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007465" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-134" } ], "trust": 0.6 } }
var-202201-0850
Vulnerability from variot
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. Apache Guacamole There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0850", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "eq", "trust": 2.4, "vendor": "apache", "version": "1.2.0" }, { "model": "guacamole", "scope": "eq", "trust": 2.4, "vendor": "apache", "version": "1.3.0" }, { "model": "guacamole", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "NVD", "id": "CVE-2021-43999" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-43999" } ] }, "cve": "CVE-2021-43999", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-43999", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "CNVD-2022-04989", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-43999", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-43999", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-04989", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202201-892", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "NVD", "id": "CVE-2021-43999" }, { "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. Apache Guacamole There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. No detailed vulnerability details are currently provided", "sources": [ { "db": "NVD", "id": "CVE-2021-43999" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "CNVD", "id": "CNVD-2022-04989" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-43999", "trust": 3.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2022/01/11/7", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2022-002969", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-04989", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011217", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-892", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "NVD", "id": "CVE-2021-43999" }, { "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "id": "VAR-202201-0850", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" } ], "trust": 0.90092594 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" } ] }, "last_update_date": "2023-12-18T12:16:00.378000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Improper\u00a0validation\u00a0of\u00a0SAML\u00a0responses", "trust": 0.8, "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" }, { "title": "Patch for Apache Guacamole Authorization Issue Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/314441" }, { "title": "Apache Guacamole Remediation measures for authorization problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=178164" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.0 }, { "problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "NVD", "id": "CVE-2021-43999" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7" }, { "trust": 1.6, "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-43999" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011217" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04989" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "NVD", "id": "CVE-2021-43999" }, { "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-04989" }, { "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "db": "NVD", "id": "CVE-2021-43999" }, { "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-19T00:00:00", "db": "CNVD", "id": "CNVD-2022-04989" }, { "date": "2023-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "date": "2022-01-11T22:15:07.627000", "db": "NVD", "id": "CVE-2021-43999" }, { "date": "2022-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-19T00:00:00", "db": "CNVD", "id": "CNVD-2022-04989" }, { "date": "2023-02-01T04:54:00", "db": "JVNDB", "id": "JVNDB-2022-002969" }, { "date": "2022-01-14T16:16:49.483000", "db": "NVD", "id": "CVE-2021-43999" }, { "date": "2022-01-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-892" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-892" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache\u00a0Guacamole\u00a0 Authentication vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002969" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-892" } ], "trust": 0.6 } }
var-202312-0504
Vulnerability from variot
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.
Users are recommended to upgrade to version 1.5.4, which fixes this issue.
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202312-0504", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.5.3" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43826" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.5.3", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43826" } ] }, "cve": "CVE-2023-43826", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "security@apache.org", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-43826", "trust": 1.0, "value": "HIGH" }, { "author": "security@apache.org", "id": "CVE-2023-43826", "trust": 1.0, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43826" }, { "db": "NVD", "id": "CVE-2023-43826" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n", "sources": [ { "db": "NVD", "id": "CVE-2023-43826" } ], "trust": 1.0 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "OPENWALL", "id": "OSS-SECURITY/2023/12/19/4", "trust": 1.0 }, { "db": "NVD", "id": "CVE-2023-43826", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43826" } ] }, "id": "VAR-202312-0504", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-23T22:27:24.158000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-190", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43826" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4" }, { "trust": 1.0, "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-43826" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "NVD", "id": "CVE-2023-43826" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-19T20:15:08.300000", "db": "NVD", "id": "CVE-2023-43826" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-12-22T20:45:28.967000", "db": "NVD", "id": "CVE-2023-43826" } ] } }
var-202101-0068
Vulnerability from variot
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users. Apache Guacamole Is vulnerable to incorrect default permissions.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH.
An information disclosure vulnerability exists in Apache Guacamole 1.2.0 and earlier versions. No detailed vulnerability details are currently provided
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202101-0068", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.2.0" }, { "model": "guacamole", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": null }, { "model": "guacamole", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "1.2.0 and earlier" }, { "model": "guacamole", "scope": "lte", "trust": 0.6, "vendor": "apache", "version": "\u003c=1.2.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "NVD", "id": "CVE-2020-11997" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-11997" } ] }, "cve": "CVE-2020-11997", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2020-11997", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2021-11840", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2020-11997", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-11997", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-11840", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202101-1500", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "NVD", "id": "CVE-2020-11997" }, { "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users. Apache Guacamole Is vulnerable to incorrect default permissions.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. \n\r\n\r\nAn information disclosure vulnerability exists in Apache Guacamole 1.2.0 and earlier versions. No detailed vulnerability details are currently provided", "sources": [ { "db": "NVD", "id": "CVE-2020-11997" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "CNVD", "id": "CNVD-2021-11840" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-11997", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2020-015475", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-11840", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202101-1500", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "NVD", "id": "CVE-2020-11997" }, { "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "id": "VAR-202101-0068", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" } ], "trust": 0.90092594 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" } ] }, "last_update_date": "2023-12-18T12:27:04.500000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Inconsistent\u00a0restriction\u00a0of\u00a0connection\u00a0history\u00a0visibility", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3cannounce.guacamole.apache.org%3e" }, { "title": "Patch for Unidentified vulnerabilities in Apache Guacamole", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/248726" }, { "title": "Apache Guacamole Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139766" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-276", "trust": 1.0 }, { "problemtype": "Inappropriate default permissions (CWE-276) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "NVD", "id": "CVE-2020-11997" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3cannounce.guacamole.apache.org%3e" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11997" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-11840" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "NVD", "id": "CVE-2020-11997" }, { "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-11840" }, { "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "db": "NVD", "id": "CVE-2020-11997" }, { "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-22T00:00:00", "db": "CNVD", "id": "CNVD-2021-11840" }, { "date": "2021-09-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "date": "2021-01-19T22:15:12.317000", "db": "NVD", "id": "CVE-2020-11997" }, { "date": "2021-01-19T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-02-23T00:00:00", "db": "CNVD", "id": "CNVD-2021-11840" }, { "date": "2021-09-27T08:52:00", "db": "JVNDB", "id": "JVNDB-2020-015475" }, { "date": "2021-01-22T20:26:54.763000", "db": "NVD", "id": "CVE-2020-11997" }, { "date": "2021-01-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202101-1500" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1500" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache\u00a0Guacamole\u00a0 Inappropriate Default Permission Vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-015475" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202101-1500" } ], "trust": 0.6 } }
var-201902-0547
Vulnerability from variot
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain. Apache Guacamole Contains an information disclosure vulnerability.Information may be obtained. Apache Guacamole is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Apache Guacamole 0.9.4 through 0.9.14 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0547", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "0.9.14" }, { "model": "guacamole", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "1.0.0" }, { "model": "guacamole", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "0.9.14" }, { "model": "guacamole", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "0.9.4" }, { "model": "guacamole", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "1.0" } ], "sources": [ { "db": "BID", "id": "106768" }, { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "NVD", "id": "CVE-2018-1340" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.14", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-1340" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ross Golder", "sources": [ { "db": "BID", "id": "106768" }, { "db": "CNNVD", "id": "CNNVD-201901-866" } ], "trust": 0.9 }, "cve": "CVE-2018-1340", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-1340", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-1340", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-1340", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201901-866", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "NVD", "id": "CVE-2018-1340" }, { "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain. Apache Guacamole Contains an information disclosure vulnerability.Information may be obtained. Apache Guacamole is prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. \nApache Guacamole 0.9.4 through 0.9.14 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2018-1340" }, { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "BID", "id": "106768" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-1340", "trust": 2.7 }, { "db": "BID", "id": "106768", "trust": 1.9 }, { "db": "JVNDB", "id": "JVNDB-2019-001971", "trust": 0.8 }, { "db": "NSFOCUS", "id": "43902", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201901-866", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "106768" }, { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "NVD", "id": "CVE-2018-1340" }, { "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "id": "VAR-201902-0547", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-18T13:02:21.023000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] CVE-2018-1340: Secure flag missing from Apache Guacamole session cookie", "trust": 0.8, "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3cannounce.guacamole.apache.org%3e" }, { "title": "Apache Guacamole Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88940" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-311", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "NVD", "id": "CVE-2018-1340" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/106768" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1340" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3cannounce.guacamole.apache.org%3e" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1340" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3cannounce.guacamole.apache.org%3e" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/43902" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-guacamole-information-disclosure-via-insecure-cookie-28734" }, { "trust": 0.3, "url": "https://seclists.org/oss-sec/2019/q1/90" }, { "trust": 0.3, "url": "http://www.apache.org/" }, { "trust": 0.3, "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201901.mbox/%3ccalkel-o+=rxbd0y+hsb9=y0n400a8sv2bikgzfnsjgxzipa-uq@mail.gmail.com%3e" } ], "sources": [ { "db": "BID", "id": "106768" }, { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "NVD", "id": "CVE-2018-1340" }, { "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "106768" }, { "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "db": "NVD", "id": "CVE-2018-1340" }, { "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-23T00:00:00", "db": "BID", "id": "106768" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "date": "2019-02-07T22:29:00.287000", "db": "NVD", "id": "CVE-2018-1340" }, { "date": "2019-01-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-01-23T00:00:00", "db": "BID", "id": "106768" }, { "date": "2019-03-29T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-001971" }, { "date": "2023-11-07T02:55:59.530000", "db": "NVD", "id": "CVE-2018-1340" }, { "date": "2019-10-23T00:00:00", "db": "CNNVD", "id": "CNNVD-201901-866" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-866" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole Vulnerable to information disclosure", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-001971" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-201901-866" } ], "trust": 0.6 } }
var-201912-1378
Vulnerability from variot
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. It exists that SQLite incorrectly handled certain corruped schemas. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740). Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: sqlite security update Advisory ID: RHSA-2021:4396-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4396 Issue date: 2021-11-09 CVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-19603 CVE-2020-13435 ==================================================================== 1. Summary:
An update for sqlite is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
- Description:
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
Security Fix(es):
-
sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827)
-
sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750)
-
sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)
-
sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603)
-
sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1706805 - CVE-2019-5827 sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces 1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode 1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records 1785318 - CVE-2019-19603 sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS 1841231 - CVE-2020-13435 sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
aarch64: lemon-3.26.0-15.el8.aarch64.rpm lemon-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-debugsource-3.26.0-15.el8.aarch64.rpm sqlite-libs-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.aarch64.rpm
ppc64le: lemon-3.26.0-15.el8.ppc64le.rpm lemon-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-debugsource-3.26.0-15.el8.ppc64le.rpm sqlite-libs-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.ppc64le.rpm
s390x: lemon-3.26.0-15.el8.s390x.rpm lemon-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-debugsource-3.26.0-15.el8.s390x.rpm sqlite-libs-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.s390x.rpm
x86_64: lemon-3.26.0-15.el8.x86_64.rpm lemon-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-debugsource-3.26.0-15.el8.x86_64.rpm sqlite-libs-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source: sqlite-3.26.0-15.el8.src.rpm
aarch64: lemon-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-3.26.0-15.el8.aarch64.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-debugsource-3.26.0-15.el8.aarch64.rpm sqlite-devel-3.26.0-15.el8.aarch64.rpm sqlite-libs-3.26.0-15.el8.aarch64.rpm sqlite-libs-debuginfo-3.26.0-15.el8.aarch64.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.aarch64.rpm
noarch: sqlite-doc-3.26.0-15.el8.noarch.rpm
ppc64le: lemon-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-3.26.0-15.el8.ppc64le.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-debugsource-3.26.0-15.el8.ppc64le.rpm sqlite-devel-3.26.0-15.el8.ppc64le.rpm sqlite-libs-3.26.0-15.el8.ppc64le.rpm sqlite-libs-debuginfo-3.26.0-15.el8.ppc64le.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.ppc64le.rpm
s390x: lemon-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-3.26.0-15.el8.s390x.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-debugsource-3.26.0-15.el8.s390x.rpm sqlite-devel-3.26.0-15.el8.s390x.rpm sqlite-libs-3.26.0-15.el8.s390x.rpm sqlite-libs-debuginfo-3.26.0-15.el8.s390x.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.s390x.rpm
x86_64: lemon-debuginfo-3.26.0-15.el8.i686.rpm lemon-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-3.26.0-15.el8.i686.rpm sqlite-3.26.0-15.el8.x86_64.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.i686.rpm sqlite-analyzer-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-debuginfo-3.26.0-15.el8.i686.rpm sqlite-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-debugsource-3.26.0-15.el8.i686.rpm sqlite-debugsource-3.26.0-15.el8.x86_64.rpm sqlite-devel-3.26.0-15.el8.i686.rpm sqlite-devel-3.26.0-15.el8.x86_64.rpm sqlite-libs-3.26.0-15.el8.i686.rpm sqlite-libs-3.26.0-15.el8.x86_64.rpm sqlite-libs-debuginfo-3.26.0-15.el8.i686.rpm sqlite-libs-debuginfo-3.26.0-15.el8.x86_64.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.i686.rpm sqlite-tcl-debuginfo-3.26.0-15.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYYrcp9zjgjWX9erEAQh4VRAAjQa5rkkS0W4z5i8wkU7fmG5l2rfSAOzu ZuhbW2qZ0rGM60jVIkbin6Mw2corOw7FUIWUFxbqv0uD68HFnD9nS+D6DH9nDlJw WsPw6cZnNYhIl4HotGR+34w0mf+5Ld3yJMbAujT7avKV5RMb/qcsr8B42EF1ZX5F tcyriGtur+rKfDOPdeOtZZxTXFAmrlJftwiMViTskZPINmfoT4nutMv4WHCevEu7 cEDJih1x+UsS4cOPfeqBNFYxIFIZun0f6W9VWGZSOz/s06FDbuNY60/tLulU9jDx JzAwKKl1P/nK1u8fKD0prFmsQluqR7fbrpLEbxz3jdK+nRTaxNrni99PYbJhVG9o krCC7AwmSLFH2nGTyOU+/U81yrba5BYXEsb576CM4n0wtumtDJ6n9EITAt7JB90D iS53SxBkZH0YXhAe3vrzu7m8Snz/5wX2eeN1kSfZDMg57xil0tmvLdCtBaVw6sGs ehv5N9tGT+tvCz9BhXdhsbCJWyuFKaQ0XbZmRSrgHrkTZoOdgtTsmJ8tZ1xeFBeS YmS0qXEfAAChNzU4YKhe/JYIdEr6D2mILe1Ojcj6b6m4ja7xJmvPmnv4j2Qt1A21 R+TOyTEHp12WxFo8QlX0o/F1wMrluR4Nss5YXPCmpkpntlaXBg8n5tcPmq5Vb9kg u4IzYbfFiTQ=6X4Z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console — with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
CVE-2021-3795 semver-regex: inefficient regular expression complexity
-
CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747
Related bugs:
-
RHACM 2.2.10 images (Bugzilla #2013652)
-
Bugs fixed (https://bugzilla.redhat.com/):
2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747 2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity 2013652 - RHACM 2.2.10 images
- Description:
Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provides a multicloud data management service with an S3 compatible API.
Bug Fix(es):
-
Previously, when the namespace store target was deleted, no alert was sent to the namespace bucket because of an issue in calculating the namespace bucket health. With this update, the issue in calculating the namespace bucket health is fixed and alerts are triggered as expected. (BZ#1993873)
-
Previously, the Multicloud Object Gateway (MCG) components performed slowly and there was a lot of pressure on the MCG components due to non-optimized database queries. With this update the non-optimized database queries are fixed which reduces the compute resources and time taken for queries. Bugs fixed (https://bugzilla.redhat.com/):
1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore's target bucket is deleted 2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input
- Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option 1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1857 - OpenShift Alerting Rules Style-Guide Compliance LOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM LOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
- Bugs fixed (https://bugzilla.redhat.com/):
1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
All OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Solution:
For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint
2042652 - Unable to deploy hw-event-proxy operator
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
2047308 - Remove metrics and events for master port offsets
2055049 - No pre-caching for NFD images
2055436 - nfd-master tracking the wrong api group
2055439 - nfd-master tracking the wrong api group (operand)
2057569 - nfd-worker: drop 'custom-' prefix from matchFeatures custom rules
2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag
2062849 - hw event proxy is not binding on ipv6 local address
2066860 - Wrong spec in NFD documentation under operand
2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp
2067312 - PPT event source is lost when received by the consumer
2077243 - NFD os release label lost after upgrade to ocp 4.10.6
2087511 - NFD SkipRange is wrong causing OLM install problems
2089962 - Node feature Discovery operator installation failed.
2090774 - Add Readme to plugin directory
2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201912-1378", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sqlite", "scope": "eq", "trust": 1.0, "vendor": "sqlite", "version": "3.30.1" }, { "model": "guacamole", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "1.3.0" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.19" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "sinec infrastructure network services", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null } ], "sources": [ { "db": "NVD", "id": "CVE-2019-19603" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.19", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-19603" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "164829" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165096" }, { "db": "PACKETSTORM", "id": "165002" }, { "db": "PACKETSTORM", "id": "165758" }, { "db": "PACKETSTORM", "id": "168036" } ], "trust": 1.0 }, "cve": "CVE-2019-19603", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-19603", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-19603", "trust": 1.0, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-19603", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19603" }, { "db": "NVD", "id": "CVE-2019-19603" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. It exists that SQLite incorrectly handled certain corruped schemas. \nAn attacker could possibly use this issue to cause a denial of service. \nThis issue only affected Ubuntu 18.04 LTS. (CVE-2018-8740). Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1971 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: sqlite security update\nAdvisory ID: RHSA-2021:4396-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:4396\nIssue date: 2021-11-09\nCVE Names: CVE-2019-5827 CVE-2019-13750 CVE-2019-13751\n CVE-2019-19603 CVE-2020-13435\n====================================================================\n1. Summary:\n\nAn update for sqlite is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. Description:\n\nSQLite is a C library that implements an SQL database engine. A large\nsubset of SQL92 is supported. A complete database is stored in a single\ndisk file. The API is designed for convenience and ease of use. \nApplications that link against SQLite can enjoy the power and flexibility\nof an SQL database without the administrative hassles of supporting a\nseparate database server. \n\nSecurity Fix(es):\n\n* sqlite: out-of-bounds access due to the use of 32-bit memory allocator\ninterfaces (CVE-2019-5827)\n\n* sqlite: dropping of shadow tables not restricted in defensive mode\n(CVE-2019-13750)\n\n* sqlite: fts3: improve detection of corrupted records (CVE-2019-13751)\n\n* sqlite: mishandling of certain SELECT statements with non-existent VIEW\ncan lead to DoS (CVE-2019-19603)\n\n* sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()\n(CVE-2020-13435)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1706805 - CVE-2019-5827 sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces\n1781997 - CVE-2019-13750 sqlite: dropping of shadow tables not restricted in defensive mode\n1781998 - CVE-2019-13751 sqlite: fts3: improve detection of corrupted records\n1785318 - CVE-2019-19603 sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS\n1841231 - CVE-2020-13435 sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nlemon-3.26.0-15.el8.aarch64.rpm\nlemon-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-debugsource-3.26.0-15.el8.aarch64.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.aarch64.rpm\n\nppc64le:\nlemon-3.26.0-15.el8.ppc64le.rpm\nlemon-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-debugsource-3.26.0-15.el8.ppc64le.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.ppc64le.rpm\n\ns390x:\nlemon-3.26.0-15.el8.s390x.rpm\nlemon-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-debugsource-3.26.0-15.el8.s390x.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.s390x.rpm\n\nx86_64:\nlemon-3.26.0-15.el8.x86_64.rpm\nlemon-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-debugsource-3.26.0-15.el8.x86_64.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nsqlite-3.26.0-15.el8.src.rpm\n\naarch64:\nlemon-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-3.26.0-15.el8.aarch64.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-debugsource-3.26.0-15.el8.aarch64.rpm\nsqlite-devel-3.26.0-15.el8.aarch64.rpm\nsqlite-libs-3.26.0-15.el8.aarch64.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.aarch64.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.aarch64.rpm\n\nnoarch:\nsqlite-doc-3.26.0-15.el8.noarch.rpm\n\nppc64le:\nlemon-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-3.26.0-15.el8.ppc64le.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-debugsource-3.26.0-15.el8.ppc64le.rpm\nsqlite-devel-3.26.0-15.el8.ppc64le.rpm\nsqlite-libs-3.26.0-15.el8.ppc64le.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.ppc64le.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.ppc64le.rpm\n\ns390x:\nlemon-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-3.26.0-15.el8.s390x.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-debugsource-3.26.0-15.el8.s390x.rpm\nsqlite-devel-3.26.0-15.el8.s390x.rpm\nsqlite-libs-3.26.0-15.el8.s390x.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.s390x.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.s390x.rpm\n\nx86_64:\nlemon-debuginfo-3.26.0-15.el8.i686.rpm\nlemon-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-3.26.0-15.el8.i686.rpm\nsqlite-3.26.0-15.el8.x86_64.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.i686.rpm\nsqlite-analyzer-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-debuginfo-3.26.0-15.el8.i686.rpm\nsqlite-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-debugsource-3.26.0-15.el8.i686.rpm\nsqlite-debugsource-3.26.0-15.el8.x86_64.rpm\nsqlite-devel-3.26.0-15.el8.i686.rpm\nsqlite-devel-3.26.0-15.el8.x86_64.rpm\nsqlite-libs-3.26.0-15.el8.i686.rpm\nsqlite-libs-3.26.0-15.el8.x86_64.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.i686.rpm\nsqlite-libs-debuginfo-3.26.0-15.el8.x86_64.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.i686.rpm\nsqlite-tcl-debuginfo-3.26.0-15.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5827\nhttps://access.redhat.com/security/cve/CVE-2019-13750\nhttps://access.redhat.com/security/cve/CVE-2019-13751\nhttps://access.redhat.com/security/cve/CVE-2019-19603\nhttps://access.redhat.com/security/cve/CVE-2020-13435\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYYrcp9zjgjWX9erEAQh4VRAAjQa5rkkS0W4z5i8wkU7fmG5l2rfSAOzu\nZuhbW2qZ0rGM60jVIkbin6Mw2corOw7FUIWUFxbqv0uD68HFnD9nS+D6DH9nDlJw\nWsPw6cZnNYhIl4HotGR+34w0mf+5Ld3yJMbAujT7avKV5RMb/qcsr8B42EF1ZX5F\ntcyriGtur+rKfDOPdeOtZZxTXFAmrlJftwiMViTskZPINmfoT4nutMv4WHCevEu7\ncEDJih1x+UsS4cOPfeqBNFYxIFIZun0f6W9VWGZSOz/s06FDbuNY60/tLulU9jDx\nJzAwKKl1P/nK1u8fKD0prFmsQluqR7fbrpLEbxz3jdK+nRTaxNrni99PYbJhVG9o\nkrCC7AwmSLFH2nGTyOU+/U81yrba5BYXEsb576CM4n0wtumtDJ6n9EITAt7JB90D\niS53SxBkZH0YXhAe3vrzu7m8Snz/5wX2eeN1kSfZDMg57xil0tmvLdCtBaVw6sGs\nehv5N9tGT+tvCz9BhXdhsbCJWyuFKaQ0XbZmRSrgHrkTZoOdgtTsmJ8tZ1xeFBeS\nYmS0qXEfAAChNzU4YKhe/JYIdEr6D2mILe1Ojcj6b6m4ja7xJmvPmnv4j2Qt1A21\nR+TOyTEHp12WxFo8QlX0o/F1wMrluR4Nss5YXPCmpkpntlaXBg8n5tcPmq5Vb9kg\nu4IzYbfFiTQ=6X4Z\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n2019088 - \"MigrationController\" CR displays syntax error when unquiescing applications\n2021666 - Route name longer than 63 characters causes direct volume migration to fail\n2021668 - \"MigrationController\" CR ignores the \"cluster_subdomain\" value for direct volume migration routes\n2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)\n2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image\n2027196 - \"migration-controller\" pod goes into \"CrashLoopBackoff\" state if an invalid registry route is entered on the \"Clusters\" page of the web console\n2027382 - \"Copy oc describe/oc logs\" window does not close automatically after timeout\n2028841 - \"rsync-client\" container fails during direct volume migration with \"Address family not supported by protocol\" error\n2031793 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"includedResources\" resource\n2039852 - \"migration-controller\" pod goes into \"CrashLoopBackOff\" state if \"MigPlan\" CR contains an invalid \"destMigClusterRef\" or \"srcMigClusterRef\"\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. \n\nClusters and applications are all visible and managed from a single console\n\u2014 with security policy built in. See the following Release Notes documentation, which\nwill be updated shortly for this release, for additional details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes: \n\n* CVE-2021-3795 semver-regex: inefficient regular expression complexity\n\n* CVE-2021-23440 nodejs-set-value: type confusion allows bypass of\nCVE-2019-10747\n\nRelated bugs: \n\n* RHACM 2.2.10 images (Bugzilla #2013652)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2004944 - CVE-2021-23440 nodejs-set-value: type confusion allows bypass of CVE-2019-10747\n2006009 - CVE-2021-3795 semver-regex: inefficient regular expression complexity\n2013652 - RHACM 2.2.10 images\n\n5. Description:\n\nRed Hat OpenShift Container Storage is software-defined storage integrated\nwith and optimized for the Red Hat OpenShift Container Platform. \nRed Hat OpenShift Container Storage is highly scalable, production-grade\npersistent storage for stateful applications running in the Red Hat\nOpenShift Container Platform. In addition to persistent storage, Red Hat\nOpenShift Container Storage provides a multicloud data management service\nwith an S3 compatible API. \n\nBug Fix(es):\n\n* Previously, when the namespace store target was deleted, no alert was\nsent to the namespace bucket because of an issue in calculating the\nnamespace bucket health. With this update, the issue in calculating the\nnamespace bucket health is fixed and alerts are triggered as expected. \n(BZ#1993873)\n\n* Previously, the Multicloud Object Gateway (MCG) components performed\nslowly and there was a lot of pressure on the MCG components due to\nnon-optimized database queries. With this update the non-optimized\ndatabase queries are fixed which reduces the compute resources and time\ntaken for queries. Bugs fixed (https://bugzilla.redhat.com/):\n\n1993873 - [4.8.z clone] Alert NooBaaNamespaceBucketErrorState is not triggered when namespacestore\u0027s target bucket is deleted\n2006958 - CVE-2020-26301 nodejs-ssh2: Command injection by calling vulnerable method with untrusted input\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option\n1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1857 - OpenShift Alerting Rules Style-Guide Compliance\nLOG-1904 - [release-5.2] Fix the Display of ClusterLogging type in OLM\nLOG-1916 - [release-5.2] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet\n1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic\n\n5. \n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n3. Solution:\n\nFor OpenShift Container Platform 4.11 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2042536 - OCP 4.10: nfd-topology-updater daemonset fails to get created on worker nodes - forbidden: unable to validate against any security context constraint\n2042652 - Unable to deploy hw-event-proxy operator\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2047308 - Remove metrics and events for master port offsets\n2055049 - No pre-caching for NFD images\n2055436 - nfd-master tracking the wrong api group\n2055439 - nfd-master tracking the wrong api group (operand)\n2057569 - nfd-worker: drop \u0027custom-\u0027 prefix from matchFeatures custom rules\n2058256 - LeaseDuration for NFD Operator seems to be rather small, causing Operator restarts when running etcd defrag\n2062849 - hw event proxy is not binding on ipv6 local address\n2066860 - Wrong spec in NFD documentation under `operand`\n2066887 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2066889 - Dependabot alert: Path traversal in github.com/valyala/fasthttp\n2067312 - PPT event source is lost when received by the consumer\n2077243 - NFD os release label lost after upgrade to ocp 4.10.6\n2087511 - NFD SkipRange is wrong causing OLM install problems\n2089962 - Node feature Discovery operator installation failed. \n2090774 - Add Readme to plugin directory\n2091106 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2091142 - Dependabot alert: Unhandled exception in gopkg.in/yaml.v3\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5", "sources": [ { "db": "NVD", "id": "CVE-2019-19603" }, { "db": "VULMON", "id": "CVE-2019-19603" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "164829" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165096" }, { "db": "PACKETSTORM", "id": "165002" }, { "db": "PACKETSTORM", "id": "165758" }, { "db": "PACKETSTORM", "id": "168036" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-19603", "trust": 2.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.1 }, { "db": "ICS CERT", "id": "ICSA-22-069-09", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-19603", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165286", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165288", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164829", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165631", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166309", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165209", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165096", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165002", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "165758", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168036", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19603" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "164829" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165096" }, { "db": "PACKETSTORM", "id": "165002" }, { "db": "PACKETSTORM", "id": "165758" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "NVD", "id": "CVE-2019-19603" } ] }, "id": "VAR-201912-1378", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2024-07-23T20:30:53.083000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Ubuntu Security Notice: sqlite3 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4394-1" }, { "title": "Brocade Security Advisories: Access Denied", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=bbc2d81915e62aea24eef98c1d809792" }, { "title": "Red Hat: Moderate: Release of OpenShift Serverless 1.20.0", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220434 - security advisory" }, { "title": "Red Hat: Important: Release of containers for OSP 16.2 director operator tech preview", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220842 - security advisory" }, { "title": "Red Hat: Moderate: Gatekeeper Operator v0.2 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221081 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220318 - security advisory" }, { "title": "Red Hat: Important: Red Hat OpenShift GitOps security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220580 - security advisory" }, { "title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20220856 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225070 - security advisory" }, { "title": "Red Hat: Important: Migration Toolkit for Containers (MTC) 1.7.4 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226429 - security advisory" }, { "title": "Red Hat: Important: OpenShift Virtualization 4.11.0 Images security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20226526 - security advisory" }, { "title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20221396 - security advisory" }, { "title": "Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20225069 - security advisory" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4a9822530e6b610875f83ffc10e02aba" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "xyz-solutions", "trust": 0.1, "url": "https://github.com/sauliuspr/xyz-solutions " }, { "title": "snykout", "trust": 0.1, "url": "https://github.com/garethr/snykout " }, { "title": "", "trust": 0.1, "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19603" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2019-19603" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.2, "url": "https://usn.ubuntu.com/4394-1/" }, { "trust": 1.1, "url": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13" }, { "trust": 1.1, "url": "https://www.sqlite.org/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20191223-0001/" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3cissues.guacamole.apache.org%3e" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2020-13435" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2019-5827" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2019-13751" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2019-19603" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603" }, { "trust": 1.0, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 1.0, "url": "https://bugzilla.redhat.com/):" }, { "trust": 1.0, "url": "https://access.redhat.com/security/cve/cve-2019-13750" }, { "trust": 1.0, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-24370" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-17594" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-36086" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-36084" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-36087" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-20232" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-20838" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-20231" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2020-14155" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-36085" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-17595" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-18218" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2021-3580" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3200" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-27645" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-33574" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-35942" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3572" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-12762" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-22898" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2020-16135" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3800" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3445" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-22925" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-33560" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-28153" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3426" }, { "trust": 0.8, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-20266" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-42574" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-3778" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-3796" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2021-3712" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20231" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20232" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-43527" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2020-14145" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.4, "url": "https://issues.jboss.org/):" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27645" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20266" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35522" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35524" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20673" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25012" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35521" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-17541" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36331" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-20673" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36330" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-36332" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-3481" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25009" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-25010" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-35523" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-28153" }, { "trust": 0.2, "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-37136" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-44228" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-37137" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-21409" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.9/logging/cluster-logging-upgrading.html" }, { "trust": 0.2, "url": "https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20317" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-43267" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-3733" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33938" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33929" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33928" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-33930" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20271" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/index" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2022-24407" }, { "trust": 0.2, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-20095" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-28493" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-42771" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28493" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5128" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4396" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3575" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30758" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5727" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-41617" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30689" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30682" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10001" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-18032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1801" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1765" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26927" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20847" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27918" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-5785" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5727" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30744" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-20321" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-21779" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10001" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3948" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27828" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1871" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29338" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30734" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26926" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28650" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24870" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-1789" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30663" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-30799" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3272" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0202" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15389" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27824" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0185" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22942" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3564" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25710" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-0920" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4122" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40346" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0330" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0856" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25214" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0465" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-25709" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4019" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4192" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0155" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3984" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3573" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4193" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25214" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-0920" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3872" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-39241" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3521" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-36385" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:5038" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3795" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-36385" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20271" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20317" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23440" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26301" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26301" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-28957" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8037" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20095" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23369" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23383" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23369" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23383" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4032" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3445" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distr_tracing_install/distr-tracing-updating.html" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/latest/distr_tracing/distributed-tracing-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:0318" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33574" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29923" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3200" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33560" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-36221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29923" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3426" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-28327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27776" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:5068" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27774" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-4189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1271" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1629" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3634" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-38561" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24921" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25313" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27191" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-29824" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23772" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23177" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1621" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-27782" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3737" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-21698" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-22576" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1706" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18874" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-40528" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31566" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-25314" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23806" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-1729" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:5070" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-25032" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-23773" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-24675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2022-0778" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-19603" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "164829" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165096" }, { "db": "PACKETSTORM", "id": "165002" }, { "db": "PACKETSTORM", "id": "165758" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "NVD", "id": "CVE-2019-19603" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-19603" }, { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "164829" }, { "db": "PACKETSTORM", "id": "165631" }, { "db": "PACKETSTORM", "id": "166309" }, { "db": "PACKETSTORM", "id": "165209" }, { "db": "PACKETSTORM", "id": "165096" }, { "db": "PACKETSTORM", "id": "165002" }, { "db": "PACKETSTORM", "id": "165758" }, { "db": "PACKETSTORM", "id": "168036" }, { "db": "NVD", "id": "CVE-2019-19603" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-12-09T00:00:00", "db": "VULMON", "id": "CVE-2019-19603" }, { "date": "2021-12-15T15:20:33", "db": "PACKETSTORM", "id": "165286" }, { "date": "2021-12-15T15:22:36", "db": "PACKETSTORM", "id": "165288" }, { "date": "2021-11-10T17:03:12", "db": "PACKETSTORM", "id": "164829" }, { "date": "2022-01-20T17:48:29", "db": "PACKETSTORM", "id": "165631" }, { "date": "2022-03-15T15:44:21", "db": "PACKETSTORM", "id": "166309" }, { "date": "2021-12-09T14:50:37", "db": "PACKETSTORM", "id": "165209" }, { "date": "2021-11-29T18:12:32", "db": "PACKETSTORM", "id": "165096" }, { "date": "2021-11-17T15:25:40", "db": "PACKETSTORM", "id": "165002" }, { "date": "2022-01-28T14:33:13", "db": "PACKETSTORM", "id": "165758" }, { "date": "2022-08-10T15:54:58", "db": "PACKETSTORM", "id": "168036" }, { "date": "2019-12-09T19:15:14.710000", "db": "NVD", "id": "CVE-2019-19603" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2019-19603" }, { "date": "2023-11-07T03:07:43.340000", "db": "NVD", "id": "CVE-2019-19603" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2021-5128-06", "sources": [ { "db": "PACKETSTORM", "id": "165286" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "165286" }, { "db": "PACKETSTORM", "id": "165288" }, { "db": "PACKETSTORM", "id": "165096" }, { "db": "PACKETSTORM", "id": "165002" } ], "trust": 0.4 } }
var-202007-1187
Vulnerability from variot
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. Apache Guacamole There is an information leakage vulnerability in.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. Attackers can use this vulnerability to obtain information with the help of specially crafted PDUs
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202007-1187", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.1.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "guacamole", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "1.1.0" }, { "model": "guacamole", "scope": "lte", "trust": 0.6, "vendor": "apache", "version": "\u003c=1.1.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "NVD", "id": "CVE-2020-9497" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-9497" } ] }, "cve": "CVE-2020-9497", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 1.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 1.2, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-007363", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 1.9, "id": "CNVD-2020-41807", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Local", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.4, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-007363", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-9497", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-007363", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-41807", "trust": 0.6, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-202007-135", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "NVD", "id": "CVE-2020-9497" }, { "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. Apache Guacamole There is an information leakage vulnerability in.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Software Foundation. The product supports protocols such as VNC, RDP and SSH. Attackers can use this vulnerability to obtain information with the help of specially crafted PDUs", "sources": [ { "db": "NVD", "id": "CVE-2020-9497" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "CNVD", "id": "CNVD-2020-41807" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-9497", "trust": 3.0 }, { "db": "PULSESECURE", "id": "SA44525", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2020-007363", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2020-41807", "trust": 0.6 }, { "db": "NSFOCUS", "id": "47097", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3925", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2288", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202007-135", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "NVD", "id": "CVE-2020-9497" }, { "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "id": "VAR-202007-1187", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" } ], "trust": 0.90092594 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" } ] }, "last_update_date": "2023-12-18T12:42:50.657000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Re: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7@%3cuser.guacamole.apache.org%3e" }, { "title": "RE: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847@%3cuser.guacamole.apache.org%3e" }, { "title": "[SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels (r3f071d)", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f@%3cannounce.apache.org%3e" }, { "title": "[SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels (r65f75d3)", "trust": 0.8, "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3cannounce.guacamole.apache.org%3e" }, { "title": "Patch for Apache Guacamole Information Disclosure Vulnerability (CNVD-2020-41807)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/226399" }, { "title": "Apache Guacamole Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123280" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 }, { "problemtype": "CWE-200", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "NVD", "id": "CVE-2020-9497" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "trust": 1.6, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44525" }, { "trust": 1.6, "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3cannounce.guacamole.apache.org%3e" }, { "trust": 1.6, "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9497" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7%40%3cuser.guacamole.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3cannounce.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847%40%3cuser.guacamole.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f%40%3cannounce.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3cannounce.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/tvv5k2x4exsavuul7ij3muj3adwmvsbm/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wns7uhbofv6jhwh5xoezte3bregrssq3/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-9497" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847@%3cuser.guacamole.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3cannounce.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wns7uhbofv6jhwh5xoezte3bregrssq3/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7@%3cuser.guacamole.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/tvv5k2x4exsavuul7ij3muj3adwmvsbm/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f@%3cannounce.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3cannounce.apache.org%3e" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3925/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-guacamole-information-disclosure-via-rdp-server-32745" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/47097" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2288/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-41807" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "NVD", "id": "CVE-2020-9497" }, { "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-41807" }, { "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "db": "NVD", "id": "CVE-2020-9497" }, { "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-41807" }, { "date": "2020-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "date": "2020-07-02T13:15:10.997000", "db": "NVD", "id": "CVE-2020-9497" }, { "date": "2020-07-02T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-07-23T00:00:00", "db": "CNVD", "id": "CNVD-2020-41807" }, { "date": "2020-08-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-007363" }, { "date": "2023-11-07T03:26:55.990000", "db": "NVD", "id": "CVE-2020-9497" }, { "date": "2021-02-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202007-135" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-135" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-007363" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202007-135" } ], "trust": 0.6 } }
var-202306-0643
Vulnerability from variot
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0643", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "1.5.2" }, { "model": "guacamole", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "0.9.0" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30576" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.2", "versionStartIncluding": "0.9.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30576" } ] }, "cve": "CVE-2023-30576", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "security@apache.org", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30576", "trust": 1.0, "value": "HIGH" }, { "author": "security@apache.org", "id": "CVE-2023-30576", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202306-529", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30576" }, { "db": "NVD", "id": "CVE-2023-30576" }, { "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process", "sources": [ { "db": "NVD", "id": "CVE-2023-30576" }, { "db": "VULMON", "id": "CVE-2023-30576" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30576", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202306-529", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-30576", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30576" }, { "db": "NVD", "id": "CVE-2023-30576" }, { "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "id": "VAR-202306-0643", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-18T13:36:14.868000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache Guacamole Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=241776" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-416", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30576" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30576/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/416.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30576" }, { "db": "NVD", "id": "CVE-2023-30576" }, { "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-30576" }, { "db": "NVD", "id": "CVE-2023-30576" }, { "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-30576" }, { "date": "2023-06-07T09:15:10.080000", "db": "NVD", "id": "CVE-2023-30576" }, { "date": "2023-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-30576" }, { "date": "2023-06-14T14:33:16.713000", "db": "NVD", "id": "CVE-2023-30576" }, { "date": "2023-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-529" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-529" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole Resource Management Error Vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-529" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-529" } ], "trust": 0.6 } }
var-202201-0851
Vulnerability from variot
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection. Apache Guacamole There is a vulnerability related to information leakage.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. No detailed vulnerability details are currently available
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0851", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "1.3.0" }, { "model": "guacamole", "scope": "lte", "trust": 0.8, "vendor": "apache", "version": "1.3.0 and earlier" }, { "model": "guacamole", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": null }, { "model": "guacamole", "scope": "lte", "trust": 0.6, "vendor": "apache", "version": "\u003c=1.3.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "NVD", "id": "CVE-2021-41767" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.3.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-41767" } ] }, "cve": "CVE-2021-41767", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-41767", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2022-04988", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-41767", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-41767", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2022-04988", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202201-889", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "NVD", "id": "CVE-2021-41767" }, { "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection. Apache Guacamole There is a vulnerability related to information leakage.Information may be obtained. Apache Guacamole is a clientless remote desktop gateway of the Apache Foundation. The product supports protocols such as VNC, RDP and SSH. No detailed vulnerability details are currently available", "sources": [ { "db": "NVD", "id": "CVE-2021-41767" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "CNVD", "id": "CNVD-2022-04988" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-41767", "trust": 3.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2022/01/11/6", "trust": 2.4 }, { "db": "JVNDB", "id": "JVNDB-2022-002968", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-04988", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022011217", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202201-889", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "NVD", "id": "CVE-2021-41767" }, { "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "id": "VAR-202201-0851", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" } ], "trust": 0.90092594 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" } ] }, "last_update_date": "2023-12-18T12:16:00.403000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Private\u00a0tunnel\u00a0identifier\u00a0may\u00a0be\u00a0included\u00a0in\u00a0the\u00a0non-private\u00a0details\u00a0of\u00a0active\u00a0connections", "trust": 0.8, "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" }, { "title": "Patch for Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/314421" }, { "title": "Apache Guacamole Repair measures for information disclosure vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=177882" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "NVD", "id": "CVE-2021-41767" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6" }, { "trust": 1.6, "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41767" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011217" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-04988" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "NVD", "id": "CVE-2021-41767" }, { "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-04988" }, { "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "db": "NVD", "id": "CVE-2021-41767" }, { "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-19T00:00:00", "db": "CNVD", "id": "CNVD-2022-04988" }, { "date": "2023-02-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "date": "2022-01-11T22:15:07.570000", "db": "NVD", "id": "CVE-2021-41767" }, { "date": "2022-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-19T00:00:00", "db": "CNVD", "id": "CNVD-2022-04988" }, { "date": "2023-02-01T04:54:00", "db": "JVNDB", "id": "JVNDB-2022-002968" }, { "date": "2022-01-14T16:40:46.483000", "db": "NVD", "id": "CVE-2021-41767" }, { "date": "2022-01-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-889" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-889" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache\u00a0Guacamole\u00a0 Vulnerability regarding information leakage in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002968" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "information disclosure", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-889" } ], "trust": 0.6 } }
var-202306-0380
Vulnerability from variot
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202306-0380", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "1.5.2" } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30575" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.5.2", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30575" } ] }, "cve": "CVE-2023-30575", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "security@apache.org", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-30575", "trust": 1.0, "value": "HIGH" }, { "author": "security@apache.org", "id": "CVE-2023-30575", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202306-532", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30575" }, { "db": "NVD", "id": "CVE-2023-30575" }, { "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data", "sources": [ { "db": "NVD", "id": "CVE-2023-30575" }, { "db": "VULMON", "id": "CVE-2023-30575" } ], "trust": 0.99 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-30575", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-202306-532", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-30575", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30575" }, { "db": "NVD", "id": "CVE-2023-30575" }, { "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "id": "VAR-202306-0380", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-18T12:25:12.864000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Apache Guacamole Repair measures for injecting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=241778" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-131", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2023-30575" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-30575/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/74.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2023-30575" }, { "db": "NVD", "id": "CVE-2023-30575" }, { "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2023-30575" }, { "db": "NVD", "id": "CVE-2023-30575" }, { "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-30575" }, { "date": "2023-06-07T09:15:09.993000", "db": "NVD", "id": "CVE-2023-30575" }, { "date": "2023-06-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-06-07T00:00:00", "db": "VULMON", "id": "CVE-2023-30575" }, { "date": "2023-06-15T08:15:09.223000", "db": "NVD", "id": "CVE-2023-30575" }, { "date": "2023-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202306-532" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-532" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Guacamole Injection vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-532" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202306-532" } ], "trust": 0.6 } }
var-201801-0175
Vulnerability from variot
A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. Guacamole Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0175", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "guacamole", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "0.9.10-incubating" }, { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "0.9.9" }, { "model": "guacamole", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "0.9.5 to 0.9.10-incubating" }, { "model": "guacamole", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "0.9.9" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "NVD", "id": "CVE-2017-3158" }, { "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:guacamole:0.9.10-incubating:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.9", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-3158" } ] }, "cve": "CVE-2017-3158", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2017-3158", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2017-3158", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-3158", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201801-802", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2017-3158", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3158" }, { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "NVD", "id": "CVE-2017-3158" }, { "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. Guacamole Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state", "sources": [ { "db": "NVD", "id": "CVE-2017-3158" }, { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "VULMON", "id": "CVE-2017-3158" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-3158", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2018-001479", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201801-802", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2017-3158", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3158" }, { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "NVD", "id": "CVE-2017-3158" }, { "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "id": "VAR-201801-0175", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-18T12:57:08.953000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "[SECURITY] CVE-2017-3158: Buffer overflow in SSH/telnet terminal emulator", "trust": 0.8, "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3cuser.guacamole.apache.org%3e" }, { "title": "Apache Guacamole terminal emulator Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77979" }, { "title": "Debian CVElist Bug Report Logs: guacamole-client: CVE-2017-3158 race can cause buffer overflow", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b764724410d590230569ad5581bcf186" } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3158" }, { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "NVD", "id": "CVE-2017-3158" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.0, "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3cuser.guacamole.apache.org%3e" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3158" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-3158" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3cuser.guacamole.apache.org%3e" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/362.html" }, { "trust": 0.1, "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891798" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2017-3158" }, { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "NVD", "id": "CVE-2017-3158" }, { "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2017-3158" }, { "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "db": "NVD", "id": "CVE-2017-3158" }, { "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-01-18T00:00:00", "db": "VULMON", "id": "CVE-2017-3158" }, { "date": "2018-02-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "date": "2018-01-18T20:29:00.257000", "db": "NVD", "id": "CVE-2017-3158" }, { "date": "2018-01-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-02-05T00:00:00", "db": "VULMON", "id": "CVE-2017-3158" }, { "date": "2018-02-21T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-001479" }, { "date": "2023-11-07T02:44:03.947000", "db": "NVD", "id": "CVE-2017-3158" }, { "date": "2018-01-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201801-802" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-802" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guacamole Race condition vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-001479" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competitive condition", "sources": [ { "db": "CNNVD", "id": "CNNVD-201801-802" } ], "trust": 0.6 } }
var-201210-0342
Vulnerability from variot
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. libguac is prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201210-0342", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.6, "vendor": "fedoraproject", "version": "17" }, { "model": "fedora", "scope": "eq", "trust": 1.6, "vendor": "fedoraproject", "version": "16" }, { "model": "guacamole", "scope": "eq", "trust": 1.0, "vendor": "guac dev", "version": "0.5.0" }, { "model": "guacamole", "scope": "lte", "trust": 1.0, "vendor": "guac dev", "version": "0.6.2" }, { "model": "guacamole", "scope": "eq", "trust": 1.0, "vendor": "guac dev", "version": "0.6.0" }, { "model": "guacamole", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "0.6.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "NVD", "id": "CVE-2012-4415" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:guac-dev:guacamole:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.6.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:guac-dev:guacamole:0.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:guac-dev:guacamole:0.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:guac-dev:guacamole:0.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2012-4415" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Michael Jumper", "sources": [ { "db": "BID", "id": "55497" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ], "trust": 0.9 }, "cve": "CVE-2012-4415", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-4415", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2012-4415", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201209-507", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "NVD", "id": "CVE-2012-4415" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name. libguac is prone to a remote buffer-overflow vulnerability. \nAttackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions", "sources": [ { "db": "NVD", "id": "CVE-2012-4415" }, { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "BID", "id": "55497" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-4415", "trust": 2.7 }, { "db": "BID", "id": "55497", "trust": 1.9 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2012/09/11/3", "trust": 1.6 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2012/09/11/7", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2012-004659", "trust": 0.8 }, { "db": "FEDORA", "id": "FEDORA-2012-14179", "trust": 0.6 }, { "db": "FEDORA", "id": "FEDORA-2012-13914", "trust": 0.6 }, { "db": "FEDORA", "id": "FEDORA-2012-14097", "trust": 0.6 }, { "db": "MLIST", "id": "[OSS-SECURITY] 20120911 CVE ID REQUEST: GUACD", "trust": 0.6 }, { "db": "MLIST", "id": "[OSS-SECURITY] 20120911 RE: CVE ID REQUEST: GUACD", "trust": 0.6 }, { "db": "BUGTRAQ", "id": "20120924 CVE-2012-4415: GUACAMOLE LOCAL ROOT VULNERABILITY", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201209-507", "trust": 0.6 } ], "sources": [ { "db": "BID", "id": "55497" }, { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "NVD", "id": "CVE-2012-4415" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "id": "VAR-201210-0342", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.30092594 }, "last_update_date": "2023-12-18T13:29:56.173000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Changeset 7dcefa7 in libguac", "trust": 0.8, "url": "https://glyptodon.org/jira/projects/guac/issues/guac-1510?filter=allopenissues" }, { "title": "Top Page", "trust": 0.8, "url": "http://guacamole.apache.org/" }, { "title": "FEDORA-2012-14097", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088272.html" }, { "title": "FEDORA-2012-14179", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088218.html" }, { "title": "FEDORA-2012-13914", "trust": 0.8, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088031.html" }, { "title": "Bug 856743", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856743" }, { "title": "Fedora-17-x86_64-Live-Desktop", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44974" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "NVD", "id": "CVE-2012-4415" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac" }, { "trust": 1.6, "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0107.html" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088031.html" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088218.html" }, { "trust": 1.6, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-september/088272.html" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2012/09/11/3" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2012/09/11/7" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/55497" }, { "trust": 1.6, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=856743" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4415" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4415" }, { "trust": 0.3, "url": "http://guac-dev.org/libguac" }, { "trust": 0.3, "url": "/archive/1/524224" } ], "sources": [ { "db": "BID", "id": "55497" }, { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "NVD", "id": "CVE-2012-4415" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "55497" }, { "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "db": "NVD", "id": "CVE-2012-4415" }, { "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-09-11T00:00:00", "db": "BID", "id": "55497" }, { "date": "2012-10-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "date": "2012-10-01T03:26:16.210000", "db": "NVD", "id": "CVE-2012-4415" }, { "date": "2012-09-26T00:00:00", "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-04-13T20:58:00", "db": "BID", "id": "55497" }, { "date": "2012-10-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-004659" }, { "date": "2012-10-01T04:00:00", "db": "NVD", "id": "CVE-2012-4415" }, { "date": "2012-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201209-507" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201209-507" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Guacamole of libguac Vulnerable to stack-based buffer overflow", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-004659" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201209-507" } ], "trust": 0.6 } }
cve-2021-41767
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/01/11/6 | mailing-list, x_refsource_MLIST |
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: unspecified < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T03:15:29.360Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" }, { "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.3.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue." } ], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection." } ], "metrics": [ { "other": { "content": { "other": "moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-12T00:06:13", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" }, { "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6" } ], "source": { "discovery": "UNKNOWN" }, "title": "Private tunnel identifier may be included in the non-private details of active connections", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-41767", "STATE": "PUBLIC", "TITLE": "Private tunnel identifier may be included in the non-private details of active connections" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "1.3.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "moderate" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro", "refsource": "MISC", "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" }, { "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-41767", "datePublished": "2022-01-11T22:10:11", "dateReserved": "2021-09-28T00:00:00", "dateUpdated": "2024-08-04T03:15:29.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43826
Vulnerability from cvelistv5
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.0 (None) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: 0 ≤ 1.5.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.339Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.5.3", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Joseph Surin (Elttam)" }, { "lang": "en", "type": "reporter", "value": "Matt Jones (Elttam)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eApache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\u003c/div\u003e" } ], "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "A malicious Guacamole user has managed to compromise a VNC server to which they have already been granted access by a Guacamole administrator." } ] }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to compromise a VNC server that some other Guacamole user may access." }, { "lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to convince a Guacamole administrator to provide at least one Guacamole user with access to a malicious VNC server through social engineering." } ] }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "An attacker has sufficient privileges within Guacamole to create their own connections, and configures Guacamole to connect to a malicious/compromised VNC server." } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T19:50:15.188Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6" }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4" } ], "source": { "defect": [ "GUACAMOLE-1867" ], "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2023-09-22T03:08:00.000Z", "value": "Reported to security@guacamole.apache.org" }, { "lang": "en", "time": "2023-09-22T16:44:00.000Z", "value": "Report acknowledged by project" }, { "lang": "en", "time": "2023-09-22T21:42:00.000Z", "value": "Report confirmed by project" }, { "lang": "en", "time": "2023-10-26T17:36:00.000Z", "value": "Fix completed and merged" }, { "lang": "en", "time": "2023-10-27T00:15:00.000Z", "value": "Fix tested and confirmed by reporter" }, { "lang": "en", "time": "2023-12-08T01:00:00.000Z", "value": "Fix released" } ], "title": "Apache Guacamole: Integer overflow in handling of VNC image buffers", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-43826", "datePublished": "2023-12-19T19:50:15.188Z", "dateReserved": "2023-09-25T04:00:57.264Z", "dateUpdated": "2024-08-02T19:52:11.339Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-3158
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: Apache Guacamole 0.9.5 to 0.9.10-incubating |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T14:16:28.246Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Guacamole 0.9.5 to 0.9.10-incubating" } ] } ], "datePublic": "2018-01-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-18T19:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-01-15T00:00:00", "ID": "CVE-2017-3158", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_value": "Apache Guacamole 0.9.5 to 0.9.10-incubating" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-3158", "datePublished": "2018-01-18T20:00:00Z", "dateReserved": "2016-12-05T00:00:00", "dateUpdated": "2024-09-16T16:37:33.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-1340
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E | x_refsource_MISC | |
http://www.securityfocus.com/bid/106768 | vdb-entry, x_refsource_BID |
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: Apache Guacamole 0.9.4 to 0.9.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:39.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "106768", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/106768" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Guacamole 0.9.4 to 0.9.14" } ] } ], "datePublic": "2019-01-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain." } ], "problemTypes": [ { "descriptions": [ { "description": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-02-09T10:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "106768", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/106768" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2019-01-23T00:00:00", "ID": "CVE-2018-1340", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_value": "Apache Guacamole 0.9.4 to 0.9.14" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E" }, { "name": "106768", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106768" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1340", "datePublished": "2019-02-07T22:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-16T19:20:49.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-9498
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Apache Guacamole |
Version: Apache Guacamole 1.1.0 and older |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:34:39.028Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "[announce] 20200701 [SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc%40%3Cannounce.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2435-1] guacamole-server security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "name": "FEDORA-2020-bfde0ab889", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "name": "FEDORA-2020-640645e518", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Apache Guacamole 1.1.0 and older" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process." } ], "problemTypes": [ { "descriptions": [ { "description": "Expired Pointer Dereference", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:06:31", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "[announce] 20200701 [SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc%40%3Cannounce.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2435-1] guacamole-server security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "name": "FEDORA-2020-bfde0ab889", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "name": "FEDORA-2020-640645e518", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-9498", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_value": "Apache Guacamole 1.1.0 and older" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Expired Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "[announce] 20200701 [SECURITY] CVE-2020-9498: Apache Guacamole: Dangling pointer in RDP static virtual channel handling", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc@%3Cannounce.apache.org%3E" }, { "name": "https://research.checkpoint.com/2020/apache-guacamole-rce/", "refsource": "MISC", "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2435-1] guacamole-server security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "name": "FEDORA-2020-bfde0ab889", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "name": "FEDORA-2020-640645e518", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-9498", "datePublished": "2020-07-02T12:32:44", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2024-08-04T10:34:39.028Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30576
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6 | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: 0.9.10 ≤ 1.5.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:28:52.009Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "guacamole", "vendor": "apache", "versions": [ { "lessThanOrEqual": "1.5.1", "status": "affected", "version": "0.9.10", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-30576", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-10T14:40:13.451018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-10T14:43:27.765Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.5.1", "status": "affected", "version": "0.9.10", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Stefan Schiller (Sonar)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-07T08:06:54.840Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6" } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2023-04-11T12:51:00.000Z", "value": "Reported to security@guacamole.apache.org" }, { "lang": "en", "time": "2023-04-11T13:07:00.000Z", "value": "Report acknowledged by project" }, { "lang": "en", "time": "2023-04-11T17:46:00.000Z", "value": "Report confirmed by project" }, { "lang": "en", "time": "2023-05-08T20:01:00.000Z", "value": "Fix completed and merged" }, { "lang": "en", "time": "2023-05-09T08:32:00.000Z", "value": "Fix tested and confirmed by reporter" }, { "lang": "en", "time": "2023-05-25T03:19:00.000Z", "value": "Fix released" } ], "title": "Apache Guacamole: Use-after-free in handling of RDP audio input buffer", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-30576", "datePublished": "2023-06-07T08:06:54.840Z", "dateReserved": "2023-04-12T20:55:56.105Z", "dateUpdated": "2024-10-10T14:43:27.765Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30575
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv | vendor-advisory |
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: 0 ≤ 1.5.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:28:51.955Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30575", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-10T14:39:18.400824Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-10T14:39:33.936Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.5.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Stefan Schiller (Sonar)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\u003cbr\u003e\u003cbr\u003e" } ], "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131 Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-15T07:28:16.579Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv" } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2023-04-11T14:51:00.000Z", "value": "Reported to security@guacamole.apache.org" }, { "lang": "en", "time": "2023-04-11T15:07:00.000Z", "value": "Report acknowledged by project" }, { "lang": "en", "time": "2023-04-11T19:46:00.000Z", "value": "Report confirmed by project" }, { "lang": "en", "time": "2023-05-08T22:01:00.000Z", "value": "Fix completed and merged" }, { "lang": "en", "time": "2023-05-09T10:32:00.000Z", "value": "Fix tested and confirmed by reporter" }, { "lang": "en", "time": "2023-05-25T05:19:00.000Z", "value": "Fix released" } ], "title": "Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-30575", "datePublished": "2023-06-07T08:06:36.061Z", "dateReserved": "2023-04-12T20:53:54.616Z", "dateUpdated": "2024-10-10T14:39:33.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-43999
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9 | x_refsource_MISC | |
http://www.openwall.com/lists/oss-security/2022/01/11/7 | mailing-list, x_refsource_MLIST |
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Guacamole |
Version: 1.3.0 Version: 1.2.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:10:17.191Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" }, { "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "1.3.0" }, { "status": "affected", "version": "1.2.0" } ] } ], "credits": [ { "lang": "en", "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue." } ], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user." } ], "metrics": [ { "other": { "content": { "other": "high" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-12T00:06:11", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" }, { "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7" } ], "source": { "discovery": "UNKNOWN" }, "title": "Improper validation of SAML responses", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-43999", "STATE": "PUBLIC", "TITLE": "Improper validation of SAML responses" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_affected": "=", "version_value": "1.3.0" }, { "version_affected": "=", "version_value": "1.2.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ { "other": "high" } ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-287 Improper Authentication" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9", "refsource": "MISC", "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" }, { "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-43999", "datePublished": "2022-01-11T22:10:12", "dateReserved": "2021-11-18T00:00:00", "dateUpdated": "2024-08-04T04:10:17.191Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-1566
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T23:02:12.143Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-02-01T00:00:00", "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-02-02T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1566", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1566", "datePublished": "2017-02-02T15:00:00", "dateReserved": "2016-01-08T00:00:00", "dateUpdated": "2024-08-05T23:02:12.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-19603
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.sqlite.org/ | x_refsource_MISC | |
https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20191223-0001/ | x_refsource_CONFIRM | |
https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC | |
https://usn.ubuntu.com/4394-1/ | vendor-advisory, x_refsource_UBUNTU | |
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E | mailing-list, x_refsource_MLIST | |
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T02:25:11.223Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sqlite.org/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20191223-0001/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "USN-4394-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4394-1/" }, { "name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-08T14:07:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.sqlite.org/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20191223-0001/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "USN-4394-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4394-1/" }, { "name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-19603", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.sqlite.org/", "refsource": "MISC", "url": "https://www.sqlite.org/" }, { "name": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13", "refsource": "MISC", "url": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13" }, { "name": "https://security.netapp.com/advisory/ntap-20191223-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20191223-0001/" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "USN-4394-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4394-1/" }, { "name": "[guacamole-issues] 20210618 [jira] [Created] (GUACAMOLE-1368) Latest docker image fails security scans.", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-19603", "datePublished": "2019-12-09T18:44:06", "dateReserved": "2019-12-05T00:00:00", "dateUpdated": "2024-08-05T02:25:11.223Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-11997
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Apache Guacamole |
Version: Apache Guacamole 1.2.0 and older |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T11:48:57.093Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Apache Guacamole 1.2.0 and older" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-01-19T21:12:29", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-11997", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_value": "Apache Guacamole 1.2.0 and older" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-11997", "datePublished": "2021-01-19T21:12:29", "dateReserved": "2020-04-21T00:00:00", "dateUpdated": "2024-08-04T11:48:57.093Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-9497
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | Apache Guacamole |
Version: Apache Guacamole 1.1.0 and older |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:34:38.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "[announce] 20200701 [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f%40%3Cannounce.apache.org%3E" }, { "name": "[guacamole-user] 20200703 Re: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7%40%3Cuser.guacamole.apache.org%3E" }, { "name": "[guacamole-user] 20200703 RE: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847%40%3Cuser.guacamole.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2435-1] guacamole-server security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "name": "FEDORA-2020-bfde0ab889", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "name": "FEDORA-2020-640645e518", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Guacamole", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Apache Guacamole 1.1.0 and older" } ] } ], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:06:30", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "[announce] 20200701 [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f%40%3Cannounce.apache.org%3E" }, { "name": "[guacamole-user] 20200703 Re: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7%40%3Cuser.guacamole.apache.org%3E" }, { "name": "[guacamole-user] 20200703 RE: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847%40%3Cuser.guacamole.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2435-1] guacamole-server security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "name": "FEDORA-2020-bfde0ab889", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "name": "FEDORA-2020-640645e518", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2020-9497", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Guacamole", "version": { "version_data": [ { "version_value": "Apache Guacamole 1.1.0 and older" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E" }, { "name": "[announce] 20200701 [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f@%3Cannounce.apache.org%3E" }, { "name": "[guacamole-user] 20200703 Re: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7@%3Cuser.guacamole.apache.org%3E" }, { "name": "[guacamole-user] 20200703 RE: [SECURITY] CVE-2020-9497: Apache Guacamole: Improper input validation of RDP static virtual channels", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847@%3Cuser.guacamole.apache.org%3E" }, { "name": "https://research.checkpoint.com/2020/apache-guacamole-rce/", "refsource": "MISC", "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2435-1] guacamole-server security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "name": "FEDORA-2020-bfde0ab889", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "name": "FEDORA-2020-640645e518", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "name": "[announce] 20210125 Apache Software Foundation Security Report: 2020", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E" }, { "name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2020-9497", "datePublished": "2020-07-02T12:30:33", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2024-08-04T10:34:38.227Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://www.openwall.com/lists/oss-security/2023/12/19/4 | Mailing List, Third Party Advisory | |
security@apache.org | https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 | Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/19/4 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 | Mailing List, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCF38330-2A18-4595-BDB4-0789A9F4BD2C", "versionEndIncluding": "1.5.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n" }, { "lang": "es", "value": "Apache Guacamole 1.5.3 y anteriores no garantizan sistem\u00e1ticamente que los valores recibidos de un servidor VNC no produzcan un desbordamiento de enteros. Si un usuario se conecta a un servidor VNC malicioso o comprometido, los datos especialmente manipulados podr\u00edan da\u00f1ar la memoria, permitiendo posiblemente que se ejecute c\u00f3digo arbitrario con los privilegios del proceso guacd en ejecuci\u00f3n. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.4, que soluciona este problema." } ], "id": "CVE-2023-43826", "lastModified": "2024-11-21T08:24:51.397", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security@apache.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-19T20:15:08.300", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "security@apache.org", "type": "Primary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://www.openwall.com/lists/oss-security/2022/01/11/6 | Mailing List, Third Party Advisory | |
security@apache.org | https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro | Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/01/11/6 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro | Mailing List, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3A733CC-43E3-4A1C-BF40-54C1113B8B5C", "versionEndIncluding": "1.3.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection." }, { "lang": "es", "value": "Apache Guacamole versiones 1.3.0 y anteriores, pueden incluir incorrectamente un identificador de t\u00fanel privado en los detalles no privados de algunas respuestas REST. Esto puede permitir que un usuario autenticado que ya presenta permiso para acceder a una conexi\u00f3n particular lea o interact\u00fae con el uso activo de otro usuario de esa misma conexi\u00f3n" } ], "id": "CVE-2021-41767", "lastModified": "2024-11-21T06:26:43.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-01-11T22:15:07.570", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E4787AD-4833-4AB1-A367-FC7A4E00D188", "versionEndIncluding": "0.9.14", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain." }, { "lang": "es", "value": "En versiones anteriores a la 1.0.0, Apache Guacamole emple\u00f3 una cookie para el almacenamiento del lado del cliente del token de sesi\u00f3n del usuario. Esta cookie carec\u00eda del flag \"secure\", que podr\u00eda permitir que un atacante escuche en la red para interceptar la sesi\u00f3n del usuario si se realizan peticiones HTTP no cifradas al mismo dominio." } ], "id": "CVE-2018-1340", "lastModified": "2024-11-21T03:59:39.510", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-02-07T22:29:00.287", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "http://www.securityfocus.com/bid/106768" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "http://www.securityfocus.com/bid/106768" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-311" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "499312E8-42AE-4250-B3E2-DAE773A72C0D", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:guacamole:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "DBACA320-E201-404A-9B7E-121ABACD5ED7", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed." }, { "lang": "es", "value": "Vulnerabilidad de XSS en el navegador de archivos de Guacamole 0.9.8 y 0.9.9, cuando la transferencia de archivos est\u00e1 habilitada en una ubicaci\u00f3n compartida por varios usuarios, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de archivo manipulado. NOTA: esta vulnerabilidad se corrigi\u00f3 en guacamole.war el 2016-01-13, pero no se cambi\u00f3 el n\u00famero de versi\u00f3n." } ], "id": "CVE-2016-1566", "lastModified": "2024-11-21T02:46:39.130", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" }, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2017-02-02T15:59:00.140", "references": [ { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6 | Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6 | Mailing List, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7970D34-6918-473C-9F47-674134658E48", "versionEndExcluding": "1.5.2", "versionStartIncluding": "0.9.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\n\n" } ], "id": "CVE-2023-30576", "lastModified": "2024-11-21T08:00:27.013", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "security@apache.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-06-07T09:15:10.080", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-416" } ], "source": "security@apache.org", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
apache | guacamole | * | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "10392618-48D8-4B41-8546-1123888661C7", "versionEndIncluding": "1.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process." }, { "lang": "es", "value": "Apache Guacamole versiones 1.1.0 y anteriores, pueden manejar inapropiadamente los punteros involucrados en el procesamiento de datos recibidos por medio de canales virtuales est\u00e1ticos RDP. Si un usuario se conecta a un servidor RDP malicioso o comprometido, una serie de PDU especialmente dise\u00f1adas podr\u00edan resultar en corrupci\u00f3n en la memoria, posiblemente permitiendo una ejecuci\u00f3n de c\u00f3digo arbitraria con los privilegios del proceso guacd en ejecuci\u00f3n" } ], "id": "CVE-2020-9498", "lastModified": "2024-11-21T05:40:46.673", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-07-02T13:15:11.090", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc%40%3Cannounce.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc%40%3Cannounce.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-787" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CA16CBF-F157-4C52-9B9C-7FCF4E8F2B36", "versionEndIncluding": "0.9.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:guacamole:0.9.10-incubating:*:*:*:*:*:*:*", "matchCriteriaId": "81FD0727-B3B1-462B-8D32-6EAAD3C4A348", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer." }, { "lang": "es", "value": "Una condici\u00f3n de carrera en el emulador de terminal Guacamole en versiones 0.9.5 hasta la versi\u00f3n 0.9.10-incubating podr\u00eda permitir que se solapen escrituras de bloques de datos impresos. Estas escrituras solapadas podr\u00edan provocar que los datos del paquete se lean de forma incorrecta como la longitud del paquete, lo que resultar\u00eda en que los datos que quedan se escribir\u00edan m\u00e1s all\u00e1 del final de un b\u00fafer asignado est\u00e1ticamente." } ], "id": "CVE-2017-3158", "lastModified": "2024-11-21T03:24:56.930", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-01-18T20:29:00.257", "references": [ { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-362" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
apache | guacamole | * | |
fedoraproject | fedora | 32 | |
fedoraproject | fedora | 33 | |
debian | debian_linux | 9.0 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "10392618-48D8-4B41-8546-1123888661C7", "versionEndIncluding": "1.1.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection." }, { "lang": "es", "value": "Apache Guacamole versiones 1.1.0 y anteriores, no comprueban apropiadamente los datos recibidos desde servidores RDP por medio de canales virtuales est\u00e1ticos. Si un usuario se conecta a un servidor RDP malicioso o comprometido, las PDU especialmente dise\u00f1adas podr\u00edan resultar en divulgaci\u00f3n de informaci\u00f3n dentro de la memoria del proceso guacd que maneja la conexi\u00f3n" } ], "id": "CVE-2020-9497", "lastModified": "2024-11-21T05:40:46.530", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-07-02T13:15:10.997", "references": [ { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7%40%3Cuser.guacamole.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847%40%3Cuser.guacamole.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f%40%3Cannounce.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E" }, { "source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "source": "security@apache.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "source": "security@apache.org", "tags": [ "Third Party Advisory" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7%40%3Cuser.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847%40%3Cuser.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f%40%3Cannounce.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://research.checkpoint.com/2020/apache-guacamole-rce/" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
sqlite | sqlite | 3.30.1 | |
oracle | mysql_workbench | * | |
siemens | sinec_infrastructure_network_services | * | |
siemens | sinec_infrastructure_network_services | 1.0.1.1 | |
apache | guacamole | 1.3.0 | |
netapp | cloud_backup | - | |
netapp | ontap_select_deploy_administration_utility | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sqlite:sqlite:3.30.1:*:*:*:*:*:*:*", "matchCriteriaId": "0175D7DA-13DD-44A4-91BB-77489F76C878", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B4DA1DD-9BC1-4D76-BB41-6E6D69838571", "versionEndIncluding": "8.0.19", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253", "versionEndExcluding": "1.0.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E921362A-6421-4B18-B76D-FE6402FDD70D", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "2526DE35-521D-4709-A0E8-022B430F1AF5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash." }, { "lang": "es", "value": "SQLite 3.30.1 maneja mal ciertas declaraciones SELECT con una VISTA inexistente, lo que lleva a un bloqueo de la aplicaci\u00f3n." } ], "id": "CVE-2019-19603", "lastModified": "2024-11-21T04:35:01.970", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-12-09T19:15:14.710", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13" }, { "source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191223-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4394-1/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.sqlite.org/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20191223-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://usn.ubuntu.com/4394-1/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.sqlite.org/" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv | Mailing List, Third Party Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE5D0D8B-CE5F-4168-A1CB-4872610F5B67", "versionEndExcluding": "1.5.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\n\n" } ], "id": "CVE-2023-30575", "lastModified": "2024-11-21T08:00:26.877", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@apache.org", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-06-07T09:15:09.993", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-131" } ], "source": "security@apache.org", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-131" } ], "source": "nvd@nist.gov", "type": "Secondary" } ] }
Vulnerability from fkie_nvd
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://www.openwall.com/lists/oss-security/2022/01/11/7 | Mailing List, Third Party Advisory | |
security@apache.org | https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9 | Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/01/11/7 | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9 | Mailing List, Vendor Advisory |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:1.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "19C6CFCC-0796-4201-BEF4-78A6E5A11C85", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:guacamole:1.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "2526DE35-521D-4709-A0E8-022B430F1AF5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user." }, { "lang": "es", "value": "Apache Guacamole versiones 1.2.0 y 1.3.0, no comprueban correctamente las respuestas recibidas de un proveedor de identidad SAML. Si la compatibilidad con SAML est\u00e1 habilitada, esto puede permitir que un usuario malicioso asuma la identidad de otro usuario de Guacamole" } ], "id": "CVE-2021-43999", "lastModified": "2024-11-21T06:30:10.790", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-01-11T22:15:07.627", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7" }, { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "security@apache.org", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-287" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "79BE7DF7-26AD-410B-8037-8153371A53B0", "versionEndIncluding": "1.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users." }, { "lang": "es", "value": "Apache Guacamole versiones 1.2.0 y anteriores, no restringen constantemente el acceso al historial de conexiones seg\u00fan la visibilidad del usuario.\u0026#xa0;Si m\u00faltiples usuarios comparten el acceso a la misma conexi\u00f3n, esos usuarios pueden ser capaz de visualizar qu\u00e9 otros usuarios han accedido a esa conexi\u00f3n, as\u00ed como las direcciones IP desde las que se accedi\u00f3 a esa conexi\u00f3n, inclusive si esos usuarios no tienen permiso para visualizar otros usuarios" } ], "id": "CVE-2020-11997", "lastModified": "2024-11-21T04:59:04.907", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-01-19T22:15:12.317", "references": [ { "source": "security@apache.org", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E" } ], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-276" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }