Search criteria
546 vulnerabilities found for hci_management_node by netapp
FKIE_CVE-2023-38430
Vulnerability from fkie_nvd - Published: 2023-07-18 00:15 - Updated: 2024-11-21 08:13
Severity ?
Summary
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | hci_management_node | - | |
| netapp | h300s | - | |
| netapp | h410s | - | |
| netapp | h500s | - | |
| netapp | h700s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6943BD04-722B-4B0F-810D-A5086EA877BB",
"versionEndExcluding": "5.15.145",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05A707A2-83A7-4FED-8BE0-DBB381F97694",
"versionEndExcluding": "6.1.35",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE06036-A8A1-4685-8575-2B94D6FD3278",
"versionEndExcluding": "6.3.9",
"versionStartIncluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read."
}
],
"id": "CVE-2023-38430",
"lastModified": "2024-11-21T08:13:33.390",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-18T00:15:09.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-32254
Vulnerability from fkie_nvd - Published: 2023-07-10 16:15 - Updated: 2024-11-21 08:02
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-32254 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2191658 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20230824-0004/ | Third Party Advisory | |
| secalert@redhat.com | https://www.zerodayinitiative.com/advisories/ZDI-23-702/ | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-32254 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2191658 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230824-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zerodayinitiative.com/advisories/ZDI-23-702/ | Patch, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| netapp | hci_management_node | - | |
| netapp | h300s | - | |
| netapp | h410s | - | |
| netapp | h500s | - | |
| netapp | h700s | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6943BD04-722B-4B0F-810D-A5086EA877BB",
"versionEndExcluding": "5.15.145",
"versionStartIncluding": "5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08F855F4-7188-4EE1-BD79-D4B6C7E2EF54",
"versionEndExcluding": "6.1.28",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3844A90B-940D-46C3-8D7B-9FF63F1AFC2F",
"versionEndExcluding": "6.2.15",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38F6F330-91A0-4675-8B90-6F950471A7CC",
"versionEndExcluding": "6.3.2",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"id": "CVE-2023-32254",
"lastModified": "2024-11-21T08:02:59.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-10T16:15:52.470",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-35252
Vulnerability from fkie_nvd - Published: 2022-09-23 14:15 - Updated: 2025-05-05 17:18
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| netapp | clustered_data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | bootstrap_os | - | |
| netapp | hci_compute_node | - | |
| netapp | h300s_firmware | - | |
| netapp | h300s | - | |
| netapp | h500s_firmware | - | |
| netapp | h500s | - | |
| netapp | h700s_firmware | - | |
| netapp | h700s | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| apple | macos | * | |
| apple | macos | * | |
| debian | debian_linux | 10.0 | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B9B38C-6728-408E-93C9-98C042DA9DD3",
"versionEndExcluding": "7.85.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D13504E-ABCF-4E6F-8984-EADB123DFDD2",
"versionEndExcluding": "11.7.3",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C71359B9-7DCE-4F45-B03F-77CF313A74EA",
"versionEndExcluding": "12.6.3",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
},
{
"lang": "es",
"value": "Cuando curl es usado para recuperar y analizar las cookies de un servidor HTTP(S), acepta las cookies usando c\u00f3digos de control que cuando son enviados de vuelta a un servidor HTTP podr\u00edan hacer que el servidor devolviera respuestas 400. En efecto, permite que un \"sitio hermano\" deniegue el servicio a todos los hermanos."
}
],
"id": "CVE-2022-35252",
"lastModified": "2025-05-05T17:18:16.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-23T14:15:12.323",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1613943"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213603"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1613943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213604"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21549
Vulnerability from fkie_nvd - Published: 2022-07-19 22:15 - Updated: 2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | graalvm | 21.3.2 | |
| oracle | graalvm | 22.1.0 | |
| oracle | jdk | 17.0.3.1 | |
| oracle | jre | 17.0.3.1 | |
| azul | zulu | 17.34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 11.0 | |
| netapp | 7-mode_transition_tool | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | active_iq_unified_manager | - | |
| netapp | cloud_insights_acquisition_unit | - | |
| netapp | cloud_secure_agent | - | |
| netapp | hci_management_node | - | |
| netapp | oncommand_insight | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Libraries). Las versiones afectadas son Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 y 22.1.0. La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o eliminaci\u00f3n de algunos de los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"id": "CVE-2022-21549",
"lastModified": "2024-11-21T06:44:56.113",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:12.147",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21541
Vulnerability from fkie_nvd - Published: 2022-07-19 22:15 - Updated: 2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7D961E24-EA18-4217-B5F5-F847726D84E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0485FC-E4B2-464E-8228-1387AC5F353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC9398-71B6-4480-95ED-EDCE838D157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "60614E43-090E-44D7-94AD-FFAE38FF111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "131E1C9E-721C-4176-B78B-69C01F90A9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF9CFB1-CEC9-483E-BECF-618190C03944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
"versionEndIncluding": "11.0.15",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
"versionEndIncluding": "13.0.11",
"versionStartIncluding": "13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
"versionEndIncluding": "15.0.7",
"versionStartIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
"versionEndIncluding": "17.0.3",
"versionStartIncluding": "17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
"matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
"matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
"matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
"matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
"matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
"matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
"matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
"matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
"matchCriteriaId": "20DFD9D8-8648-40F7-81B8-04F852A337FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la creaci\u00f3n no autorizada, la eliminaci\u00f3n o el acceso a la modificaci\u00f3n de datos cr\u00edticos o de todos los datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java con sandbox, que cargan y ejecutan c\u00f3digo no confiable (por ejemplo, c\u00f3digo procedente de Internet) y que dependen de la sandbox de Java para su seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.9 (impactos en la Integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"id": "CVE-2022-21541",
"lastModified": "2024-11-21T06:44:55.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:11.783",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-21540
Vulnerability from fkie_nvd - Published: 2022-07-19 22:15 - Updated: 2024-11-21 06:44
Severity ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7D961E24-EA18-4217-B5F5-F847726D84E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0485FC-E4B2-464E-8228-1387AC5F353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC9398-71B6-4480-95ED-EDCE838D157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "60614E43-090E-44D7-94AD-FFAE38FF111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "131E1C9E-721C-4176-B78B-69C01F90A9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF9CFB1-CEC9-483E-BECF-618190C03944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
"versionEndIncluding": "11.0.15",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
"versionEndIncluding": "13.0.11",
"versionStartIncluding": "13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
"versionEndIncluding": "15.0.7",
"versionStartIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
"versionEndIncluding": "17.0.3",
"versionStartIncluding": "17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
"matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
"matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
"matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
"matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
"matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
"matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
"matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
"matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4633C4-E552-439D-8FE4-139E3A7956CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
"matchCriteriaId": "20DFD9D8-8648-40F7-81B8-04F852A337FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle Java SE, Oracle GraalVM Enterprise Edition de Oracle Java SE (componente: Hotspot). Las versiones afectadas son Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 y 22.1.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de m\u00faltiples protocolos comprometer a Oracle Java SE, Oracle GraalVM Enterprise Edition. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Java SE, Oracle GraalVM Enterprise Edition. Nota: Esta vulnerabilidad es aplicada a las implantaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start con sandbox o applets Java con sandbox, que cargan y ejecutan c\u00f3digo que no es confiable (por ejemplo, c\u00f3digo que viene de Internet) y dependen de la sandbox de Java para la seguridad. Esta vulnerabilidad tambi\u00e9n puede ser explotada mediante el uso de APIs en el componente especificado, por ejemplo, mediante un servicio web que suministra datos a las APIs. CVSS 3.1, Puntuaci\u00f3n Base 5.3 (impactos en la Confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"id": "CVE-2022-21540",
"lastModified": "2024-11-21T06:44:55.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2022-07-19T22:15:11.730",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "secalert_us@oracle.com",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-34169
Vulnerability from fkie_nvd - Published: 2022-07-19 18:15 - Updated: 2024-11-21 07:08
Severity ?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E406791B-F9FD-4E3F-831C-296D8F8FF9BE",
"versionEndIncluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7D961E24-EA18-4217-B5F5-F847726D84E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "601D92C4-F71F-47E2-9041-5C286D2137F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B18FE85D-C53D-44E9-8992-715820D1264B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "6E3C0BA3-FCD3-4CB8-B8C7-F931090A7DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "EB2A5440-7FA7-4A86-AA19-E2ABBD809B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0485FC-E4B2-464E-8228-1387AC5F353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF3539B-0434-4310-AE88-F46864C7C20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CC9398-71B6-4480-95ED-EDCE838D157E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*",
"matchCriteriaId": "60614E43-090E-44D7-94AD-FFAE38FF111F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*",
"matchCriteriaId": "131E1C9E-721C-4176-B78B-69C01F90A9A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4BFA12-588A-4D8D-B45F-648A55EC674C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF70EEA-EC9D-4FFC-B7BE-76F50C34D999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF9CFB1-CEC9-483E-BECF-618190C03944",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2ADA66-DCD0-4D28-80B2-77A0265CE7B9",
"versionEndIncluding": "11.0.15",
"versionStartIncluding": "11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA6BC07-2BDA-4913-AF2B-FD2146B0E539",
"versionEndIncluding": "13.0.11",
"versionStartIncluding": "13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A2E366B-549D-48C5-B3FB-AD0E8C75AE08",
"versionEndIncluding": "15.0.7",
"versionStartIncluding": "15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FD6A0B-BB1A-4875-926C-AB1B6EC1A053",
"versionEndIncluding": "17.0.3",
"versionStartIncluding": "17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:-:*:*:*:*:*:*",
"matchCriteriaId": "E78B7C5A-FA51-41E4-AAB0-C6DED2EFCF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update1:*:*:*:*:*:*",
"matchCriteriaId": "02011EDC-20A7-4A16-A592-7C76E0037997",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update10:*:*:*:*:*:*",
"matchCriteriaId": "AC6D4652-1226-4C60-BEDF-01EBF8AC0849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update101:*:*:*:*:*:*",
"matchCriteriaId": "3C1F9ED7-7D93-41F4-9130-15BA734420AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update11:*:*:*:*:*:*",
"matchCriteriaId": "1CF9CDF1-95D3-4125-A73F-396D2280FC4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update111:*:*:*:*:*:*",
"matchCriteriaId": "A13266DC-F8D9-4F30-987F-65BBEAF8D3A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update121:*:*:*:*:*:*",
"matchCriteriaId": "C28388AB-CFC9-4749-A90F-383F5B905EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update13:*:*:*:*:*:*",
"matchCriteriaId": "DA1B00F9-A81C-48B7-8DAA-F394DDF323F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update131:*:*:*:*:*:*",
"matchCriteriaId": "CA7AD457-6CE6-4925-8D94-A907B40233D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update141:*:*:*:*:*:*",
"matchCriteriaId": "A6F3FDD1-7CAC-4B84-ABB7-64E9D3FBD708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update15:*:*:*:*:*:*",
"matchCriteriaId": "5480E5AD-DB46-474A-9B57-84ED088A75FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update151:*:*:*:*:*:*",
"matchCriteriaId": "881A4AE9-6012-4E91-98BE-0A352CC20703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update161:*:*:*:*:*:*",
"matchCriteriaId": "7E1E1079-57D9-473B-A017-964F4745F329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update17:*:*:*:*:*:*",
"matchCriteriaId": "B8D6446E-2915-4F12-87BE-E7420BC2626E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update171:*:*:*:*:*:*",
"matchCriteriaId": "564EDCE3-16E6-401D-8A43-032D1F8875E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update181:*:*:*:*:*:*",
"matchCriteriaId": "08278802-D31B-488A-BA6A-EBC816DF883A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update191:*:*:*:*:*:*",
"matchCriteriaId": "72BDA05A-C8BD-472E-8465-EE1F3E5D8CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update2:*:*:*:*:*:*",
"matchCriteriaId": "7BBB0969-565E-43E2-B067-A10AAA5F1958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update201:*:*:*:*:*:*",
"matchCriteriaId": "D78BE95D-6270-469A-8035-FCDDB398F952",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update21:*:*:*:*:*:*",
"matchCriteriaId": "88C24F40-3150-4584-93D9-8307DE04EEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update211:*:*:*:*:*:*",
"matchCriteriaId": "E0FC5A03-FF11-4787-BBF1-3ACF93A21F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update221:*:*:*:*:*:*",
"matchCriteriaId": "19626B36-62FC-4497-A2E1-7D6CD9839B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update231:*:*:*:*:*:*",
"matchCriteriaId": "5713AEBD-35F6-44E8-A0CC-A42830D7AE20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update241:*:*:*:*:*:*",
"matchCriteriaId": "8BE0C04B-440E-4B35-ACC8-6264514F764C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update25:*:*:*:*:*:*",
"matchCriteriaId": "555EC2A6-0475-48ED-AE0C-B306714A9333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update251:*:*:*:*:*:*",
"matchCriteriaId": "EC1CF2AD-3F7A-4EF3-BD41-117A21553A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update261:*:*:*:*:*:*",
"matchCriteriaId": "02C55E2E-AEDE-455C-B128-168C918B5D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update271:*:*:*:*:*:*",
"matchCriteriaId": "81831D37-6597-441B-87DE-38F7191BEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update281:*:*:*:*:*:*",
"matchCriteriaId": "EEA1594D-0AB5-436D-9E60-C26EE2175753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update291:*:*:*:*:*:*",
"matchCriteriaId": "B868FA41-C71B-491C-880B-484740B30C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update3:*:*:*:*:*:*",
"matchCriteriaId": "C242D3BE-9114-4A9E-BB78-45754C7CC450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update301:*:*:*:*:*:*",
"matchCriteriaId": "95954182-9541-4181-9647-B17FA5A79F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update311:*:*:*:*:*:*",
"matchCriteriaId": "9F6F0137-F91F-4028-BED2-C29640D52C23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update321:*:*:*:*:*:*",
"matchCriteriaId": "EAFB6B15-4AE6-47FC-8847-9DFADB7AE253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update4:*:*:*:*:*:*",
"matchCriteriaId": "D61068FE-18EE-4ADB-BC69-A3ECE8724575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update40:*:*:*:*:*:*",
"matchCriteriaId": "EFB59E80-4EC4-4399-BF40-6733E4E475A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update45:*:*:*:*:*:*",
"matchCriteriaId": "84E31265-22E1-4E91-BFCB-D2AFF445926A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update5:*:*:*:*:*:*",
"matchCriteriaId": "AB3A58C3-94BB-4120-BE1D-AAF8BBF7F22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update51:*:*:*:*:*:*",
"matchCriteriaId": "50319E52-8739-47C5-B61E-3CA9B6A9A48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update55:*:*:*:*:*:*",
"matchCriteriaId": "7ED515B9-DC74-4DC5-B98A-08D87D85E11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update6:*:*:*:*:*:*",
"matchCriteriaId": "6D1D4868-1F9F-43F7-968C-6469B67D3F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update60:*:*:*:*:*:*",
"matchCriteriaId": "568F1AC4-B0D7-4438-82E5-0E61500F2240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update65:*:*:*:*:*:*",
"matchCriteriaId": "F5E99B4A-EDAD-4471-81C4-7E9C775C9D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update67:*:*:*:*:*:*",
"matchCriteriaId": "14E9133E-9FF3-40DB-9A11-7469EF5FD265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update7:*:*:*:*:*:*",
"matchCriteriaId": "94834710-3FA9-49D9-8600-B514CBCA4270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update72:*:*:*:*:*:*",
"matchCriteriaId": "4228D9E1-7D82-4B49-9669-9CDAD7187432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update76:*:*:*:*:*:*",
"matchCriteriaId": "F6231F48-2936-4F7D-96D5-4BA11F78EBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update80:*:*:*:*:*:*",
"matchCriteriaId": "D96D5061-4A81-497E-9AD6-A8381B3B454C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update85:*:*:*:*:*:*",
"matchCriteriaId": "5345C21E-A01B-43B9-9A20-F2783D921C60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update9:*:*:*:*:*:*",
"matchCriteriaId": "B219F360-83BD-4111-AB59-C9D4F55AF4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update91:*:*:*:*:*:*",
"matchCriteriaId": "D25377EA-8E8F-4C76-8EA9-3BBDFB352815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update95:*:*:*:*:*:*",
"matchCriteriaId": "59FEFE05-269A-4EAF-A80F-E4C2107B1197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update97:*:*:*:*:*:*",
"matchCriteriaId": "E7E2AA7C-F602-4DB7-9EC1-0708C46C253C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:7:update99:*:*:*:*:*:*",
"matchCriteriaId": "FB70E154-A304-429E-80F5-8D87B00E32D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:-:*:*:*:*:*:*",
"matchCriteriaId": "70892D06-6E75-4425-BBF0-4B684EC62A1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "7A165D71-71CC-4E6A-AA4F-FF8DB5B9A5AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "7417B2BB-9AC2-4AF4-A828-C89A0735AD92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "6A0A57B5-6F88-4288-9CDE-F6613FE068D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone4:*:*:*:*:*:*",
"matchCriteriaId": "67ED8559-C348-4932-B7CE-CB96976A30EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone5:*:*:*:*:*:*",
"matchCriteriaId": "40AC3D91-263F-4345-9FAA-0E573EA64590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone6:*:*:*:*:*:*",
"matchCriteriaId": "DD92AFA9-81F8-48D4-B79A-E7F066F69A99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone7:*:*:*:*:*:*",
"matchCriteriaId": "2C4B2F24-A730-4818-90C8-A2D90C081F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone8:*:*:*:*:*:*",
"matchCriteriaId": "464087F2-C285-4574-957E-CE0663F07DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:milestone9:*:*:*:*:*:*",
"matchCriteriaId": "3E9BB880-A4F6-4887-8BB9-47AA298753D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update101:*:*:*:*:*:*",
"matchCriteriaId": "18DCFF53-B298-4534-AB5C-8A5EF59C616F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update102:*:*:*:*:*:*",
"matchCriteriaId": "083419F8-FDDF-4E36-88F8-857DB317C1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update11:*:*:*:*:*:*",
"matchCriteriaId": "D7A74F65-57E8-4C9A-BA96-5EF401504F13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update111:*:*:*:*:*:*",
"matchCriteriaId": "0D0B90FC-57B6-4315-9B29-3C36E58B2CF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update112:*:*:*:*:*:*",
"matchCriteriaId": "07812576-3C35-404C-A7D7-9BE9E3D76E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update121:*:*:*:*:*:*",
"matchCriteriaId": "00C52B1C-5447-4282-9667-9EBE0720B423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update131:*:*:*:*:*:*",
"matchCriteriaId": "92BB9EB0-0C12-4E77-89EE-FB77097841B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update141:*:*:*:*:*:*",
"matchCriteriaId": "FF9D5DCE-2E8F-42B9-9038-AEA7E8C8CFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update151:*:*:*:*:*:*",
"matchCriteriaId": "ABC0E7BB-F8B7-4369-9910-71240E4073A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update152:*:*:*:*:*:*",
"matchCriteriaId": "551B2640-8CEC-4C24-AF8B-7A7CEF864D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update161:*:*:*:*:*:*",
"matchCriteriaId": "0AE30779-48FB-451E-8CE1-F469F93B8772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update162:*:*:*:*:*:*",
"matchCriteriaId": "60590FDE-7156-4314-A012-AA38BD2ADDC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update171:*:*:*:*:*:*",
"matchCriteriaId": "BE51AD3A-8331-4E8F-9DB1-7A0051731DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update172:*:*:*:*:*:*",
"matchCriteriaId": "F24F6122-2256-41B6-9033-794C6424ED99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update181:*:*:*:*:*:*",
"matchCriteriaId": "0EAFA79E-8C7A-48CF-8868-11378FE4B26F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update191:*:*:*:*:*:*",
"matchCriteriaId": "D1D6F19F-59B5-4BB6-AD35-013384025970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update192:*:*:*:*:*:*",
"matchCriteriaId": "E7BA97BC-3ADA-465A-835B-6C3C5F416B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update20:*:*:*:*:*:*",
"matchCriteriaId": "B71F77A4-B7EB-47A1-AAFD-431A7D040B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update201:*:*:*:*:*:*",
"matchCriteriaId": "91D6BEA9-5943-44A4-946D-CEAA9BA99376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update202:*:*:*:*:*:*",
"matchCriteriaId": "C079A3E0-44EB-4B9C-B4FC-B7621D165C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update211:*:*:*:*:*:*",
"matchCriteriaId": "2CB74086-14B8-4237-8357-E0C6B5BB8313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update212:*:*:*:*:*:*",
"matchCriteriaId": "3ABED20A-7C34-4E86-9AFB-F4DC9ECBB3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update221:*:*:*:*:*:*",
"matchCriteriaId": "00C2B9C9-1177-4DA6-96CE-55F37F383F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update222:*:*:*:*:*:*",
"matchCriteriaId": "435CF189-0BD8-40DF-A0DC-99862CDEAF8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update231:*:*:*:*:*:*",
"matchCriteriaId": "12A3F367-33AD-47C3-BFDC-871A17E72C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update232:*:*:*:*:*:*",
"matchCriteriaId": "A18F994F-72CA-4AF5-A7D1-9F5AEA286D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update241:*:*:*:*:*:*",
"matchCriteriaId": "78261932-7373-4F16-91E0-1A72ADBEBC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update242:*:*:*:*:*:*",
"matchCriteriaId": "9BD90D3D-9B3A-4101-9A8A-5090F0A9719F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update25:*:*:*:*:*:*",
"matchCriteriaId": "B38C0276-0EBD-4E0B-BFCF-4DDECACE04E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update252:*:*:*:*:*:*",
"matchCriteriaId": "F5A40B8A-D428-4008-9F21-AF21394C51D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update262:*:*:*:*:*:*",
"matchCriteriaId": "FEC5B777-01E1-45EE-AF95-C3BD1F098B2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update271:*:*:*:*:*:*",
"matchCriteriaId": "3B504718-5DCE-43B4-B19A-C6B6E7444BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update281:*:*:*:*:*:*",
"matchCriteriaId": "3102AA10-99A8-49A9-867E-7EEC56865680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update282:*:*:*:*:*:*",
"matchCriteriaId": "5A55CBC7-A7B2-4B89-8AB5-ED30DBE6814E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update291:*:*:*:*:*:*",
"matchCriteriaId": "15BA8A26-2CDA-442B-A549-6BE92DCCD205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update301:*:*:*:*:*:*",
"matchCriteriaId": "56F2883B-6A1B-4081-8877-07AF3A73F6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update302:*:*:*:*:*:*",
"matchCriteriaId": "98C0742E-ACDD-4DB4-8A4C-B96702C8976C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update31:*:*:*:*:*:*",
"matchCriteriaId": "F8483034-DD5A-445D-892F-CDE90A7D58EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update312:*:*:*:*:*:*",
"matchCriteriaId": "1716A5CD-1C32-4F19-9DDE-F9C7CCB6B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update322:*:*:*:*:*:*",
"matchCriteriaId": "DAB4F663-BCAF-43DB-BCC3-24C060B0CBAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update332:*:*:*:*:*:*",
"matchCriteriaId": "A8EF5BB8-7DAF-49B0-A11E-14E89EF7377A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update40:*:*:*:*:*:*",
"matchCriteriaId": "8279718F-878F-4868-8859-1728D13CD0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update45:*:*:*:*:*:*",
"matchCriteriaId": "2C024E1A-FD2C-42E8-B227-C2AFD3040436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update5:*:*:*:*:*:*",
"matchCriteriaId": "4F24389D-DDD0-4204-AA24-31C920A4F47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update51:*:*:*:*:*:*",
"matchCriteriaId": "966979BE-1F21-4729-B6B8-610F74648344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update60:*:*:*:*:*:*",
"matchCriteriaId": "F8534265-33BF-460D-BF74-5F55FDE50F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update65:*:*:*:*:*:*",
"matchCriteriaId": "F77AFC25-1466-4E56-9D5F-6988F3288E16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update66:*:*:*:*:*:*",
"matchCriteriaId": "A650BEB8-E56F-4E42-9361-8D2DB083F0F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update71:*:*:*:*:*:*",
"matchCriteriaId": "799FFECD-E80A-44B3-953D-CDB5E195F3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update72:*:*:*:*:*:*",
"matchCriteriaId": "A7047507-7CAF-4A14-AA9A-5CEF806EDE98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update73:*:*:*:*:*:*",
"matchCriteriaId": "CFC7B179-95D3-4F94-84F6-73F1034A1AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update74:*:*:*:*:*:*",
"matchCriteriaId": "9FB28526-9385-44CA-AF08-1899E6C3AE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update77:*:*:*:*:*:*",
"matchCriteriaId": "E26B69E4-0B43-415F-A82B-52FDCB262B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update91:*:*:*:*:*:*",
"matchCriteriaId": "27BC4150-70EC-462B-8FC5-20B3442CBB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:8:update92:*:*:*:*:*:*",
"matchCriteriaId": "02646989-ECD9-40AE-A83E-EFF4080C69B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:18:*:*:*:*:*:*:*",
"matchCriteriaId": "56CBFC1F-C120-44F2-877A-C1C880AA89C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7EF6650C-558D-45C8-AE7D-136EE70CB6D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azul:zulu:6.47:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4633C4-E552-439D-8FE4-139E3A7956CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "50C77346-8893-44F0-B0D1-5D4D30A9CA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:8.62:*:*:*:*:*:*:*",
"matchCriteriaId": "63E58DE0-A96A-452E-986F-3BD2FEA7C723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:11.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FB1BF4-3FCF-4007-A9E3-97C35483D6A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:13.48:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7A33EC-DE03-424F-9796-E5EA071FF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:15.40:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAFFA9-0AA4-4C70-9154-8DA4BB255FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:17.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B6302149-28AA-481E-BC6C-87D05E73768A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:azul:zulu:18.30:*:*:*:*:*:*:*",
"matchCriteriaId": "20DFD9D8-8648-40F7-81B8-04F852A337FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
},
{
"lang": "es",
"value": "La biblioteca Apache Xalan Java XSLT es vulnerable a un problema de truncamiento de enteros cuando procesa hojas de estilo XSLT maliciosas. Esto puede usarse para corromper los archivos de clase Java generados por el compilador interno XSLTC y ejecutar c\u00f3digo de bytes Java arbitrario. El proyecto Apache Xalan Java est\u00e1 inactivo y en proceso de ser retirado. No son esperadas futuras versiones de Apache Xalan Java que abordan este problema. Nota: Los tiempos de ejecuci\u00f3n de Java (como OpenJDK) incluyen copias reempaquetadas de Xalan."
}
],
"id": "CVE-2022-34169",
"lastModified": "2024-11-21T07:08:59.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-19T18:15:11.740",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32208
Vulnerability from fkie_nvd - Published: 2022-07-07 13:15 - Updated: 2025-05-05 17:18
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| netapp | clustered_data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | bootstrap_os | - | |
| netapp | h300s | - | |
| netapp | h300s_firmware | - | |
| netapp | h500s | - | |
| netapp | h500s_firmware | - | |
| netapp | h700s | - | |
| netapp | h700s_firmware | - | |
| netapp | h410s_firmware | - | |
| netapp | h410s | - | |
| apple | macos | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F67AD5-9AB1-490D-B2A2-383B6A5066FB",
"versionEndExcluding": "7.84.0",
"versionStartIncluding": "7.16.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
},
{
"lang": "es",
"value": "Cuando curl versiones anteriores a 7.84.0, hace transferencias FTP aseguradas por krb5, maneja inapropiadamente los fallos de verificaci\u00f3n de mensajes. Este fallo hace posible que un ataque de tipo Man-In-The-Middle pase desapercibido e incluso permite inyectar datos al cliente"
}
],
"id": "CVE-2022-32208",
"lastModified": "2025-05-05T17:18:13.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-07-07T13:15:08.467",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1590071"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1590071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32206
Vulnerability from fkie_nvd - Published: 2022-07-07 13:15 - Updated: 2025-05-05 17:18
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C157D010-3A81-4AAE-8FB6-51B559AF29B2",
"versionEndExcluding": "7.84.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
},
{
"lang": "es",
"value": "curl versiones anteriores a 7.84.0, soporta algoritmos de compresi\u00f3n HTTP \"encadenados\", lo que significa que una respuesta al servidor puede ser comprimida m\u00faltiples veces y potencialmente con diferentes algoritmos. El n\u00famero de \"eslabones\" aceptables en esta \"cadena de descompresi\u00f3n\" era ilimitado, lo que permit\u00eda a un servidor malicioso insertar un n\u00famero pr\u00e1cticamente ilimitado de pasos de compresi\u00f3n. El uso de una cadena de descompresi\u00f3n de este tipo pod\u00eda resultar en una \"bomba de malloc\", haciendo que curl acabara gastando enormes cantidades de memoria de mont\u00f3n asignada, o intentando y devolviendo errores de memoria"
}
],
"id": "CVE-2022-32206",
"lastModified": "2025-05-05T17:18:13.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-07-07T13:15:08.340",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1570651"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1570651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32205
Vulnerability from fkie_nvd - Published: 2022-07-07 13:15 - Updated: 2025-05-05 17:18
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E27893-D80C-4F7C-A87B-CEEA709A8E9F",
"versionEndExcluding": "7.84.0",
"versionStartIncluding": "7.71.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21A75847-54F1-453A-82D7-B6D2CB2DE7AA",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50FEE5FA-B141-4E5F-8673-363089262530",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC3EE40-4398-4337-B40E-8AACDF225BBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E00E02E5-109C-44E7-8C20-BFEE7C739ADC",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A79836B-5EC1-40AF-8A57-9657EF6758E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BC85A6-386C-43E9-9266-50F8C53C7362",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB9BD17-7F1F-42E9-831F-EB907F9BC214",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10C7D54A-27B4-4195-8131-DD5380472A75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C",
"versionEndExcluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E54AF1E6-0E52-447C-8946-18716D30EBE2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method."
},
{
"lang": "es",
"value": "Un servidor malicioso puede servir cantidades excesivas de encabezados \"Set-Cookie:\" en una respuesta HTTP a curl y curl versiones anteriores a 7.84.0 las almacena todas. Una cantidad suficientemente grande de cookies (grandes) hace que las subsiguientes peticiones HTTP a este, o a otros servidores con los que coincidan las cookies, creen peticiones que superen el umbral que curl usa internamente para evitar el env\u00edo de peticiones locamente grandes (1048576 bytes) y en su lugar devuelva un error. Este estado de denegaci\u00f3n puede permanecer mientras sea mantenidas las mismas cookies, coincidan y no hayan expirado. Debido a las reglas de coincidencia de cookies, un servidor en \"foo.example.com\" puede establecer cookies que tambi\u00e9n coincidan para \"bar.example.com\", haciendo posible que un \"servidor hermano\" cause efectivamente una denegaci\u00f3n de servicio para un sitio hermano en el mismo dominio de segundo nivel usando este m\u00e9todo"
}
],
"id": "CVE-2022-32205",
"lastModified": "2025-05-05T17:18:12.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-07-07T13:15:08.277",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "support@hackerone.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1569946"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1569946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-32207
Vulnerability from fkie_nvd - Published: 2022-07-07 13:15 - Updated: 2025-04-23 18:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | curl | * | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 11.0 | |
| netapp | clustered_data_ontap | - | |
| netapp | element_software | - | |
| netapp | hci_management_node | - | |
| netapp | solidfire | - | |
| netapp | hci_compute_node | - | |
| netapp | bootstrap_os | - | |
| netapp | h300s | - | |
| netapp | h300s_firmware | - | |
| netapp | h500s | - | |
| netapp | h500s_firmware | - | |
| netapp | h700s | - | |
| netapp | h700s_firmware | - | |
| netapp | h410s | - | |
| netapp | h410s_firmware | - | |
| apple | macos | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | * | |
| splunk | universal_forwarder | 9.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6ECDBA5-3DD5-4F58-9E05-14A4C7A4E44B",
"versionEndExcluding": "7.84.0",
"versionStartIncluding": "7.69.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71E032AD-F827-4944-9699-BB1E6D4233FC",
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
"versionEndExcluding": "8.2.12",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
"versionEndExcluding": "9.0.6",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
},
{
"lang": "es",
"value": "Cuando curl versiones anteriores a 7.84.0, guarda datos de cookies, alt-svc y hsts en archivos locales, hace que la operaci\u00f3n sea at\u00f3mica al finalizar la operaci\u00f3n con un renombramiento de un nombre temporal al nombre final del archivo de destino. En esa operaci\u00f3n de renombramiento, podr\u00eda accidentalmente *ampliar* los permisos del archivo de destino, dejando el archivo actualizado accesible a m\u00e1s usuarios de los previstos"
}
],
"id": "CVE-2022-32207",
"lastModified": "2025-04-23T18:15:53.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-07-07T13:15:08.403",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1573634"
},
{
"source": "support@hackerone.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/1573634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-38430 (GCVE-0-2023-38430)
Vulnerability from cvelistv5 – Published: 2023-07-17 00:00 – Updated: 2024-08-02 17:39
VLAI?
Summary
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T18:06:36.618094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38430",
"datePublished": "2023-07-17T00:00:00",
"dateReserved": "2023-07-17T00:00:00",
"dateUpdated": "2024-08-02T17:39:13.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32254 (GCVE-0-2023-32254)
Vulnerability from cvelistv5 – Published: 2023-07-10 15:11 – Updated: 2025-02-13 16:50
VLAI?
Summary
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Severity ?
9.8 (Critical)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | kernel |
Unaffected:
6.4-rc1
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"name": "RHBZ#2191658",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T18:06:22.332Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"name": "RHBZ#2191658",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-17T00:00:00Z",
"value": "Made public."
}
],
"title": "Tree connection race condition remote code execution vulnerability",
"x_redhatCweChain": "CWE-667-\u003eCWE-362: Improper Locking leads to Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32254",
"datePublished": "2023-07-10T15:11:25.707Z",
"dateReserved": "2023-05-05T10:00:07.895Z",
"dateUpdated": "2025-02-13T16:50:28.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35252 (GCVE-0-2022-35252)
Vulnerability from cvelistv5 – Published: 2022-09-23 00:00 – Updated: 2025-05-05 16:14
VLAI?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Severity ?
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in curl 7.85.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1613943"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213603"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:42.952225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:14:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in curl 7.85.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1613943"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://support.apple.com/kb/HT213603"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35252",
"datePublished": "2022-09-23T00:00:00.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:14:44.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21540 (GCVE-0-2022-21540)
Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2024-08-03 02:46
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u343
Affected: Oracle Java SE:8u333 Affected: Oracle Java SE:11.0.15.1 Affected: Oracle Java SE:17.0.3.1 Affected: Oracle Java SE:18.0.1.1 Affected: Oracle GraalVM Enterprise Edition:20.3.6 Affected: Oracle GraalVM Enterprise Edition:21.3.2 Affected: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u343"
},
{
"status": "affected",
"version": "Oracle Java SE:8u333"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.15.1"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle Java SE:18.0.1.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.6"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:26.613438",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21540",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21541 (GCVE-0-2022-21541)
Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2024-09-23 19:22
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Severity ?
5.9 (Medium)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u343
Affected: Oracle Java SE:8u333 Affected: Oracle Java SE:11.0.15.1 Affected: Oracle Java SE:17.0.3.1 Affected: Oracle Java SE:18.0.1.1 Affected: Oracle GraalVM Enterprise Edition:20.3.6 Affected: Oracle GraalVM Enterprise Edition:21.3.2 Affected: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:42:01.658119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:22:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u343"
},
{
"status": "affected",
"version": "Oracle Java SE:8u333"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.15.1"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle Java SE:18.0.1.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.6"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:44.119587",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21541",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-23T19:22:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21549 (GCVE-0-2022-21549)
Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2024-08-03 02:46
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:17.0.3.1
Affected: Oracle GraalVM Enterprise Edition:21.3.2 Affected: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"name": "FEDORA-2022-34584d4257",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-64431bccec",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:19.501295",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"name": "FEDORA-2022-34584d4257",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-64431bccec",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21549",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:46:38.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34169 (GCVE-0-2022-34169)
Vulnerability from cvelistv5 – Published: 2022-07-19 00:00 – Updated: 2025-02-13 16:32
VLAI?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Severity ?
No CVSS data available.
CWE
- integer truncation
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xalan-J |
Affected:
Xalan-J , ≤ 2.7.2
(custom)
|
Credits
Reported by Felix Wilhelm, Google Project Zero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"name": "DSA-5256",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xalan-J",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.7.2",
"status": "affected",
"version": "Xalan-J",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Felix Wilhelm, Google Project Zero"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer truncation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:47.103Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"name": "DSA-5256",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-34169",
"datePublished": "2022-07-19T00:00:00.000Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:44.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32206 (GCVE-0-2022-32206)
Vulnerability from cvelistv5 – Published: 2022-07-07 00:00 – Updated: 2025-05-05 16:16
VLAI?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.84.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:52.597184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:16:54.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32206",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:16:54.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32207 (GCVE-0-2022-32207)
Vulnerability from cvelistv5 – Published: 2022-07-07 00:00 – Updated: 2025-04-23 18:04
VLAI?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Severity ?
9.8 (Critical)
CWE
- CWE-840 - Business Logic Errors (CWE-840)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.84.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1573634"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:31:36.720075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:04:31.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1573634"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32207",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:04:31.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32208 (GCVE-0-2022-32208)
Vulnerability from cvelistv5 – Published: 2022-07-07 00:00 – Updated: 2025-05-05 16:16
VLAI?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Severity ?
5.9 (Medium)
CWE
- CWE-840 - Business Logic Errors (CWE-840)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.84.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1590071"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:50.533287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:16:44.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1590071"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32208",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:16:44.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38430 (GCVE-0-2023-38430)
Vulnerability from nvd – Published: 2023-07-17 00:00 – Updated: 2024-08-02 17:39
VLAI?
Summary
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230831-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T18:06:36.618094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/smb/server?id=1c1bcf2d3ea061613119b534f57507c377df20f9"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230831-0003/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38430",
"datePublished": "2023-07-17T00:00:00",
"dateReserved": "2023-07-17T00:00:00",
"dateUpdated": "2024-08-02T17:39:13.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32254 (GCVE-0-2023-32254)
Vulnerability from nvd – Published: 2023-07-10 15:11 – Updated: 2025-02-13 16:50
VLAI?
Summary
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.
Severity ?
9.8 (Critical)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | kernel |
Unaffected:
6.4-rc1
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"name": "RHBZ#2191658",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "6.4-rc1"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "kernel-rt",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "kernel",
"product": "Fedora",
"vendor": "Fedora"
}
],
"datePublic": "2023-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T18:06:22.332Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-32254"
},
{
"name": "RHBZ#2191658",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2191658"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-702/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230824-0004/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-04-27T00:00:00Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-05-17T00:00:00Z",
"value": "Made public."
}
],
"title": "Tree connection race condition remote code execution vulnerability",
"x_redhatCweChain": "CWE-667-\u003eCWE-362: Improper Locking leads to Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-32254",
"datePublished": "2023-07-10T15:11:25.707Z",
"dateReserved": "2023-05-05T10:00:07.895Z",
"dateUpdated": "2025-02-13T16:50:28.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35252 (GCVE-0-2022-35252)
Vulnerability from nvd – Published: 2022-09-23 00:00 – Updated: 2025-05-05 16:14
VLAI?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Severity ?
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in curl 7.85.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1613943"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213603"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:42.952225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:14:44.468Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in curl 7.85.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1613943"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220930-0005/"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"url": "https://support.apple.com/kb/HT213603"
},
{
"url": "https://support.apple.com/kb/HT213604"
},
{
"name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/20"
},
{
"name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/21"
},
{
"name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35252",
"datePublished": "2022-09-23T00:00:00.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:14:44.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21540 (GCVE-0-2022-21540)
Vulnerability from nvd – Published: 2022-07-19 00:00 – Updated: 2024-08-03 02:46
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u343
Affected: Oracle Java SE:8u333 Affected: Oracle Java SE:11.0.15.1 Affected: Oracle Java SE:17.0.3.1 Affected: Oracle Java SE:18.0.1.1 Affected: Oracle GraalVM Enterprise Edition:20.3.6 Affected: Oracle GraalVM Enterprise Edition:21.3.2 Affected: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:39.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u343"
},
{
"status": "affected",
"version": "Oracle Java SE:8u333"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.15.1"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle Java SE:18.0.1.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.6"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:26.613438",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21540",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:46:39.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21541 (GCVE-0-2022-21541)
Vulnerability from nvd – Published: 2022-07-19 00:00 – Updated: 2024-09-23 19:22
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Severity ?
5.9 (Medium)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:7u343
Affected: Oracle Java SE:8u333 Affected: Oracle Java SE:11.0.15.1 Affected: Oracle Java SE:17.0.3.1 Affected: Oracle Java SE:18.0.1.1 Affected: Oracle GraalVM Enterprise Edition:20.3.6 Affected: Oracle GraalVM Enterprise Edition:21.3.2 Affected: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:42:01.658119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T19:22:48.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:7u343"
},
{
"status": "affected",
"version": "Oracle Java SE:8u333"
},
{
"status": "affected",
"version": "Oracle Java SE:11.0.15.1"
},
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle Java SE:18.0.1.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:20.3.6"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:44.119587",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21541",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-09-23T19:22:48.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21549 (GCVE-0-2022-21549)
Vulnerability from nvd – Published: 2022-07-19 00:00 – Updated: 2024-08-03 02:46
VLAI?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
Severity ?
5.3 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Java SE JDK and JRE |
Affected:
Oracle Java SE:17.0.3.1
Affected: Oracle GraalVM Enterprise Edition:21.3.2 Affected: Oracle GraalVM Enterprise Edition:22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:46:38.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"name": "FEDORA-2022-34584d4257",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-64431bccec",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Java SE JDK and JRE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "Oracle Java SE:17.0.3.1"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:21.3.2"
},
{
"status": "affected",
"version": "Oracle GraalVM Enterprise Edition:22.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.3.1; Oracle GraalVM Enterprise Edition: 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-17T15:06:19.501295",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"name": "FEDORA-2022-34584d4257",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQICCJXXAYMCCXOO24R4W7Q3RSKCYDMX/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-64431bccec",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKJCLA2GDNF4B7ZRKORQ2TIR56AHJ4VC/"
},
{
"name": "GLSA-202401-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-25"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2022-21549",
"datePublished": "2022-07-19T00:00:00",
"dateReserved": "2021-11-15T00:00:00",
"dateUpdated": "2024-08-03T02:46:38.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34169 (GCVE-0-2022-34169)
Vulnerability from nvd – Published: 2022-07-19 00:00 – Updated: 2025-02-13 16:32
VLAI?
Summary
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Severity ?
No CVSS data available.
CWE
- integer truncation
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xalan-J |
Affected:
Xalan-J , ≤ 2.7.2
(custom)
|
Credits
Reported by Felix Wilhelm, Google Project Zero
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:17.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"name": "DSA-5256",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xalan-J",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.7.2",
"status": "affected",
"version": "Xalan-J",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Felix Wilhelm, Google Project Zero"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "integer truncation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:47.103Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8"
},
{
"url": "https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw"
},
{
"name": "[oss-security] 20220719 CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/5"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/19/6"
},
{
"name": "[oss-security] 20220719 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/2"
},
{
"name": "[oss-security] 20220720 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/3"
},
{
"name": "DSA-5188",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5188"
},
{
"name": "DSA-5192",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5192"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220729-0009/"
},
{
"name": "FEDORA-2022-19b6f21746",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/"
},
{
"name": "FEDORA-2022-ae563934f7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/"
},
{
"name": "FEDORA-2022-e573851f56",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/"
},
{
"name": "FEDORA-2022-d26586b419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/"
},
{
"name": "FEDORA-2022-80afe2304a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/"
},
{
"name": "FEDORA-2022-b76ab52e73",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/"
},
{
"url": "http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html"
},
{
"name": "[oss-security] 20221017 Re: CVE-2022-34169: Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/10/18/2"
},
{
"name": "[debian-lts-announce] 20221018 [SECURITY] [DLA 3155-1] bcel security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html"
},
{
"name": "DSA-5256",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5256"
},
{
"name": "[oss-security] 20221104 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/04/8"
},
{
"name": "[oss-security] 20221107 Re: CVE-2022-42920: Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/11/07/2"
},
{
"url": "https://security.gentoo.org/glsa/202401-25"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-34169",
"datePublished": "2022-07-19T00:00:00.000Z",
"dateReserved": "2022-06-21T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:32:44.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32206 (GCVE-0-2022-32206)
Vulnerability from nvd – Published: 2022-07-07 00:00 – Updated: 2025-05-05 16:16
VLAI?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.84.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:52.597184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:16:54.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32206",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:16:54.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32207 (GCVE-0-2022-32207)
Vulnerability from nvd – Published: 2022-07-07 00:00 – Updated: 2025-04-23 18:04
VLAI?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
Severity ?
9.8 (Critical)
CWE
- CWE-840 - Business Logic Errors (CWE-840)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.84.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1573634"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32207",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:31:36.720075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:04:31.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Errors (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1573634"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32207",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:04:31.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}