Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-1424
Vulnerability from csaf_certbund
Published
2023-06-12 22:00
Modified
2023-06-12 22:00
Summary
Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme
- UNIX
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- UNIX", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1424 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1424.json" }, { "category": "self", "summary": "WID-SEC-2023-1424 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1424" }, { "category": "external", "summary": "Xerox Security Bulletin vom 2023-06-12", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-009-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf" } ], "source_lang": "en-US", "title": "Xerox FreeFlow Print Server f\u00fcr Solaris: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-06-12T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:30:41.322+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1424", "initial_release_date": "2023-06-12T22:00:00.000+00:00", "revision_history": [ { "date": "2023-06-12T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Xerox FreeFlow Print Server v9 for Solaris", "product": { "name": "Xerox FreeFlow Print Server v9 for Solaris", "product_id": "T028053", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris" } } } ], "category": "vendor", "name": "Xerox" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-28708", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-28708" }, { "cve": "CVE-2023-28176", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-28176" }, { "cve": "CVE-2023-28164", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-28164" }, { "cve": "CVE-2023-28163", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-28163" }, { "cve": "CVE-2023-28162", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-28162" }, { "cve": "CVE-2023-27522", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-27522" }, { "cve": "CVE-2023-25752", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25752" }, { "cve": "CVE-2023-25751", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25751" }, { "cve": "CVE-2023-25746", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25746" }, { "cve": "CVE-2023-25744", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25744" }, { "cve": "CVE-2023-25743", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25743" }, { "cve": "CVE-2023-25742", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25742" }, { "cve": "CVE-2023-25739", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25739" }, { "cve": "CVE-2023-25738", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25738" }, { "cve": "CVE-2023-25737", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25737" }, { "cve": "CVE-2023-25735", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25735" }, { "cve": "CVE-2023-25734", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25734" }, { "cve": "CVE-2023-25732", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25732" }, { "cve": "CVE-2023-25730", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25730" }, { "cve": "CVE-2023-25729", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25729" }, { "cve": "CVE-2023-25728", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25728" }, { "cve": "CVE-2023-25690", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-25690" }, { "cve": "CVE-2023-24998", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-24998" }, { "cve": "CVE-2023-24807", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-24807" }, { "cve": "CVE-2023-24580", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-24580" }, { "cve": "CVE-2023-23969", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23969" }, { "cve": "CVE-2023-23946", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23946" }, { "cve": "CVE-2023-23936", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23936" }, { "cve": "CVE-2023-23920", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23920" }, { "cve": "CVE-2023-23919", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23919" }, { "cve": "CVE-2023-23918", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23918" }, { "cve": "CVE-2023-23605", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23605" }, { "cve": "CVE-2023-23603", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23603" }, { "cve": "CVE-2023-23602", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23602" }, { "cve": "CVE-2023-23601", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23601" }, { "cve": "CVE-2023-23599", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23599" }, { "cve": "CVE-2023-23598", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-23598" }, { "cve": "CVE-2023-22809", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-22809" }, { "cve": "CVE-2023-22490", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-22490" }, { "cve": "CVE-2023-22003", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-22003" }, { "cve": "CVE-2023-21985", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21985" }, { "cve": "CVE-2023-21984", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21984" }, { "cve": "CVE-2023-21928", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21928" }, { "cve": "CVE-2023-21896", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21896" }, { "cve": "CVE-2023-21843", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21843" }, { "cve": "CVE-2023-21840", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21840" }, { "cve": "CVE-2023-21830", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-21830" }, { "cve": "CVE-2023-0804", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0804" }, { "cve": "CVE-2023-0803", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0803" }, { "cve": "CVE-2023-0802", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0802" }, { "cve": "CVE-2023-0801", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0801" }, { "cve": "CVE-2023-0800", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0800" }, { "cve": "CVE-2023-0799", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0799" }, { "cve": "CVE-2023-0798", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0798" }, { "cve": "CVE-2023-0797", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0797" }, { "cve": "CVE-2023-0796", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0796" }, { "cve": "CVE-2023-0795", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0795" }, { "cve": "CVE-2023-0767", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0767" }, { "cve": "CVE-2023-0662", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0662" }, { "cve": "CVE-2023-0616", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0616" }, { "cve": "CVE-2023-0568", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0568" }, { "cve": "CVE-2023-0567", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0567" }, { "cve": "CVE-2023-0430", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0430" }, { "cve": "CVE-2023-0417", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0417" }, { "cve": "CVE-2023-0416", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0416" }, { "cve": "CVE-2023-0415", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0415" }, { "cve": "CVE-2023-0414", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0414" }, { "cve": "CVE-2023-0413", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0413" }, { "cve": "CVE-2023-0412", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0412" }, { "cve": "CVE-2023-0411", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0411" }, { "cve": "CVE-2023-0401", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0401" }, { "cve": "CVE-2023-0286", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0286" }, { "cve": "CVE-2023-0217", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0217" }, { "cve": "CVE-2023-0216", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0216" }, { "cve": "CVE-2023-0215", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2023-0215" }, { "cve": "CVE-2022-48281", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-48281" }, { "cve": "CVE-2022-46877", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46877" }, { "cve": "CVE-2022-46874", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46874" }, { "cve": "CVE-2022-46871", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46871" }, { "cve": "CVE-2022-46344", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46344" }, { "cve": "CVE-2022-46343", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46343" }, { "cve": "CVE-2022-46342", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46342" }, { "cve": "CVE-2022-46341", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46341" }, { "cve": "CVE-2022-46340", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-46340" }, { "cve": "CVE-2022-45939", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-45939" }, { "cve": "CVE-2022-45199", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-45199" }, { "cve": "CVE-2022-45143", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-45143" }, { "cve": "CVE-2022-4450", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4450" }, { "cve": "CVE-2022-4345", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4345" }, { "cve": "CVE-2022-4304", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4304" }, { "cve": "CVE-2022-42919", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42919" }, { "cve": "CVE-2022-42916", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42916" }, { "cve": "CVE-2022-42915", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42915" }, { "cve": "CVE-2022-42898", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42898" }, { "cve": "CVE-2022-4283", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4283" }, { "cve": "CVE-2022-4203", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-4203" }, { "cve": "CVE-2022-42012", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42012" }, { "cve": "CVE-2022-42011", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42011" }, { "cve": "CVE-2022-42010", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-42010" }, { "cve": "CVE-2022-41903", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41903" }, { "cve": "CVE-2022-41716", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41716" }, { "cve": "CVE-2022-41715", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-41715" }, { "cve": "CVE-2022-40898", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-40898" }, { "cve": "CVE-2022-40304", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-40304" }, { "cve": "CVE-2022-40303", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-40303" }, { "cve": "CVE-2022-39253", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-39253" }, { "cve": "CVE-2022-3924", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3924" }, { "cve": "CVE-2022-38784", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-38784" }, { "cve": "CVE-2022-38171", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-38171" }, { "cve": "CVE-2022-37436", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-37436" }, { "cve": "CVE-2022-3736", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3736" }, { "cve": "CVE-2022-3705", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3705" }, { "cve": "CVE-2022-36760", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36760" }, { "cve": "CVE-2022-36227", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36227" }, { "cve": "CVE-2022-36114", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36114" }, { "cve": "CVE-2022-36113", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-36113" }, { "cve": "CVE-2022-35260", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-35260" }, { "cve": "CVE-2022-35252", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-35252" }, { "cve": "CVE-2022-3515", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3515" }, { "cve": "CVE-2022-3352", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3352" }, { "cve": "CVE-2022-3324", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3324" }, { "cve": "CVE-2022-3297", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3297" }, { "cve": "CVE-2022-3296", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3296" }, { "cve": "CVE-2022-3278", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3278" }, { "cve": "CVE-2022-3256", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3256" }, { "cve": "CVE-2022-3235", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3235" }, { "cve": "CVE-2022-3234", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3234" }, { "cve": "CVE-2022-32221", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32221" }, { "cve": "CVE-2022-32208", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32208" }, { "cve": "CVE-2022-32207", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32207" }, { "cve": "CVE-2022-32206", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32206" }, { "cve": "CVE-2022-32205", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32205" }, { "cve": "CVE-2022-32190", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32190" }, { "cve": "CVE-2022-32189", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32189" }, { "cve": "CVE-2022-32148", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-32148" }, { "cve": "CVE-2022-3153", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3153" }, { "cve": "CVE-2022-3134", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3134" }, { "cve": "CVE-2022-3099", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3099" }, { "cve": "CVE-2022-3094", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3094" }, { "cve": "CVE-2022-30635", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30635" }, { "cve": "CVE-2022-30634", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30634" }, { "cve": "CVE-2022-30633", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30633" }, { "cve": "CVE-2022-30632", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30632" }, { "cve": "CVE-2022-30631", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30631" }, { "cve": "CVE-2022-30630", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30630" }, { "cve": "CVE-2022-30629", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30629" }, { "cve": "CVE-2022-30580", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-30580" }, { "cve": "CVE-2022-3037", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3037" }, { "cve": "CVE-2022-3016", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-3016" }, { "cve": "CVE-2022-29804", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-29804" }, { "cve": "CVE-2022-2980", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2980" }, { "cve": "CVE-2022-29526", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-29526" }, { "cve": "CVE-2022-2946", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2946" }, { "cve": "CVE-2022-2929", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2929" }, { "cve": "CVE-2022-2928", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2928" }, { "cve": "CVE-2022-2923", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2923" }, { "cve": "CVE-2022-2889", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2889" }, { "cve": "CVE-2022-2880", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2880" }, { "cve": "CVE-2022-2879", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2879" }, { "cve": "CVE-2022-2874", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2874" }, { "cve": "CVE-2022-2862", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2862" }, { "cve": "CVE-2022-2849", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2849" }, { "cve": "CVE-2022-2845", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2845" }, { "cve": "CVE-2022-28331", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-28331" }, { "cve": "CVE-2022-28327", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-28327" }, { "cve": "CVE-2022-2819", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2819" }, { "cve": "CVE-2022-2817", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2817" }, { "cve": "CVE-2022-2816", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2816" }, { "cve": "CVE-2022-28131", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-28131" }, { "cve": "CVE-2022-27778", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-27778" }, { "cve": "CVE-2022-27664", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-27664" }, { "cve": "CVE-2022-27536", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-27536" }, { "cve": "CVE-2022-27337", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-27337" }, { "cve": "CVE-2022-25255", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-25255" }, { "cve": "CVE-2022-25147", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-25147" }, { "cve": "CVE-2022-24963", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-24963" }, { "cve": "CVE-2022-24675", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-24675" }, { "cve": "CVE-2022-23521", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-23521" }, { "cve": "CVE-2022-2309", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-2309" }, { "cve": "CVE-2022-21515", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21515" }, { "cve": "CVE-2022-21349", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21349" }, { "cve": "CVE-2022-21291", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-21291" }, { "cve": "CVE-2022-1962", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1962" }, { "cve": "CVE-2022-1705", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1705" }, { "cve": "CVE-2022-1292", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1292" }, { "cve": "CVE-2022-1122", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-1122" }, { "cve": "CVE-2022-0718", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2022-0718" }, { "cve": "CVE-2021-37750", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-37750" }, { "cve": "CVE-2021-37519", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-37519" }, { "cve": "CVE-2021-35940", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-35940" }, { "cve": "CVE-2021-30860", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-30860" }, { "cve": "CVE-2021-29338", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2021-29338" }, { "cve": "CVE-2018-25032", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2018-25032" }, { "cve": "CVE-2017-12613", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2017-12613" }, { "cve": "CVE-2006-20001", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "T028053" ] }, "release_date": "2023-06-12T22:00:00Z", "title": "CVE-2006-20001" } ] }
cve-2022-1122
Vulnerability from cvelistv5
Published
2022-03-29 17:25
Modified
2024-08-02 23:55
Severity ?
EPSS score ?
Summary
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.
References
▼ | URL | Tags |
---|---|---|
https://github.com/uclouvain/openjpeg/issues/1368 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/ | vendor-advisory, x_refsource_FEDORA | |
https://security.gentoo.org/glsa/202209-04 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:23.678Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/uclouvain/openjpeg/issues/1368" }, { "name": "FEDORA-2022-9515529c96", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/" }, { "name": "[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html" }, { "name": "FEDORA-2022-2d112d4480", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/" }, { "name": "FEDORA-2022-975e21444a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/" }, { "name": "GLSA-202209-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openjpeg2", "vendor": "n/a", "versions": [ { "status": "affected", "version": "openjpeg2 version 2.4.0 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-665", "description": "CWE-665-\u003eCWE-824", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-07T04:06:31", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/uclouvain/openjpeg/issues/1368" }, { "name": "FEDORA-2022-9515529c96", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROSN5NRUFOH7HGLJ4ZSKPGAKLFXJALW4/" }, { "name": "[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html" }, { "name": "FEDORA-2022-2d112d4480", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MIWSQFQWXDU4MT3XTVAO6HC7TVL3NHS7/" }, { "name": "FEDORA-2022-975e21444a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKBAMK2CAM5TMC5TODKVCE5AAPTD5YV/" }, { "name": "GLSA-202209-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-04" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1122", "datePublished": "2022-03-29T17:25:44", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2024-08-02T23:55:23.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21349
Vulnerability from cvelistv5
Published
2022-01-19 11:25
Modified
2024-09-24 20:20
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220121-0007/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202209-05 | vendor-advisory, x_refsource_GENTOO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:38:55.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220121-0007/" }, { "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html" }, { "name": "GLSA-202209-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-05" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-21349", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T17:35:33.447848Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T20:20:19.898Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:7u321" }, { "status": "affected", "version": "Oracle Java SE:8u311" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.4" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-07T04:07:17", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220121-0007/" }, { "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html" }, { "name": "GLSA-202209-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-05" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2022-21349", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java SE JDK and JRE", "version": { "version_data": [ { "version_affected": "=", "version_value": "Oracle Java SE:7u321" }, { "version_affected": "=", "version_value": "Oracle Java SE:8u311" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:20.3.4" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:21.3.0" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ] }, "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220121-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220121-0007/" }, { "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html" }, { "name": "GLSA-202209-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-05" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21349", "datePublished": "2022-01-19T11:25:16", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-09-24T20:20:19.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29804
Vulnerability from cvelistv5
Published
2022-08-09 00:00
Modified
2024-08-03 06:33
Severity ?
EPSS score ?
Summary
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | path/filepath |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:33:42.804Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/401595" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/52476" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0533" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "path/filepath", "platforms": [ "windows" ], "product": "path/filepath", "programRoutines": [ { "name": "Clean" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.11", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.3", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Unrud" } ], "descriptions": [ { "lang": "en", "value": "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-04T18:08:46.071Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/401595" }, { "url": "https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290" }, { "url": "https://go.dev/issue/52476" }, { "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0533" } ], "title": "Path traversal via Clean on Windows in path/filepath" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-29804", "datePublished": "2022-08-09T00:00:00", "dateReserved": "2022-04-26T00:00:00", "dateUpdated": "2024-08-03T06:33:42.804Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46341
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-46341" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ], "problemTypes": [ { "descriptions": [ { "description": "out-of-bounds access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151756" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-46341" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46341", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40898
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:28:42.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://pypi.org/project/wheel/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18" }, { "tags": [ "x_transferred" ], "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-22T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://pypi.org/project/wheel/" }, { "url": "https://github.com/pypa/wheel/blob/main/src/wheel/wheelfile.py#L18" }, { "url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40898", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-09-19T00:00:00", "dateUpdated": "2024-08-03T12:28:42.936Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23918
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 10:42
Severity ?
EPSS score ?
Summary
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/nodejs/node |
Version: Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:27.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/nodejs/node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy." } ], "problemTypes": [ { "descriptions": [ { "description": "Privilege Escalation (CAPEC-233)", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-16T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-23918", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2023-01-19T00:00:00", "dateUpdated": "2024-08-02T10:42:27.095Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23936
Vulnerability from cvelistv5
Published
2023-02-16 17:30
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
References
▼ | URL | Tags |
---|---|---|
https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff | x_refsource_CONFIRM | |
https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 | x_refsource_MISC | |
https://hackerone.com/reports/1820955 | x_refsource_MISC | |
https://github.com/nodejs/undici/releases/tag/v5.19.1 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:49:07.624Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff" }, { "name": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034" }, { "name": "https://hackerone.com/reports/1820955", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/1820955" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "undici", "vendor": "nodejs", "versions": [ { "status": "affected", "version": "\u003e=2.0.0, \u003c 5.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-93", "description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T17:30:23.968Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff" }, { "name": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034" }, { "name": "https://hackerone.com/reports/1820955", "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/1820955" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" } ], "source": { "advisory": "GHSA-5r9g-qh6m-jxff", "discovery": "UNKNOWN" }, "title": "CRLF Injection in Nodejs \u2018undici\u2019 via host" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-23936", "datePublished": "2023-02-16T17:30:23.968Z", "dateReserved": "2023-01-19T21:12:31.361Z", "dateUpdated": "2024-08-02T10:49:07.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27522
Vulnerability from cvelistv5
Published
2023-03-07 15:09
Modified
2024-10-23 16:42
Severity ?
EPSS score ?
Summary
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4.30 ≤ 2.4.55 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:16:35.628Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http_server", "vendor": "apache", "versions": [ { "lessThanOrEqual": "2.4.55", "status": "affected", "version": "2.4.30", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-27522", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-23T16:41:55.138882Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-23T16:42:56.205Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.55", "status": "affected", "version": "2.4.30", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Dimas Fariski Setyawan Putra (nyxsorcerer)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_\u003ccode\u003eproxy_uwsgi\u003c/code\u003e. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\u003c/div\u003e\u003cdiv\u003eSpecial characters in the origin response header can truncate/split the response forwarded to the client.\u003cbr\u003e\u003c/div\u003e" } ], "value": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client.\n\n\n" } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Responses (\u0027HTTP Response Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:09:30.122Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "url": "https://security.gentoo.org/glsa/202309-01" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2023-01-29T06:42:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-27522", "datePublished": "2023-03-07T15:09:30.122Z", "dateReserved": "2023-03-02T12:24:47.536Z", "dateUpdated": "2024-10-23T16:42:56.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0215
Vulnerability from cvelistv5
Published
2023-02-08 19:03
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
The public API function BIO_new_NDEF is a helper function used for streaming
ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter
BIO onto the front of it to form a BIO chain, and then returns the new head of
the BIO chain to the caller. Under certain conditions, for example if a CMS
recipient public key is invalid, the new filter BIO is freed and the function
returns a NULL result indicating a failure. However, in this case, the BIO chain
is not properly cleaned up and the BIO passed by the caller still retains
internal pointers to the previously freed filter BIO. If the caller then goes on
to call BIO_pop() on the BIO then a use-after-free will occur. This will most
likely result in a crash.
This scenario occurs directly in the internal function B64_write_ASN1() which
may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on
the BIO. This internal function is in turn called by the public API functions
PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,
SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.
Other public API functions that may be impacted by this include
i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and
i2d_PKCS7_bio_stream.
The OpenSSL cms and smime command line applications are similarly affected.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Octavio Galland (Max Planck Institute for Security and Privacy)" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Marcel B\u00f6hme (Max Planck Institute for Security and Privacy)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Viktor Dukhovni" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The public API function BIO_new_NDEF is a helper function used for streaming\u003cbr\u003eASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\u003cbr\u003eSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\u003cbr\u003eend user applications.\u003cbr\u003e\u003cbr\u003eThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\u003cbr\u003eBIO onto the front of it to form a BIO chain, and then returns the new head of\u003cbr\u003ethe BIO chain to the caller. Under certain conditions, for example if a CMS\u003cbr\u003erecipient public key is invalid, the new filter BIO is freed and the function\u003cbr\u003ereturns a NULL result indicating a failure. However, in this case, the BIO chain\u003cbr\u003eis not properly cleaned up and the BIO passed by the caller still retains\u003cbr\u003einternal pointers to the previously freed filter BIO. If the caller then goes on\u003cbr\u003eto call BIO_pop() on the BIO then a use-after-free will occur. This will most\u003cbr\u003elikely result in a crash.\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis scenario occurs directly in the internal function B64_write_ASN1() which\u003cbr\u003emay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\u003cbr\u003ethe BIO. This internal function is in turn called by the public API functions\u003cbr\u003ePEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\u003cbr\u003eSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\u003cbr\u003e\u003cbr\u003eOther public API functions that may be impacted by this include\u003cbr\u003ei2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\u003cbr\u003ei2d_PKCS7_bio_stream.\u003cbr\u003e\u003cbr\u003eThe OpenSSL cms and smime command line applications are similarly affected.\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e" } ], "value": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "use-after-free", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:43:53.180Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0009/" }, { "url": "https://security.gentoo.org/glsa/202402-08" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Use-after-free following BIO_new_NDEF", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0215", "datePublished": "2023-02-08T19:03:28.691Z", "dateReserved": "2023-01-11T11:59:16.647Z", "dateUpdated": "2024-08-02T05:02:43.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0430
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 102.7.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-04/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1769000" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird \u003c 102.7.1." } ], "problemTypes": [ { "descriptions": [ { "description": "Revocation status of S/Mime signature certificates was not checked", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-04/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1769000" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-0430", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:56.310Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25734
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1809923" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784451" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810143" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812338" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "After downloading a Windows \u003ccode\u003e.url\u003c/code\u003e shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.\u003cbr\u003e*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Opening local .url files could cause unexpected network loads", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1809923" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1784451" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810143" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812338" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25734", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21830
Vulnerability from cvelistv5
Published
2023-01-17 23:35
Modified
2024-08-02 09:51
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory | |
https://www.oracle.com/security-alerts/cpujul2023.html | vendor-advisory | |
https://security.gentoo.org/glsa/202401-25 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u351 Version: Oracle Java SE:8u351-perf Version: Oracle GraalVM Enterprise Edition:20.3.8 Version: Oracle GraalVM Enterprise Edition:21.3.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:51:51.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" }, { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2023.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-25" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u351" }, { "status": "affected", "version": "Oracle Java SE:8u351-perf" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.8" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.4" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-18T21:05:23.145Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" }, { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpujul2023.html" }, { "url": "https://security.gentoo.org/glsa/202401-25" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21830", "datePublished": "2023-01-17T23:35:07.212Z", "dateReserved": "2022-12-17T19:26:00.689Z", "dateUpdated": "2024-08-02T09:51:51.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2879
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | archive/tar |
Version: 0 ≤ Version: 1.19.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.498Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/54853" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/439355" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-1037" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "archive/tar", "product": "archive/tar", "programRoutines": [ { "name": "Reader.next" }, { "name": "parsePAX" }, { "name": "Writer.writePAXHeader" }, { "name": "Reader.Next" }, { "name": "Writer.WriteHeader" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.18.7", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.19.2", "status": "affected", "version": "1.19.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Adam Korczynski (ADA Logics)" }, { "lang": "en", "value": "OSS-Fuzz" } ], "descriptions": [ { "lang": "en", "value": "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE 400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:05:28.975Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/54853" }, { "url": "https://go.dev/cl/439355" }, { "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" }, { "url": "https://pkg.go.dev/vuln/GO-2022-1037" }, { "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "Unbounded memory consumption when reading headers in archive/tar" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-2879", "datePublished": "2022-10-14T00:00:00", "dateReserved": "2022-08-17T00:00:00", "dateUpdated": "2024-08-03T00:52:59.498Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28162
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 111 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:30:24.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811327" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "111", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Invalid downcast in Worklets", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811327" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-28162", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-03-13T00:00:00", "dateUpdated": "2024-08-02T12:30:24.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-35940
Vulnerability from cvelistv5
Published
2021-08-23 10:00
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Portable Runtime (APR) |
Version: Apache Portable Runtime 1.7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:40:47.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1891198" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E" }, { "name": "[apr-dev] 20210831 APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.apr.apache.org%3E" }, { "name": "[httpd-dev] 20210831 APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.httpd.apache.org%3E" }, { "name": "[apr-dev] 20210831 Re: APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r72a069753b9363c29732e59ad8f0d22a633fb6a699980407511ac961%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210901 Re: APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r317c398ee5736e627f7887b06607e5c58b45a696d352ba8c14615f55%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Created] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r72479f4dcffaa8a4732d5a0e87fecc4bace4932e28fc26f7d400e2b3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Resolved] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r54c755c74b9e3846cfd84039b1967d37d2870750a02d7c603983f6ed%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Commented] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rafe54755850e93de287c36540972457b2dd86332106aa7817c7c27fb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Reopened] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Portable Runtime (APR)", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Portable Runtime 1.7.0" } ] } ], "credits": [ { "lang": "en", "value": "The Apache Portable Runtime project would like to thank Iveta Cesalova (Red Hat) for reporting this issue." } ], "descriptions": [ { "lang": "en", "value": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue." } ], "problemTypes": [ { "descriptions": [ { "description": "APR apr_time_exp* out of bounds array dereference", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-25T16:30:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1891198" }, { "tags": [ "x_refsource_MISC" ], "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw%40mail.gmail.com%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E" }, { "name": "[apr-dev] 20210831 APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.apr.apache.org%3E" }, { "name": "[httpd-dev] 20210831 APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b%40%3Cdev.httpd.apache.org%3E" }, { "name": "[apr-dev] 20210831 Re: APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r72a069753b9363c29732e59ad8f0d22a633fb6a699980407511ac961%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210901 Re: APR 1.7.1 release?", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r317c398ee5736e627f7887b06607e5c58b45a696d352ba8c14615f55%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Created] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r72479f4dcffaa8a4732d5a0e87fecc4bace4932e28fc26f7d400e2b3%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Resolved] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r54c755c74b9e3846cfd84039b1967d37d2870750a02d7c603983f6ed%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Commented] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rafe54755850e93de287c36540972457b2dd86332106aa7817c7c27fb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Reopened] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Regression of CVE-2017-12613", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-35940", "STATE": "PUBLIC", "TITLE": "Regression of CVE-2017-12613" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Portable Runtime (APR)", "version": { "version_data": [ { "version_affected": "=", "version_name": "Apache Portable Runtime", "version_value": "1.7.0" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credit": [ { "lang": "eng", "value": "The Apache Portable Runtime project would like to thank Iveta Cesalova (Red Hat) for reporting this issue." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": [ {} ], "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "APR apr_time_exp* out of bounds array dereference" } ] } ] }, "references": { "reference_data": [ { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1891198", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1891198" }, { "name": "http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw@mail.gmail.com%3E", "refsource": "MISC", "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201710.mbox/%3CCACsi251B8UaLvM-rrH9fv57-zWi0zhyF3275_jPg1a9VEVVoxw@mail.gmail.com%3E" }, { "name": "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch", "refsource": "MISC", "url": "https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch" }, { "name": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3Cdev.apr.apache.org%3E" }, { "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3Cannounce.apache.org%3E" }, { "name": "[apr-dev] 20210831 APR 1.7.1 release?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b@%3Cdev.apr.apache.org%3E" }, { "name": "[httpd-dev] 20210831 APR 1.7.1 release?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r7bb4a6ed88fc48152174e664aae30ea9a8b058eb5b44cf08cb9beb4b@%3Cdev.httpd.apache.org%3E" }, { "name": "[apr-dev] 20210831 Re: APR 1.7.1 release?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r72a069753b9363c29732e59ad8f0d22a633fb6a699980407511ac961@%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210901 Re: APR 1.7.1 release?", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r317c398ee5736e627f7887b06607e5c58b45a696d352ba8c14615f55@%3Cdev.apr.apache.org%3E" }, { "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8@%3Cdev.apr.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Created] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r72479f4dcffaa8a4732d5a0e87fecc4bace4932e28fc26f7d400e2b3@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Resolved] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r54c755c74b9e3846cfd84039b1967d37d2870750a02d7c603983f6ed@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Commented] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafe54755850e93de287c36540972457b2dd86332106aa7817c7c27fb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20210922 [jira] [Reopened] (MTOMCAT-327) Tomcat 9.0.50 and it has apr-1.7.0 dependency, with Address CVE-2021-35940", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r1c788464a25fbc046a72aff451bc8186386315d92a2dd0349903fa4f@%3Cdev.tomcat.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-35940", "datePublished": "2021-08-23T10:00:10", "dateReserved": "2021-06-29T00:00:00", "dateUpdated": "2024-08-04T00:40:47.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3153
Vulnerability from cvelistv5
Published
2022-09-08 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0404", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a" }, { "url": "https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "68331124-620d-48bc-a8fa-cd947b26270a", "discovery": "EXTERNAL" }, "title": "NULL Pointer Dereference in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3153", "datePublished": "2022-09-08T00:00:00", "dateReserved": "2022-09-07T00:00:00", "dateUpdated": "2024-08-03T01:00:10.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25751
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 111 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814899" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "111", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Incorrect code generation during JIT compilation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814899" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25751", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0417
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 Version: >=3.6.0, <3.6.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.039Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-02.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18628" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Uncontrolled memory allocation in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-02.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18628" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0417.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0417", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:56.039Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1962
Vulnerability from cvelistv5
Published
2022-08-09 20:18
Modified
2024-08-03 00:24
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | go/parser |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:24:43.737Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417063" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53616" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0515" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "go/parser", "product": "go/parser", "programRoutines": [ { "name": "ParseFile" }, { "name": "ParseExprFrom" }, { "name": "parser.tryIdentOrType" }, { "name": "parser.parsePrimaryExpr" }, { "name": "parser.parseUnaryExpr" }, { "name": "parser.parseBinaryExpr" }, { "name": "parser.parseIfStmt" }, { "name": "parser.parseStmt" }, { "name": "resolver.openScope" }, { "name": "resolver.closeScope" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Juho Nurminen of Mattermost" } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:29.406Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417063" }, { "url": "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879" }, { "url": "https://go.dev/issue/53616" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0515" } ], "title": "Stack exhaustion due to deeply nested types in go/parser" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-1962", "datePublished": "2022-08-09T20:18:18", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-08-03T00:24:43.737Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28327
Vulnerability from cvelistv5
Published
2022-04-20 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:38.092Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" }, { "name": "FEDORA-2022-a49babed75", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/" }, { "name": "FEDORA-2022-53f0c619c5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/" }, { "name": "FEDORA-2022-c0f780ecf1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/" }, { "name": "FEDORA-2022-e46e6e8317", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/" }, { "name": "FEDORA-2022-fae3ecee19", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ba365d3703", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0010/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://groups.google.com/g/golang-announce" }, { "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" }, { "name": "FEDORA-2022-a49babed75", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/" }, { "name": "FEDORA-2022-53f0c619c5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/" }, { "name": "FEDORA-2022-c0f780ecf1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/" }, { "name": "FEDORA-2022-e46e6e8317", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/" }, { "name": "FEDORA-2022-fae3ecee19", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ba365d3703", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0010/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28327", "datePublished": "2022-04-20T00:00:00", "dateReserved": "2022-04-01T00:00:00", "dateUpdated": "2024-08-03T05:48:38.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23946
Vulnerability from cvelistv5
Published
2023-02-14 19:48
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.
References
▼ | URL | Tags |
---|---|---|
https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh | x_refsource_CONFIRM | |
https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd | x_refsource_MISC | |
https://security.gentoo.org/glsa/202312-15 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | git | git |
Version: >= 2.39.0, < 2.39.2 Version: >= 2.38.0, < 2.38.4 Version: >= 2.37.0, < 2.37.6 Version: >= 2.36.0, < 2.36.5 Version: >= 2.35.0, < 2.35.7 Version: >= 2.34.0, < 2.34.7 Version: >= 2.33.0, < 2.33.7 Version: >= 2.32.0, < 2.32.6 Version: >= 2.31.0, < 2.31.7 Version: < 2.30.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:49:07.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh" }, { "name": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "\u003e= 2.39.0, \u003c 2.39.2" }, { "status": "affected", "version": "\u003e= 2.38.0, \u003c 2.38.4" }, { "status": "affected", "version": "\u003e= 2.37.0, \u003c 2.37.6" }, { "status": "affected", "version": "\u003e= 2.36.0, \u003c 2.36.5" }, { "status": "affected", "version": "\u003e= 2.35.0, \u003c 2.35.7" }, { "status": "affected", "version": "\u003e= 2.34.0, \u003c 2.34.7" }, { "status": "affected", "version": "\u003e= 2.33.0, \u003c 2.33.7" }, { "status": "affected", "version": "\u003e= 2.32.0, \u003c 2.32.6" }, { "status": "affected", "version": "\u003e= 2.31.0, \u003c 2.31.7" }, { "status": "affected", "version": "\u003c 2.30.8" } ] } ], "descriptions": [ { "lang": "en", "value": "Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T19:48:00.554Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh" }, { "name": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd" }, { "url": "https://security.gentoo.org/glsa/202312-15" } ], "source": { "advisory": "GHSA-r87m-v37r-cwfh", "discovery": "UNKNOWN" }, "title": "Git\u0027s `git apply` overwriting paths outside the working tree" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-23946", "datePublished": "2023-02-14T19:48:00.554Z", "dateReserved": "2023-01-19T21:12:31.362Z", "dateUpdated": "2024-08-02T10:49:07.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25690
Vulnerability from cvelistv5
Published
2023-03-07 15:09
Modified
2024-08-02 11:25
Severity ?
EPSS score ?
Summary
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/
Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4.0 ≤ 2.4.55 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:25:19.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-01" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.55", "status": "affected", "version": "2.4.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lars Krapf of Adobe" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eRewriteEngine on\u003cbr\u003eRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\u003cbr\u003eProxyPassReverse /here/ http://example.com:8080/\u003c/div\u003e\u003cbr\u003eRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.\n\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-07T15:09:03.080Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html" }, { "url": "https://security.gentoo.org/glsa/202309-01" }, { "url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2023-02-02T02:01:00.000Z", "value": "reported" } ], "title": "Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-25690", "datePublished": "2023-03-07T15:09:03.080Z", "dateReserved": "2023-02-12T13:28:31.657Z", "dateUpdated": "2024-08-02T11:25:19.361Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35252
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in curl 7.85.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:29:17.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1613943" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213603" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in curl 7.85.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation (CWE-20)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-28T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1613943" }, { "url": "https://security.netapp.com/advisory/ntap-20220930-0005/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://support.apple.com/kb/HT213603" }, { "url": "https://support.apple.com/kb/HT213604" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-6 macOS Big Sur 11.7.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/21" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-35252", "datePublished": "2022-09-23T00:00:00", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2024-08-03T09:29:17.455Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25730
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794622" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A background script invoking \u003ccode\u003erequestFullscreen\u003c/code\u003e and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Screen hijack via browser fullscreen mode", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794622" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25730", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46871
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795697" }, { "name": "DSA-5322", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5322" }, { "name": "[debian-lts-announce] 20230119 [SECURITY] [DLA 3275-1] firefox-esr security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html" }, { "name": "DSA-5355", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5355" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3324-1] thunderbird security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "108", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox \u003c 108." } ], "problemTypes": [ { "descriptions": [ { "description": "libusrsctp library out of date", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795697" }, { "name": "DSA-5322", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5322" }, { "name": "[debian-lts-announce] 20230119 [SECURITY] [DLA 3275-1] firefox-esr security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html" }, { "name": "DSA-5355", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5355" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3324-1] thunderbird security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-13" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-46871", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-12-09T00:00:00", "dateUpdated": "2024-08-03T14:39:38.557Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36227
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:00:04.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libarchive/libarchive/issues/1754" }, { "tags": [ "x_transferred" ], "url": "https://bugs.gentoo.org/882521" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215" }, { "name": "FEDORA-2022-e15be0091f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html" }, { "name": "GLSA-202309-14", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-14" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-29T16:06:28.926333", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libarchive/libarchive/issues/1754" }, { "url": "https://bugs.gentoo.org/882521" }, { "url": "https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215" }, { "name": "FEDORA-2022-e15be0091f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3294-1] libarchive security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html" }, { "name": "GLSA-202309-14", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-14" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36227", "datePublished": "2022-11-22T00:00:00", "dateReserved": "2022-07-18T00:00:00", "dateUpdated": "2024-08-03T10:00:04.305Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2849
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:58.772Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0220", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e" }, { "url": "https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "389aeccd-deb9-49ae-9b6a-24c12d79b02e", "discovery": "EXTERNAL" }, "title": "Heap-based Buffer Overflow in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2849", "datePublished": "2022-08-17T00:00:00", "dateReserved": "2022-08-16T00:00:00", "dateUpdated": "2024-08-03T00:52:58.772Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25735
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810711" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Potential use-after-free from compartment mismatch in SpiderMonkey", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1810711" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25735", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.354Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42916
Vulnerability from cvelistv5
Published
2022-10-29 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2022-42916.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/21/1" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://curl.se/docs/CVE-2022-42916.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20221221 curl: CVE-2022-43551: Another HSTS bypass via IDN", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/12/21/1" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42916", "datePublished": "2022-10-29T00:00:00", "dateReserved": "2022-10-13T00:00:00", "dateUpdated": "2024-08-03T13:19:05.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3134
Vulnerability from cvelistv5
Published
2022-09-06 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0389.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.348Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0389", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0389." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc" }, { "url": "https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3134", "datePublished": "2022-09-06T00:00:00", "dateReserved": "2022-09-05T00:00:00", "dateUpdated": "2024-08-03T01:00:10.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28708
Vulnerability from cvelistv5
Published
2023-03-22 10:10
Modified
2024-08-02 13:43
Severity ?
EPSS score ?
Summary
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.0-M2 Version: 10.1.0-M1 ≤ 10.1.5 Version: 9.0.0-M1 ≤ 9.0.71 Version: 8.5.0 ≤ 8.5.85 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:43:23.678Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "11.0.0-M2", "status": "affected", "version": "11.0.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "10.1.5", "status": "affected", "version": "10.1.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "9.0.71", "status": "affected", "version": "9.0.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "8.5.85", "status": "affected", "version": "8.5.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\n\u003cdiv\u003e\n\u003cp\u003eWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u0026nbsp;include the secure attribute. This could result in the user agent\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003etransmitting the session cookie over an insecure channel.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\n\u003c/div\u003e\n" } ], "value": "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not\u00a0include the secure attribute. This could result in the user agent\u00a0transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-523", "description": "CWE-523 Unprotected Transport of Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-22T10:10:58.956Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67" } ], "source": { "defect": [ "66474" ], "discovery": "UNKNOWN" }, "title": "Apache Tomcat: JSESSIONID Cookie missing secure attribute in some configurations", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-28708", "datePublished": "2023-03-22T10:10:58.956Z", "dateReserved": "2023-03-21T17:26:28.837Z", "dateUpdated": "2024-08-02T13:43:23.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0414
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.038Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-01.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18622" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Expired pointer dereference in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-01.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18622" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0414", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:56.038Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30630
Vulnerability from cvelistv5
Published
2022-08-09 20:17
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | io/fs |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:12.871Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417065" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53415" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0527" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "io/fs", "product": "io/fs", "programRoutines": [ { "name": "Glob" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:48.349Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417065" }, { "url": "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59" }, { "url": "https://go.dev/issue/53415" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0527" } ], "title": "Stack exhaustion in Glob on certain paths in io/fs" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30630", "datePublished": "2022-08-09T20:17:15", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:12.871Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3234
Vulnerability from cvelistv5
Published
2022-09-17 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0483", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da" }, { "url": "https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "90fdf374-bf04-4386-8a23-38c83b88f0da", "discovery": "EXTERNAL" }, "title": "Heap-based Buffer Overflow in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3234", "datePublished": "2022-09-17T00:00:00", "dateReserved": "2022-09-16T00:00:00", "dateUpdated": "2024-08-03T01:00:10.976Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2946
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0246", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0246." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5" }, { "url": "https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "5d389a18-5026-47df-a5d0-1548a9b555d5", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2946", "datePublished": "2022-08-23T00:00:00", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-08-03T00:53:00.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0216
Vulnerability from cvelistv5
Published
2023-02-08 19:03
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
An invalid pointer dereference on read can be triggered when an
application tries to load malformed PKCS7 data with the
d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.
The result of the dereference is an application crash which could
lead to a denial of service attack. The TLS implementation in OpenSSL
does not call this function however third party applications might
call these functions on untrusted data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.906Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Marc Sch\u00f6nefeld" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tom\u00e1\u0161 Mr\u00e1z" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An invalid pointer dereference on read can be triggered when an\u003cbr\u003eapplication tries to load malformed PKCS7 data with the\u003cbr\u003ed2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\u003cbr\u003e\u003cbr\u003eThe result of the dereference is an application crash which could\u003cbr\u003elead to a denial of service attack. The TLS implementation in OpenSSL\u003cbr\u003edoes not call this function however third party applications might\u003cbr\u003ecall these functions on untrusted data.\u003cbr\u003e\u003cbr\u003e" } ], "value": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "invalid pointer dereference", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:44:35.753Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Invalid pointer dereference in d2i_PKCS7 functions", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0216", "datePublished": "2023-02-08T19:03:05.652Z", "dateReserved": "2023-01-11T12:01:06.675Z", "dateUpdated": "2024-08-02T05:02:43.906Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2929
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-16 18:28
Severity ?
EPSS score ?
Summary
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-2929" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "1.0 through versions before 4.1-ESV-R16-P2" }, { "status": "affected", "version": "4.2 through versions before 4.4.3.-P1" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue." } ], "datePublic": "2022-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2022-2929" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2" } ], "source": { "discovery": "EXTERNAL" }, "title": "DHCP memory leak", "workarounds": [ { "lang": "en", "value": "As exploiting this vulnerability requires an attacker to send packets for an extended period of time, restarting servers periodically could be a viable workaround." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-2929", "datePublished": "2022-10-07T04:45:12.836741Z", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-09-16T18:28:37.665Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2816
Vulnerability from cvelistv5
Published
2022-08-15 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:58.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666" }, { "name": "FEDORA-2022-6f5e420e52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0212", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58" }, { "url": "https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666" }, { "name": "FEDORA-2022-6f5e420e52", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "e2a83037-fcf9-4218-b2b9-b7507dacde58", "discovery": "EXTERNAL" }, "title": "Out-of-bounds Read in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2816", "datePublished": "2022-08-15T00:00:00", "dateReserved": "2022-08-14T00:00:00", "dateUpdated": "2024-08-03T00:52:58.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23920
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 10:42
Severity ?
EPSS score ?
Summary
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/nodejs/node |
Version: Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:27.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "name": "DSA-5395", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5395" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/nodejs/node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 19.6.1, 18.14.1, 16.19.1, 14.21.3" } ] } ], "descriptions": [ { "lang": "en", "value": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "Untrusted Search Path (CWE-426)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "name": "[debian-lts-announce] 20230226 [SECURITY] [DLA 3344-1] nodejs security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00038.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" }, { "name": "DSA-5395", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5395" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-23920", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2023-01-19T00:00:00", "dateUpdated": "2024-08-02T10:42:27.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3278
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:05.881Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0552", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612" }, { "url": "https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "a9fad77e-f245-4ce9-ba15-c7d4c86c4612", "discovery": "EXTERNAL" }, "title": "NULL Pointer Dereference in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3278", "datePublished": "2022-09-23T00:00:00", "dateReserved": "2022-09-22T00:00:00", "dateUpdated": "2024-08-03T01:07:05.881Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23601
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 109 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794268" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "109", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7." } ], "problemTypes": [ { "descriptions": [ { "description": "URL being dragged from cross-origin iframe into same tab triggers navigation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1794268" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-23601", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-16T00:00:00", "dateUpdated": "2024-08-02T10:35:33.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38784
Vulnerability from cvelistv5
Published
2022-08-30 02:58
Modified
2024-09-17 03:54
Severity ?
EPSS score ?
Summary
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T11:02:14.604Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/jeffssh/CVE-2021-30860" }, { "tags": [ "x_transferred" ], "url": "https://poppler.freedesktop.org/releases.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "name": "DSA-5224", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5224" }, { "name": "FEDORA-2022-f7b375eae8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/" }, { "name": "FEDORA-2022-51b27699ce", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" }, { "name": "GLSA-202209-21", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-21" }, { "name": "FEDORA-2022-f79aa2bae9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/" }, { "name": "FEDORA-2022-fcb3b063a6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md" }, { "tags": [ "x_transferred" ], "url": "https://www.cve.org/CVERecord?id=CVE-2022-38171" }, { "name": "FEDORA-2022-f8ec1c06a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/jeffssh/CVE-2021-30860" }, { "url": "https://poppler.freedesktop.org/releases.html" }, { "url": "https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1261/diffs?commit_id=27354e9d9696ee2bc063910a6c9a6b27c5184a52" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "name": "DSA-5224", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5224" }, { "name": "FEDORA-2022-f7b375eae8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQAO6O2XHPQHNW2MWOCJJ4C3YWS2VV4K/" }, { "name": "FEDORA-2022-51b27699ce", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J546EJUKUOPWA3JSLP7DYNBAU3YGNCCW/" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" }, { "name": "GLSA-202209-21", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202209-21" }, { "name": "FEDORA-2022-f79aa2bae9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGY72LBJMFAKQWC2XH4MRPIGPQLXTFL6/" }, { "name": "FEDORA-2022-fcb3b063a6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLKN3HJKZSGEEKOF57DM7Q3IB74HP5VW/" }, { "url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2022-38171" }, { "name": "FEDORA-2022-f8ec1c06a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E5Z2677EQUWVHJLGSH5DQX53EK6MY2M2/" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38784", "datePublished": "2022-08-30T02:58:33.566936Z", "dateReserved": "2022-08-26T00:00:00", "dateUpdated": "2024-09-17T03:54:54.096Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24580
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:18.895Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "tags": [ "x_transferred" ], "url": "https://docs.djangoproject.com/en/4.1/releases/security/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/1" }, { "tags": [ "x_transferred" ], "url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html" }, { "name": "FEDORA-2023-3d775d93be", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/" }, { "name": "FEDORA-2023-bde7913e5a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/" }, { "name": "FEDORA-2023-a74513bda8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0006/" }, { "name": "FEDORA-2023-8fed428c5e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/" }, { "name": "FEDORA-2023-a53ab7c969", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-28T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "url": "https://docs.djangoproject.com/en/4.1/releases/security/" }, { "url": "http://www.openwall.com/lists/oss-security/2023/02/14/1" }, { "url": "https://www.djangoproject.com/weblog/2023/feb/14/security-releases/" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3329-1] python-django security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html" }, { "name": "FEDORA-2023-3d775d93be", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZS4G6NSZWPTVXMMZHJOJVQEPL3QTO77/" }, { "name": "FEDORA-2023-bde7913e5a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B/" }, { "name": "FEDORA-2023-a74513bda8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJB6FUBBLVKKG655UMTLQNN6UQ6EDLSP/" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0006/" }, { "name": "FEDORA-2023-8fed428c5e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/" }, { "name": "FEDORA-2023-a53ab7c969", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-24580", "datePublished": "2023-02-15T00:00:00", "dateReserved": "2023-01-27T00:00:00", "dateUpdated": "2024-08-02T11:03:18.895Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2845
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:58.914Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0218", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eImproper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\u003c/p\u003e" } ], "value": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-10T07:47:29.572Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445" }, { "url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "3e1d31ac-1cfd-4a9f-bc5c-213376b69445", "discovery": "EXTERNAL" }, "title": "Improper Validation of Specified Quantity in Input in vim/vim", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2845", "datePublished": "2022-08-17T00:00:00", "dateReserved": "2022-08-16T00:00:00", "dateUpdated": "2024-08-03T00:52:58.914Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36114
Vulnerability from cvelistv5
Published
2022-09-14 00:00
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.
References
▼ | URL | Tags |
---|---|---|
https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp | x_refsource_CONFIRM | |
https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:52:00.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp" }, { "name": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cargo", "vendor": "rust-lang", "versions": [ { "status": "affected", "version": "\u003c 0.65.0" }, { "status": "affected", "version": "= 0.66.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a \"zip bomb\"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it\u0027s possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-14T16:17:41.758Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp" }, { "name": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7" } ], "source": { "advisory": "GHSA-2hvr-h6gw-qrxp", "discovery": "UNKNOWN" }, "title": "Extracting malicious crates can fill the file system" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36114", "datePublished": "2022-09-14T00:00:00", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2024-08-03T09:52:00.594Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25744
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:11.855Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25744", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:11.855Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2923
Vulnerability from cvelistv5
Published
2022-08-22 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0240", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2" }, { "url": "https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "fd3a3ab8-ab0f-452f-afea-8c613e283fd2", "discovery": "EXTERNAL" }, "title": "NULL Pointer Dereference in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2923", "datePublished": "2022-08-22T00:00:00", "dateReserved": "2022-08-21T00:00:00", "dateUpdated": "2024-08-03T00:53:00.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2880
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/http/httputil |
Version: 0 ≤ Version: 1.19.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/54663" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/432976" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-1038" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http/httputil", "product": "net/http/httputil", "programRoutines": [ { "name": "ReverseProxy.ServeHTTP" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.18.7", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.19.2", "status": "affected", "version": "1.19.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Gal Goldstein (Security Researcher, Oxeye)" }, { "lang": "en", "value": "Daniel Abeles (Head of Research, Oxeye)" } ], "descriptions": [ { "lang": "en", "value": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request\u0027s Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-444: Inconsistent Interpretation of HTTP Requests", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:12:40.079Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/54663" }, { "url": "https://go.dev/cl/432976" }, { "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" }, { "url": "https://pkg.go.dev/vuln/GO-2022-1038" }, { "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "Incorrect sanitization of forwarded query parameters in net/http/httputil" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-2880", "datePublished": "2022-10-14T00:00:00", "dateReserved": "2022-08-17T00:00:00", "dateUpdated": "2024-08-03T00:52:59.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41716
Vulnerability from cvelistv5
Published
2022-11-02 15:28
Modified
2024-10-30 13:59
Severity ?
EPSS score ?
Summary
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Go standard library | syscall |
Version: 0 ≤ Version: 1.19.0-0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.904Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230120-0007/" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/56284" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/446916" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-1095" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2022-41716", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T14:02:04.861393Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-30T13:59:43.967Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "syscall", "platforms": [ "windows" ], "product": "syscall", "programRoutines": [ { "name": "StartProcess" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.18.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.19.3", "status": "affected", "version": "1.19.0-0", "versionType": "semver" } ] }, { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "os/exec", "platforms": [ "windows" ], "product": "os/exec", "programRoutines": [ { "name": "Cmd.environ" }, { "name": "dedupEnv" }, { "name": "dedupEnvCase" }, { "name": "Cmd.CombinedOutput" }, { "name": "Cmd.Environ" }, { "name": "Cmd.Output" }, { "name": "Cmd.Run" }, { "name": "Cmd.Start" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.18.8", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.19.3", "status": "affected", "version": "1.19.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "RyotaK (https://twitter.com/ryotkak)" } ], "descriptions": [ { "lang": "en", "value": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\"." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-158: Improper Neutralization of Null Byte or NUL Character", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:12:49.198Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/56284" }, { "url": "https://go.dev/cl/446916" }, { "url": "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2022-1095" } ], "title": "Unsanitized NUL in environment variables on Windows in syscall and os/exec" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-41716", "datePublished": "2022-11-02T15:28:19.574Z", "dateReserved": "2022-09-28T17:00:06.607Z", "dateUpdated": "2024-10-30T13:59:43.967Z", "requesterUserId": "7d08541a-cd0a-42e2-8f81-76e6ceb65fc3", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25746
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 102.8 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 102.8 and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory safety bugs fixed in Firefox ESR 102.8", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1544127%2C1762368" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25746", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30634
Vulnerability from cvelistv5
Published
2022-07-15 19:36
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | crypto/rand |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/402257" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/52561" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0477" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "crypto/rand", "platforms": [ "windows" ], "product": "crypto/rand", "programRoutines": [ { "name": "Read" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.11", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.3", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Davis Goodin" }, { "lang": "en", "value": "Quim Muntal of Microsoft" } ], "descriptions": [ { "lang": "en", "value": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:27.361Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/402257" }, { "url": "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863" }, { "url": "https://go.dev/issue/52561" }, { "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0477" } ], "title": "Indefinite hang with large buffers on Windows in crypto/rand" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30634", "datePublished": "2022-07-15T19:36:19", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48281
Vulnerability from cvelistv5
Published
2023-01-23 00:00
Modified
2024-08-03 15:10
Severity ?
EPSS score ?
Summary
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T15:10:59.710Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/488" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5" }, { "name": "DSA-5333", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5333" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3297-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230302-0004/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., \"WRITE of size 307203\") via a crafted TIFF image." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/issues/488" }, { "url": "https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5" }, { "name": "DSA-5333", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5333" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3297-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230302-0004/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-48281", "datePublished": "2023-01-23T00:00:00", "dateReserved": "2023-01-23T00:00:00", "dateUpdated": "2024-08-03T15:10:59.710Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21515
Vulnerability from cvelistv5
Published
2022-07-19 21:06
Modified
2024-09-24 20:03
Severity ?
EPSS score ?
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220729-0004/ | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | MySQL Server |
Version: 5.7.38 and prior Version: 8.0.29 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:46:38.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-9178229cd7", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/" }, { "name": "FEDORA-2022-7197cef91f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-21515", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-24T14:07:38.725707Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-24T20:03:20.163Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "MySQL Server", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "5.7.38 and prior" }, { "status": "affected", "version": "8.0.29 and prior" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-22T03:11:36", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-9178229cd7", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/" }, { "name": "FEDORA-2022-7197cef91f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2022-21515", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MySQL Server", "version": { "version_data": [ { "version_affected": "=", "version_value": "5.7.38 and prior" }, { "version_affected": "=", "version_value": "8.0.29 and prior" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ] }, "impact": { "cvss": { "baseScore": "4.9", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-9178229cd7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZI4Q7XW5QLUTOACRHBIEYZ6SZB6TIEMT/" }, { "name": "FEDORA-2022-7197cef91f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CESCYUGY6H6O2R2GPUJLBTYSMY2PHCD/" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21515", "datePublished": "2022-07-19T21:06:51", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-09-24T20:03:20.163Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42919
Vulnerability from cvelistv5
Published
2022-11-06 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/python/cpython/issues/97514" }, { "name": "FEDORA-2022-1166a1df1e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/" }, { "name": "FEDORA-2022-028c09eaa7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/" }, { "name": "FEDORA-2022-b17bf30e88", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/" }, { "name": "FEDORA-2022-462f39dd2f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/" }, { "name": "FEDORA-2022-a7cad6bd22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/" }, { "name": "FEDORA-2022-f44dd1bec2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0006/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840" }, { "name": "FEDORA-2023-af5206f71d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "name": "FEDORA-2023-097dd40685", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/python/cpython/compare/v3.10.8...v3.10.9" }, { "tags": [ "x_transferred" ], "url": "https://github.com/python/cpython/compare/v3.9.15...v3.9.16" }, { "name": "GLSA-202305-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/python/cpython/issues/97514" }, { "name": "FEDORA-2022-1166a1df1e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PI5DYIED6U26BGX5IRZWNCP6TY4M2ZGZ/" }, { "name": "FEDORA-2022-028c09eaa7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCRKBB5Y5EWTJUNC7LK665WO64DDXSTN/" }, { "name": "FEDORA-2022-b17bf30e88", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKGCQPIVHEAIJ77R3RSNSQWYBUDVWDKU/" }, { "name": "FEDORA-2022-462f39dd2f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2LHWWEI5OBQ6RELULMVU6KMDYG4WZXH/" }, { "name": "FEDORA-2022-a7cad6bd22", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XX6LLAXGZVZ327REY6MDZRMMP47LJ53P/" }, { "name": "FEDORA-2022-f44dd1bec2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6KGIRHSENZ4QAB234Z36HVIDTRJ3MFI/" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0006/" }, { "url": "https://github.com/python/cpython/issues/97514#issuecomment-1310277840" }, { "name": "FEDORA-2023-af5206f71d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/" }, { "name": "FEDORA-2023-097dd40685", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/" }, { "url": "https://github.com/python/cpython/compare/v3.10.8...v3.10.9" }, { "url": "https://github.com/python/cpython/compare/v3.9.15...v3.9.16" }, { "name": "GLSA-202305-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-02" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42919", "datePublished": "2022-11-06T00:00:00", "dateReserved": "2022-10-14T00:00:00", "dateUpdated": "2024-08-03T13:19:05.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-25032
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:26:39.599Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, { "name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, { "name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, { "name": "DSA-5111", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5111" }, { "name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, { "name": "FEDORA-2022-413a80a102", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, { "name": "FEDORA-2022-dbd2935e44", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, { "name": "FEDORA-2022-12b89e2aad", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, { "name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "FEDORA-2022-61cf1c64f6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, { "tags": [ "x_transferred" ], "url": "https://github.com/madler/zlib/issues/605" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213257" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213256" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213255" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-3a92250fd5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, { "name": "FEDORA-2022-b58a85e167", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, { "name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, { "name": "GLSA-202210-42", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-42" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openwall.com/lists/oss-security/2022/03/24/1" }, { "url": "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" }, { "name": "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/25/2" }, { "name": "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/03/26/1" }, { "name": "DSA-5111", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5111" }, { "name": "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" }, { "name": "FEDORA-2022-413a80a102", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" }, { "name": "FEDORA-2022-dbd2935e44", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/" }, { "name": "FEDORA-2022-12b89e2aad", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/" }, { "name": "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html" }, { "name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/33" }, { "name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/35" }, { "name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/May/38" }, { "name": "FEDORA-2022-61cf1c64f6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://www.openwall.com/lists/oss-security/2022/03/28/3" }, { "url": "https://www.openwall.com/lists/oss-security/2022/03/28/1" }, { "url": "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" }, { "url": "https://github.com/madler/zlib/issues/605" }, { "url": "https://support.apple.com/kb/HT213257" }, { "url": "https://support.apple.com/kb/HT213256" }, { "url": "https://support.apple.com/kb/HT213255" }, { "url": "https://security.netapp.com/advisory/ntap-20220526-0009/" }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "FEDORA-2022-3a92250fd5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/" }, { "name": "FEDORA-2022-b58a85e167", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/" }, { "name": "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html" }, { "name": "GLSA-202210-42", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-42" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-25032", "datePublished": "2022-03-25T00:00:00", "dateReserved": "2022-03-25T00:00:00", "dateUpdated": "2024-08-05T12:26:39.599Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25739
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.362Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811939" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in \u003ccode\u003eScriptLoadContext\u003c/code\u003e. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811939" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25739", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.362Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-27337
Vulnerability from cvelistv5
Published
2022-05-05 18:36
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
References
▼ | URL | Tags |
---|---|---|
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 | x_refsource_MISC | |
https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2022/dsa-5224 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:25:32.656Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177" }, { "name": "FEDORA-2022-ce08b1c643", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/" }, { "name": "DSA-5224", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5224" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-26T01:06:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177" }, { "name": "FEDORA-2022-ce08b1c643", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/" }, { "name": "DSA-5224", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5224" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-27337", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230" }, { "name": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230#note_1372177" }, { "name": "FEDORA-2022-ce08b1c643", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOTDUXJOKDYO4I7MKHLT5NBGTN5E7FHQ/" }, { "name": "DSA-5224", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5224" }, { "name": "[debian-lts-announce] 20220925 [SECURITY] [DLA 3120-1] poppler security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27337", "datePublished": "2022-05-05T18:36:34", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-08-03T05:25:32.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21984
Vulnerability from cvelistv5
Published
2023-04-18 19:54
Modified
2024-09-16 15:04
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2023.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Solaris Operating System |
Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:59:28.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21984", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T14:38:34.142305Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T15:04:55.676Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-18T19:54:40.319Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21984", "datePublished": "2023-04-18T19:54:40.319Z", "dateReserved": "2022-12-17T19:26:00.739Z", "dateUpdated": "2024-09-16T15:04:55.676Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23602
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 109 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800890" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "109", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Content Security Policy wasn\u0027t being correctly applied to WebSockets in WebWorkers", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800890" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-23602", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-16T00:00:00", "dateUpdated": "2024-08-02T10:35:33.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32148
Vulnerability from cvelistv5
Published
2022-08-09 20:18
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:55.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/412857" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53423" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0520" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http", "product": "net/http", "programRoutines": [ { "name": "Header.Clone" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Christian Mehlmauer" } ], "descriptions": [ { "lang": "en", "value": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-200: Information Exposure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:32.608Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/412857" }, { "url": "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a" }, { "url": "https://go.dev/issue/53423" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0520" } ], "title": "Exposure of client IP addresses in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-32148", "datePublished": "2022-08-09T20:18:21", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-08-03T07:32:55.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0567
Vulnerability from cvelistv5
Published
2023-02-16 06:15
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:50.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230331-0008/" }, { "tags": [ "x_transferred" ], "url": "https://bugs.php.net/bug.php?id=81744" }, { "tags": [ "x_transferred" ], "url": "https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:php_group:php:8.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:php:8.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:php_group:php:8.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "php", "vendor": "php_group", "versions": [ { "lessThan": "80.28", "status": "affected", "version": "8.0.0", "versionType": "semver" }, { "lessThan": "8.1.16", "status": "affected", "version": "8.1.0", "versionType": "semver" }, { "lessThan": "8.2.3", "status": "affected", "version": "8.2.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-0567", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:34:47.733360Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:34:50.014Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "PHP", "programRoutines": [ { "name": "password_verify" } ], "repo": "https://github.com/php/php-src", "vendor": "PHP Group", "versions": [ { "lessThan": "8.0.28", "status": "affected", "version": "8.0.x", "versionType": "semver" }, { "lessThan": "8.1.16", "status": "affected", "version": "8.1.x", "versionType": "semver" }, { "lessThan": "8.2.3", "status": "affected", "version": "8.2.x", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tim D\u00fcsterhus" }, { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "tech at mkdgs dot fr" } ], "datePublic": "2023-02-13T05:40:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cbr\u003e\u003cp\u003eIn PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.\u0026nbsp;\u003c/p\u003e" } ], "value": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.\u00a0\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T05:45:13.020935Z", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php" }, "references": [ { "url": "https://bugs.php.net/bug.php?id=81744" }, { "url": "https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4" } ], "source": { "discovery": "EXTERNAL" }, "title": "password_verify() always returns true for some invalid hashes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2023-0567", "datePublished": "2023-02-16T06:15:50.127Z", "dateReserved": "2023-01-29T07:45:55.380Z", "dateUpdated": "2024-08-02T05:17:50.104Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21843
Vulnerability from cvelistv5
Published
2023-01-17 23:35
Modified
2024-09-23 18:48
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory | |
https://security.gentoo.org/glsa/202401-25 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u351 Version: Oracle Java SE:8u351-perf Version: Oracle Java SE:11.0.17 Version: Oracle Java SE:17.0.5 Version: Oracle Java SE:19.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.8 Version: Oracle GraalVM Enterprise Edition:21.3.4 Version: Oracle GraalVM Enterprise Edition:22.3.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:51:51.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-25" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21843", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-21T19:28:28.287371Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-23T18:48:27.789Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u351" }, { "status": "affected", "version": "Oracle Java SE:8u351-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.17" }, { "status": "affected", "version": "Oracle Java SE:17.0.5" }, { "status": "affected", "version": "Oracle Java SE:19.0.1" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.8" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.4" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:22.3.0" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-23T23:37:31.579Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" }, { "url": "https://security.gentoo.org/glsa/202401-25" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21843", "datePublished": "2023-01-17T23:35:11.096Z", "dateReserved": "2022-12-17T19:26:00.691Z", "dateUpdated": "2024-09-23T18:48:27.789Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42011
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/413" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42011", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T12:56:39.236Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41715
Vulnerability from cvelistv5
Published
2022-10-14 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | regexp/syntax |
Version: 0 ≤ Version: 1.19.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:49:43.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/55949" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/439356" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-1039" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "regexp/syntax", "product": "regexp/syntax", "programRoutines": [ { "name": "parser.push" }, { "name": "parser.repeat" }, { "name": "parser.factor" }, { "name": "parse" }, { "name": "Parse" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.18.7", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.19.2", "status": "affected", "version": "1.19.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Adam Korczynski (ADA Logics)" }, { "lang": "en", "value": "OSS-Fuzz" } ], "descriptions": [ { "lang": "en", "value": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE 400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:05:32.997Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/55949" }, { "url": "https://go.dev/cl/439356" }, { "url": "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU" }, { "url": "https://pkg.go.dev/vuln/GO-2022-1039" }, { "url": "https://security.gentoo.org/glsa/202311-09" } ], "title": "Memory exhaustion when compiling regular expressions in regexp/syntax" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-41715", "datePublished": "2022-10-14T00:00:00", "dateReserved": "2022-09-28T00:00:00", "dateUpdated": "2024-08-03T12:49:43.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1705
Vulnerability from cvelistv5
Published
2022-08-09 20:16
Modified
2024-08-03 00:10
Severity ?
EPSS score ?
Summary
Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/http |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:10:03.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/409874" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53188" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/410714" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0525" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http", "product": "net/http", "programRoutines": [ { "name": "transferReader.parseTransferEncoding" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Zeyu Zhang (https://www.zeyu2001.com/)" } ], "descriptions": [ { "lang": "en", "value": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:43.089Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/409874" }, { "url": "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f" }, { "url": "https://go.dev/issue/53188" }, { "url": "https://go.dev/cl/410714" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0525" } ], "title": "Improper sanitization of Transfer-Encoding headers in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-1705", "datePublished": "2022-08-09T20:16:57", "dateReserved": "2022-05-13T00:00:00", "dateUpdated": "2024-08-03T00:10:03.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0801
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.481Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/498" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds write in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/498" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0801.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0801", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45143
Vulnerability from cvelistv5
Published
2023-01-03 18:12
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Tomcat |
Version: 10.1.0-M1 ≤ 10.1.1 Version: 9.0.40 ≤ 9.0.68 Version: 8.5.83 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:09:56.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230216-0009/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-37" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-45143", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T14:55:21.394332Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T14:55:50.547Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "10.1.1", "status": "affected", "version": "10.1.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "9.0.68", "status": "affected", "version": "9.0.40", "versionType": "semver" }, { "status": "affected", "version": "8.5.83" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output." } ], "value": "The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output." } ], "metrics": [ { "other": { "content": { "text": "low" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-116", "description": "CWE-116 Improper Encoding or Escaping of Output", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-27T12:57:14.452Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj" }, { "url": "https://security.gentoo.org/glsa/202305-37" } ], "source": { "discovery": "INTERNAL" }, "title": "Apache Tomcat: JsonErrorReportValve escaping", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-45143", "datePublished": "2023-01-03T18:12:28.351Z", "dateReserved": "2022-11-10T15:00:33.203Z", "dateUpdated": "2024-08-03T14:09:56.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0616
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 102.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:49.978Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird\u0027s user interface to lock up and no longer respond to the user\u0027s actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "User Interface lockup with messages combining S/MIME and OpenPGP", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1806507" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-0616", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-01T00:00:00", "dateUpdated": "2024-08-02T05:17:49.978Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2006-20001
Vulnerability from cvelistv5
Published
2023-01-17 19:07
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
References
▼ | URL | Tags |
---|---|---|
https://httpd.apache.org/security/vulnerabilities_24.html | vendor-advisory | |
https://security.gentoo.org/glsa/202309-01 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4 ≤ 2.4.54 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T20:57:41.059Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230316-0005/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2006-20001", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:32:06.669346Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:32:39.476Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.54", "status": "affected", "version": "2.4", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache HTTP Server 2.4.54 and earlier.\u003cbr\u003e" } ], "value": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.\n" } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-17T19:07:27.136Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.gentoo.org/glsa/202309-01" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2006-10-31T09:00:00.000Z", "value": "Described in first edition of \"The Art of Software Security Assessment\"" }, { "lang": "en", "time": "2022-08-10T12:00:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: mod_dav out of bounds read, or write of zero byte", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2006-20001", "datePublished": "2023-01-17T19:07:27.136Z", "dateReserved": "2022-09-01T14:24:05.065Z", "dateUpdated": "2024-08-07T20:57:41.059Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2874
Vulnerability from cvelistv5
Published
2022-08-18 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.351Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0224", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79" }, { "url": "https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "95f97dfe-247d-475d-9740-b7adc71f4c79", "discovery": "EXTERNAL" }, "title": "NULL Pointer Dereference in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2874", "datePublished": "2022-08-18T00:00:00", "dateReserved": "2022-08-17T00:00:00", "dateUpdated": "2024-08-03T00:52:59.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2928
Vulnerability from cvelistv5
Published
2022-10-07 04:45
Modified
2024-09-17 00:21
Severity ?
EPSS score ?
Summary
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-2928" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ISC DHCP", "vendor": "ISC", "versions": [ { "status": "affected", "version": "4.4.0 through versions before 4.4.3-P1" }, { "status": "affected", "version": "4.1 ESV 4.1-ESV-R1 through versions before 4.1-ESV-R16-P1" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank VictorV of Cyber Kunlun Lab for discovering and reporting this issue." } ], "datePublic": "2022-10-05T00:00:00", "descriptions": [ { "lang": "en", "value": "In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option\u0027s refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "A DHCP server configured with allow leasequery;, a remote machine with access to the server can send lease queries for the same lease multiple times, leading to the add_option() function being repeatedly called. This could cause an option\u0027s refcount field to overflow and the server to abort. Internally, reference counters are integers and thus overflow at 2^31 references, so even at 1000 lease query responses per second, it would take more than three weeks to crash the server. Affects In ISC DHCP 4.4.0 -\u003e 4.4.3, ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16-P1", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "url": "https://kb.isc.org/docs/cve-2022-2928" }, { "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00015.html" }, { "name": "FEDORA-2022-f5a45757df", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQXYCIWUDILRCNBAIMVFCSGXBRKEPB4K/" }, { "name": "FEDORA-2022-9ca9a94e28", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T6IBFH4MRRNJQVWEKILQ6I6CXWW766FX/" }, { "name": "FEDORA-2022-c4f274a54f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SARIK7KZ7MGQIWDRWZFAOSQSPXY4GOU/" }, { "name": "GLSA-202305-22", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-22" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of ISC DHCP. These can all be downloaded from https://www.isc.org/downloads. 4.4.3-P1 4.1-ESV-R16-P2" } ], "source": { "discovery": "EXTERNAL" }, "title": "An option refcount overflow exists in dhcpd", "workarounds": [ { "lang": "en", "value": "Disable lease query on the server for DHCPv4 or restart the server periodically." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-2928", "datePublished": "2022-10-07T04:45:11.751554Z", "dateReserved": "2022-08-22T00:00:00", "dateUpdated": "2024-09-17T00:21:40.167Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42012
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.232Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/417" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42012", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T12:56:39.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3324
Vulnerability from cvelistv5
Published
2022-09-27 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.474Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0598", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c" }, { "url": "https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "e414e55b-f332-491f-863b-c18dca97403c", "discovery": "EXTERNAL" }, "title": "Stack-based Buffer Overflow in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3324", "datePublished": "2022-09-27T00:00:00", "dateReserved": "2022-09-26T00:00:00", "dateUpdated": "2024-08-03T01:07:06.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45199
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 14:09
Severity ?
EPSS score ?
Summary
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:09:56.981Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/python-pillow/Pillow/pull/6700" }, { "tags": [ "x_transferred" ], "url": "https://bugs.gentoo.org/878769" }, { "tags": [ "x_transferred" ], "url": "https://github.com/python-pillow/Pillow/releases/tag/9.3.0" }, { "name": "GLSA-202211-10", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202211-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-22T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3" }, { "url": "https://github.com/python-pillow/Pillow/pull/6700" }, { "url": "https://bugs.gentoo.org/878769" }, { "url": "https://github.com/python-pillow/Pillow/releases/tag/9.3.0" }, { "name": "GLSA-202211-10", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202211-10" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45199", "datePublished": "2022-11-14T00:00:00", "dateReserved": "2022-11-14T00:00:00", "dateUpdated": "2024-08-03T14:09:56.981Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29338
Vulnerability from cvelistv5
Published
2021-04-14 13:52
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
References
▼ | URL | Tags |
---|---|---|
https://github.com/uclouvain/openjpeg/issues/1338 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html | mailing-list, x_refsource_MLIST | |
https://security.gentoo.org/glsa/202209-04 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:02:51.649Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/uclouvain/openjpeg/issues/1338" }, { "name": "FEDORA-2021-c1ac2ee5ee", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/" }, { "name": "FEDORA-2021-e145f477df", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/" }, { "name": "[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html" }, { "name": "GLSA-202209-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option \"-ImgDir\" on a directory that contains 1048576 files." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-07T04:06:30", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/uclouvain/openjpeg/issues/1338" }, { "name": "FEDORA-2021-c1ac2ee5ee", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/" }, { "name": "FEDORA-2021-e145f477df", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/" }, { "name": "[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html" }, { "name": "GLSA-202209-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29338", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option \"-ImgDir\" on a directory that contains 1048576 files." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/uclouvain/openjpeg/issues/1338", "refsource": "MISC", "url": "https://github.com/uclouvain/openjpeg/issues/1338" }, { "name": "FEDORA-2021-c1ac2ee5ee", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/" }, { "name": "FEDORA-2021-e145f477df", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/" }, { "name": "[debian-lts-announce] 20220410 [SECURITY] [DLA 2975-1] openjpeg2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00006.html" }, { "name": "GLSA-202209-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29338", "datePublished": "2021-04-14T13:52:26", "dateReserved": "2021-03-29T00:00:00", "dateUpdated": "2024-08-03T22:02:51.649Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46343
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-46343" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ], "problemTypes": [ { "descriptions": [ { "description": "use-after-free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2022-46343" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151758" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46343", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.549Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2889
Vulnerability from cvelistv5
Published
2022-08-19 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0225.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0225", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0225." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa" }, { "url": "https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15" }, { "name": "FEDORA-2022-3b33d04743", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "d1ac9817-825d-49ce-b514-1d5b12b6bdaa", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2889", "datePublished": "2022-08-19T00:00:00", "dateReserved": "2022-08-18T00:00:00", "dateUpdated": "2024-08-03T00:52:59.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21840
Vulnerability from cvelistv5
Published
2023-01-17 23:35
Modified
2024-09-17 14:15
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2023.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | MySQL Server |
Version: 5.7.40 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:51:51.161Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21840", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-17T14:03:46.415361Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-17T14:15:54.534Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "MySQL Server", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "5.7.40 and prior" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-23T23:37:30.460Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2023.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21840", "datePublished": "2023-01-17T23:35:10.085Z", "dateReserved": "2022-12-17T19:26:00.690Z", "dateUpdated": "2024-09-17T14:15:54.534Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21928
Vulnerability from cvelistv5
Published
2023-04-18 19:54
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2023.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Solaris Operating System |
Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:59:28.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21928", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T19:39:27.957922Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-16T19:41:15.146Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: IPS repository daemon). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-18T19:54:22.502Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21928", "datePublished": "2023-04-18T19:54:22.502Z", "dateReserved": "2022-12-17T19:26:00.718Z", "dateUpdated": "2024-09-16T19:41:15.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0217
Vulnerability from cvelistv5
Published
2023-02-08 19:02
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
An invalid pointer dereference on read can be triggered when an
application tries to check a malformed DSA public key by the
EVP_PKEY_public_check() function. This will most likely lead
to an application crash. This function can be called on public
keys supplied from untrusted sources which could allow an attacker
to cause a denial of service attack.
The TLS implementation in OpenSSL does not call this function
but applications might call the function if there are additional
security requirements imposed by standards such as FIPS 140-3.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Kurt Roeckx" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Shane Lontis from Oracle" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An invalid pointer dereference on read can be triggered when an\u003cbr\u003eapplication tries to check a malformed DSA public key by the\u003cbr\u003eEVP_PKEY_public_check() function. This will most likely lead\u003cbr\u003eto an application crash. This function can be called on public\u003cbr\u003ekeys supplied from untrusted sources which could allow an attacker\u003cbr\u003eto cause a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe TLS implementation in OpenSSL does not call this function\u003cbr\u003ebut applications might call the function if there are additional\u003cbr\u003esecurity requirements imposed by standards such as FIPS 140-3.\u003cbr\u003e\u003cbr\u003e" } ], "value": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "invalid pointer dereference", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:44:48.097Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "NULL dereference validating DSA public key", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0217", "datePublished": "2023-02-08T19:02:48.524Z", "dateReserved": "2023-01-11T12:02:46.441Z", "dateUpdated": "2024-08-02T05:02:43.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28331
Vulnerability from cvelistv5
Published
2023-01-31 15:55
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
References
▼ | URL | Tags |
---|---|---|
https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Portable Runtime (APR) |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:56:14.939Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Portable Runtime (APR)", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.7.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Ronald Crane (Zippenhop LLC)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow." } ], "value": "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-07T15:26:44.884Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-28331", "datePublished": "2023-01-31T15:55:21.488Z", "dateReserved": "2022-04-01T12:46:04.617Z", "dateUpdated": "2024-08-03T05:56:14.939Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23919
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-08-02 10:42
Severity ?
EPSS score ?
Summary
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/nodejs/node |
Version: Fixed in 19.2.0, 18.14.1, 16.19.1, 14.21.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:42:26.831Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1808596" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/nodejs/node", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 19.2.0, 18.14.1, 16.19.1, 14.21.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-310", "description": "Cryptographic Issues - Generic (CWE-310)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-16T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/" }, { "url": "https://hackerone.com/reports/1808596" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-23919", "datePublished": "2023-02-23T00:00:00", "dateReserved": "2023-01-19T00:00:00", "dateUpdated": "2024-08-02T10:42:26.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25147
Vulnerability from cvelistv5
Published
2023-01-31 15:54
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Portable Runtime Utility (APR-util) |
Version: 0 ≤ 1.6.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:29:01.897Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Portable Runtime Utility (APR-util)", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.6.1", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "Ronald Crane (Zippenhop LLC)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eInteger Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.\u003c/div\u003e" } ], "value": "Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\n\n\n\n\nThis issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.\n\n" } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-31T15:54:51.395Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0001/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Portable Runtime Utility (APR-util): out-of-bounds writes in the apr_base64 family of functions", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-25147", "datePublished": "2023-01-31T15:54:51.395Z", "dateReserved": "2022-02-14T07:58:18.424Z", "dateUpdated": "2024-08-03T04:29:01.897Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40304
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:40.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213534" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213533" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "url": "https://support.apple.com/kb/HT213534" }, { "url": "https://support.apple.com/kb/HT213533" }, { "url": "https://support.apple.com/kb/HT213531" }, { "url": "https://support.apple.com/kb/HT213536" }, { "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40304", "datePublished": "2022-11-23T00:00:00", "dateReserved": "2022-09-09T00:00:00", "dateUpdated": "2024-08-03T12:14:40.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2819
Vulnerability from cvelistv5
Published
2022-08-15 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.508Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889" }, { "name": "FEDORA-2022-6f5e420e52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0211", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59" }, { "url": "https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889" }, { "name": "FEDORA-2022-6f5e420e52", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "0a9bd71e-66b8-4eb1-9566-7dfd9b097e59", "discovery": "EXTERNAL" }, "title": "Heap-based Buffer Overflow in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2819", "datePublished": "2022-08-15T00:00:00", "dateReserved": "2022-08-15T00:00:00", "dateUpdated": "2024-08-03T00:52:59.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-27664
Vulnerability from cvelistv5
Published
2022-09-06 17:29
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
References
▼ | URL | Tags |
---|---|---|
https://groups.google.com/g/golang-announce | x_refsource_MISC | |
https://groups.google.com/g/golang-announce/c/x49AQzIVX-s | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20220923-0004/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-26 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:32:59.884Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "name": "FEDORA-2022-67ec8c61d0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" }, { "name": "FEDORA-2022-45097317b4", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" }, { "name": "GLSA-202209-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-26" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:06:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "name": "FEDORA-2022-67ec8c61d0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" }, { "name": "FEDORA-2022-45097317b4", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" }, { "name": "GLSA-202209-26", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-26" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-27664", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce" }, { "name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", "refsource": "CONFIRM", "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "name": "FEDORA-2022-67ec8c61d0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/" }, { "name": "FEDORA-2022-45097317b4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/" }, { "name": "https://security.netapp.com/advisory/ntap-20220923-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220923-0004/" }, { "name": "GLSA-202209-26", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-26" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27664", "datePublished": "2022-09-06T17:29:08", "dateReserved": "2022-03-23T00:00:00", "dateUpdated": "2024-08-03T05:32:59.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-25255
Vulnerability from cvelistv5
Published
2022-02-16 18:48
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
References
▼ | URL | Tags |
---|---|---|
https://codereview.qt-project.org/c/qt/qtbase/+/393113 | x_refsource_MISC | |
https://codereview.qt-project.org/c/qt/qtbase/+/394914 | x_refsource_MISC | |
https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff | x_refsource_MISC | |
https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff | x_refsource_MISC | |
https://codereview.qt-project.org/c/qt/qtbase/+/396020 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:36:06.650Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-16T18:48:34", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113" }, { "tags": [ "x_refsource_MISC" ], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914" }, { "tags": [ "x_refsource_MISC" ], "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff" }, { "tags": [ "x_refsource_MISC" ], "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff" }, { "tags": [ "x_refsource_MISC" ], "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-25255", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://codereview.qt-project.org/c/qt/qtbase/+/393113", "refsource": "MISC", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/393113" }, { "name": "https://codereview.qt-project.org/c/qt/qtbase/+/394914", "refsource": "MISC", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/394914" }, { "name": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff", "refsource": "MISC", "url": "https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff" }, { "name": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff", "refsource": "MISC", "url": "https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff" }, { "name": "https://codereview.qt-project.org/c/qt/qtbase/+/396020", "refsource": "MISC", "url": "https://codereview.qt-project.org/c/qt/qtbase/+/396020" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-25255", "datePublished": "2022-02-16T18:48:35", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2024-08-03T04:36:06.650Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2309
Vulnerability from cvelistv5
Published
2022-07-05 09:00
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
References
▼ | URL | Tags |
---|---|---|
https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba | x_refsource_CONFIRM | |
https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f | x_refsource_MISC | |
https://security.gentoo.org/glsa/202208-06 | vendor-advisory, x_refsource_GENTOO | |
https://security.netapp.com/advisory/ntap-20220915-0006/ | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/ | vendor-advisory, x_refsource_FEDORA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:32:09.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" }, { "name": "GLSA-202208-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-06" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0006/" }, { "name": "FEDORA-2022-ed0eeb6a20", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/" }, { "name": "FEDORA-2022-ed17f59c1d", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "lxml/lxml", "vendor": "lxml", "versions": [ { "lessThan": "4.9.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\u0027t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-24T01:06:09", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" }, { "name": "GLSA-202208-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-06" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0006/" }, { "name": "FEDORA-2022-ed0eeb6a20", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/" }, { "name": "FEDORA-2022-ed17f59c1d", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/" } ], "source": { "advisory": "8264e74f-edda-4c40-9956-49de635105ba", "discovery": "EXTERNAL" }, "title": "NULL Pointer Dereference in lxml/lxml", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-2309", "STATE": "PUBLIC", "TITLE": "NULL Pointer Dereference in lxml/lxml" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "lxml/lxml", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "4.9.1" } ] } } ] }, "vendor_name": "lxml" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn\u0027t be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476 NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba" }, { "name": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f", "refsource": "MISC", "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" }, { "name": "GLSA-202208-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-06" }, { "name": "https://security.netapp.com/advisory/ntap-20220915-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220915-0006/" }, { "name": "FEDORA-2022-ed0eeb6a20", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/" }, { "name": "FEDORA-2022-ed17f59c1d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/" } ] }, "source": { "advisory": "8264e74f-edda-4c40-9956-49de635105ba", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2309", "datePublished": "2022-07-05T09:00:12", "dateReserved": "2022-07-05T00:00:00", "dateUpdated": "2024-08-03T00:32:09.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0798
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.263Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/492" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds read in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/492" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0798.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0798", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22490
Vulnerability from cvelistv5
Published
2023-02-14 19:47
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253.
A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.
References
▼ | URL | Tags |
---|---|---|
https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q | x_refsource_CONFIRM | |
https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85 | x_refsource_MISC | |
https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd | x_refsource_MISC | |
https://security.gentoo.org/glsa/202312-15 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | git | git |
Version: >= 2.39.0, < 2.39.2 Version: >= 2.38.0, < 2.38.4 Version: >= 2.37.0, < 2.37.6 Version: >= 2.36.0, < 2.36.5 Version: >= 2.35.0, < 2.35.7 Version: >= 2.34.0, < 2.34.7 Version: >= 2.33.0, < 2.33.7 Version: >= 2.32.0, < 2.32.6 Version: >= 2.31.0, < 2.31.7 Version: < 2.30.8 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:48.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q" }, { "name": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85" }, { "name": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "\u003e= 2.39.0, \u003c 2.39.2" }, { "status": "affected", "version": "\u003e= 2.38.0, \u003c 2.38.4" }, { "status": "affected", "version": "\u003e= 2.37.0, \u003c 2.37.6" }, { "status": "affected", "version": "\u003e= 2.36.0, \u003c 2.36.5" }, { "status": "affected", "version": "\u003e= 2.35.0, \u003c 2.35.7" }, { "status": "affected", "version": "\u003e= 2.34.0, \u003c 2.34.7" }, { "status": "affected", "version": "\u003e= 2.33.0, \u003c 2.33.7" }, { "status": "affected", "version": "\u003e= 2.32.0, \u003c 2.32.6" }, { "status": "affected", "version": "\u003e= 2.31.0, \u003c 2.31.7" }, { "status": "affected", "version": "\u003c 2.30.8" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim\u0027s filesystem within the malicious repository\u0027s working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253.\n\nA fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T19:47:56.863Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q" }, { "name": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85" }, { "name": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/c867e4fa180bec4750e9b54eb10f459030dbebfd" }, { "url": "https://security.gentoo.org/glsa/202312-15" } ], "source": { "advisory": "GHSA-gw92-x3fm-3g3q", "discovery": "UNKNOWN" }, "title": "Git vulnerable to local clone-based data exfiltration with non-local transports" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-22490", "datePublished": "2023-02-14T19:47:56.863Z", "dateReserved": "2022-12-29T17:41:28.089Z", "dateUpdated": "2024-08-02T10:13:48.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-27536
Vulnerability from cvelistv5
Published
2022-04-20 00:00
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:32:58.690Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230309-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-09T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://groups.google.com/g/golang-announce" }, { "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" }, { "url": "https://security.netapp.com/advisory/ntap-20230309-0001/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27536", "datePublished": "2022-04-20T00:00:00", "dateReserved": "2022-03-21T00:00:00", "dateUpdated": "2024-08-03T05:32:58.690Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46874
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 108 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-52/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-53/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-54/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746139" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "108", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.6.1", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "102.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.\u003cbr/\u003e*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox \u003c 108, Thunderbird \u003c 102.6.1, Thunderbird \u003c 102.6, and Firefox ESR \u003c 102.6." } ], "problemTypes": [ { "descriptions": [ { "description": "Drag and Dropped Filenames could have been truncated to malicious extensions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-52/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-53/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2022-54/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1746139" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-13" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-46874", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-12-09T00:00:00", "dateUpdated": "2024-08-03T14:39:38.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3297
Vulnerability from cvelistv5
Published
2022-09-25 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.447Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0579", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0579." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c" }, { "url": "https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "1aa9ec92-0355-4710-bf85-5bce9effa01c", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3297", "datePublished": "2022-09-25T00:00:00", "dateReserved": "2022-09-24T00:00:00", "dateUpdated": "2024-08-03T01:07:06.447Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0797
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/495" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds read in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/495" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0797.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0797", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3094
Vulnerability from cvelistv5
Published
2023-01-25 21:34
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.
Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.
If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.
BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16.
This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/cve-2022-3094 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2022-3094", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-3094" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.36", "status": "affected", "version": "9.16.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.10", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.8", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.36-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention." } ], "datePublic": "2023-01-25T00:00:00Z", "descriptions": [ { "lang": "en", "value": "Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.\n\nMemory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.\n\nIf a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.\n\nBIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don\u0027t intend to address this for BIND versions prior to BIND 9.16.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By flooding the target server with UPDATE requests, the attacker can exhaust all available memory on that server." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-26T06:03:10.975661Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2022-3094", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2022-3094" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "An UPDATE message flood may cause named to exhaust all available memory", "workarounds": [ { "lang": "en", "value": "No workarounds known." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-3094", "datePublished": "2023-01-25T21:34:52.983Z", "dateReserved": "2022-09-02T10:25:47.183Z", "dateUpdated": "2024-08-03T01:00:10.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23969
Vulnerability from cvelistv5
Published
2023-02-01 00:00
Modified
2024-08-02 10:49
Severity ?
EPSS score ?
Summary
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:49:08.226Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "tags": [ "x_transferred" ], "url": "https://docs.djangoproject.com/en/4.1/releases/security/" }, { "tags": [ "x_transferred" ], "url": "https://www.djangoproject.com/weblog/2023/feb/01/security-releases/" }, { "name": "[debian-lts-announce] 20230201 [SECURITY] [DLA 3306-1] python-django security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230302-0007/" }, { "name": "FEDORA-2023-8fed428c5e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/" }, { "name": "FEDORA-2023-a53ab7c969", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-28T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://groups.google.com/forum/#%21forum/django-announce" }, { "url": "https://docs.djangoproject.com/en/4.1/releases/security/" }, { "url": "https://www.djangoproject.com/weblog/2023/feb/01/security-releases/" }, { "name": "[debian-lts-announce] 20230201 [SECURITY] [DLA 3306-1] python-django security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230302-0007/" }, { "name": "FEDORA-2023-8fed428c5e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK/" }, { "name": "FEDORA-2023-a53ab7c969", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-23969", "datePublished": "2023-02-01T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T10:49:08.226Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3515
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:02.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610" }, { "tags": [ "x_transferred" ], "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html" }, { "tags": [ "x_transferred" ], "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-3515" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230706-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libksba", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in libksba v1.6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 - Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-06T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135610" }, { "url": "https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html" }, { "url": "https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-3515" }, { "url": "https://security.netapp.com/advisory/ntap-20230706-0008/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3515", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2022-10-14T00:00:00", "dateUpdated": "2024-08-03T01:14:02.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0401
Vulnerability from cvelistv5
Published
2023-02-08 19:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
A NULL pointer can be dereferenced when signatures are being
verified on PKCS7 signed or signedAndEnveloped data. In case the hash
algorithm used for the signature is known to the OpenSSL library but
the implementation of the hash algorithm is not available the digest
initialization will fail. There is a missing check for the return
value from the initialization function which later leads to invalid
usage of the digest API most likely leading to a crash.
The unavailability of an algorithm can be caused by using FIPS
enabled configuration of providers or more commonly by not loading
the legacy provider.
PKCS7 data is processed by the SMIME library calls and also by the
time stamp (TS) library calls. The TLS implementation in OpenSSL does
not call these functions however third party applications would be
affected if they call these functions to verify signatures on untrusted
data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.825Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario (Red Hat)" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Dmitry Belyavsky (Red Hat)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Tom\u00e1\u0161 Mr\u00e1z" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A NULL pointer can be dereferenced when signatures are being\u003cbr\u003everified on PKCS7 signed or signedAndEnveloped data. In case the hash\u003cbr\u003ealgorithm used for the signature is known to the OpenSSL library but\u003cbr\u003ethe implementation of the hash algorithm is not available the digest\u003cbr\u003einitialization will fail. There is a missing check for the return\u003cbr\u003evalue from the initialization function which later leads to invalid\u003cbr\u003eusage of the digest API most likely leading to a crash.\u003cbr\u003e\u003cbr\u003eThe unavailability of an algorithm can be caused by using FIPS\u003cbr\u003eenabled configuration of providers or more commonly by not loading\u003cbr\u003ethe legacy provider.\u003cbr\u003e\u003cbr\u003ePKCS7 data is processed by the SMIME library calls and also by the\u003cbr\u003etime stamp (TS) library calls. The TLS implementation in OpenSSL does\u003cbr\u003enot call these functions however third party applications would be\u003cbr\u003eaffected if they call these functions to verify signatures on untrusted\u003cbr\u003edata.\u003cbr\u003e\u003cbr\u003e" } ], "value": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "NULL pointer deference", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:45:24.701Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "NULL dereference during PKCS7 data verification", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0401", "datePublished": "2023-02-08T19:00:53.435Z", "dateReserved": "2023-01-19T14:01:41.081Z", "dateUpdated": "2024-08-02T05:10:55.825Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35260
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-11-19 20:09
Severity ?
EPSS score ?
Summary
curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.86.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:29:17.464Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1721098" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-35260", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-27T19:48:27.630222Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T20:09:10.400Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.86.0" } ] } ], "descriptions": [ { "lang": "en", "value": "curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1721098" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-35260", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2024-11-19T20:09:10.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0412
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 Version: >=3.6.0, <3.6.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.753Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18770" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.11" } ] } ], "descriptions": [ { "lang": "en", "value": "TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Uncontrolled recursion in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18770" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0412", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:55.753Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0662
Vulnerability from cvelistv5
Published
2023-02-16 06:24
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:50.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "PHP", "repo": "https://github.com/php/php-src", "vendor": "PHP Group", "versions": [ { "lessThan": "8.0.28", "status": "affected", "version": "8.0.x", "versionType": "semver" }, { "lessThan": "8.1.16", "status": "affected", "version": "8.1.x", "versionType": "semver" }, { "lessThan": "8.2.3", "status": "affected", "version": "8.2.x", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jakob Ackermann" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.\u0026nbsp;" } ], "value": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.\u00a0" } ], "impacts": [ { "capecId": "CAPEC-130", "descriptions": [ { "lang": "en", "value": "CAPEC-130 Excessive Allocation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T06:24:01.692Z", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php" }, "references": [ { "url": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv" }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "source": { "advisory": "https://github.com/php/php-src/security/advisories/GHSA-54hq-v5w", "discovery": "EXTERNAL" }, "title": "DoS vulnerability when parsing multipart request body", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2023-0662", "datePublished": "2023-02-16T06:24:01.692Z", "dateReserved": "2023-02-03T18:37:37.552Z", "dateUpdated": "2024-08-02T05:17:50.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3296
Vulnerability from cvelistv5
Published
2022-09-25 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.473Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0577", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077" }, { "url": "https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "958866b8-526a-4979-9471-39392e0c9077", "discovery": "EXTERNAL" }, "title": "Stack-based Buffer Overflow in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3296", "datePublished": "2022-09-25T00:00:00", "dateReserved": "2022-09-24T00:00:00", "dateUpdated": "2024-08-03T01:07:06.473Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-21291
Vulnerability from cvelistv5
Published
2022-01-19 11:23
Modified
2024-08-03 02:38
Severity ?
EPSS score ?
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220121-0007/ | x_refsource_CONFIRM | |
https://www.debian.org/security/2022/dsa-5057 | vendor-advisory, x_refsource_DEBIAN | |
https://www.debian.org/security/2022/dsa-5058 | vendor-advisory, x_refsource_DEBIAN | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/ | vendor-advisory, x_refsource_FEDORA | |
https://security.gentoo.org/glsa/202209-05 | vendor-advisory, x_refsource_GENTOO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:7u321 Version: Oracle Java SE:8u311 Version: Oracle Java SE:11.0.13 Version: Oracle Java SE:17.0.1 Version: Oracle GraalVM Enterprise Edition:20.3.4 Version: Oracle GraalVM Enterprise Edition:21.3.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:38:55.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220121-0007/" }, { "name": "DSA-5057", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5057" }, { "name": "DSA-5058", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5058" }, { "name": "FEDORA-2022-477401b0f7", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" }, { "name": "GLSA-202209-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-05" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:7u321" }, { "status": "affected", "version": "Oracle Java SE:8u311" }, { "status": "affected", "version": "Oracle Java SE:11.0.13" }, { "status": "affected", "version": "Oracle Java SE:17.0.1" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.4" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-07T23:19:34.932Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220121-0007/" }, { "name": "DSA-5057", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5057" }, { "name": "DSA-5058", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5058" }, { "name": "FEDORA-2022-477401b0f7", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" }, { "name": "GLSA-202209-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-05" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2022-21291", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Java SE JDK and JRE", "version": { "version_data": [ { "version_affected": "=", "version_value": "Oracle Java SE:7u321" }, { "version_affected": "=", "version_value": "Oracle Java SE:8u311" }, { "version_affected": "=", "version_value": "Oracle Java SE:11.0.13" }, { "version_affected": "=", "version_value": "Oracle Java SE:17.0.1" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:20.3.4" }, { "version_affected": "=", "version_value": "Oracle GraalVM Enterprise Edition:21.3.0" } ] } } ] }, "vendor_name": "Oracle Corporation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ] }, "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data." } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220121-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220121-0007/" }, { "name": "DSA-5057", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5057" }, { "name": "DSA-5058", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5058" }, { "name": "FEDORA-2022-477401b0f7", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2DIN3L6L3SVZK75CKW2GPSU4HIGZR7XG/" }, { "name": "GLSA-202209-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-05" } ] } } } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2022-21291", "datePublished": "2022-01-19T11:23:29", "dateReserved": "2021-11-15T00:00:00", "dateUpdated": "2024-08-03T02:38:55.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-1292
Vulnerability from cvelistv5
Published
2022-05-03 15:15
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:55:24.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23" }, { "tags": [ "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb" }, { "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html" }, { "name": "DSA-5139", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5139" }, { "name": "FEDORA-2022-b651cb69e6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/" }, { "name": "FEDORA-2022-c9c02865f6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "status": "affected", "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n)" }, { "status": "affected", "version": "Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)" } ] } ], "credits": [ { "lang": "en", "value": "Elison Niven (Sophos)" } ], "datePublic": "2022-05-03T00:00:00", "descriptions": [ { "lang": "en", "value": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd)." } ], "metrics": [ { "other": { "content": { "lang": "eng", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate", "value": "Moderate" }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "Command injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "url": "https://www.openssl.org/news/secadv/20220503.txt" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23" }, { "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb" }, { "name": "[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html" }, { "name": "DSA-5139", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5139" }, { "name": "FEDORA-2022-b651cb69e6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/" }, { "name": "FEDORA-2022-c9c02865f6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220602-0009/" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011" }, { "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" }, { "name": "GLSA-202210-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202210-02" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf" } ], "title": "The c_rehash script allows command injection" } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-1292", "datePublished": "2022-05-03T15:15:19.758225Z", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-09-16T22:24:42.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40303
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 12:14
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:14:40.053Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213534" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213533" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213531" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213536" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "url": "https://support.apple.com/kb/HT213534" }, { "url": "https://support.apple.com/kb/HT213533" }, { "url": "https://support.apple.com/kb/HT213531" }, { "url": "https://support.apple.com/kb/HT213536" }, { "url": "https://support.apple.com/kb/HT213535" }, { "name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40303", "datePublished": "2022-11-22T00:00:00", "dateReserved": "2022-09-09T00:00:00", "dateUpdated": "2024-08-03T12:14:40.053Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28163
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 111 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:30:24.127Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1817768" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "111", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. \u003cbr\u003e*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Windows Save As dialog resolved environment variables", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1817768" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-28163", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-03-13T00:00:00", "dateUpdated": "2024-08-02T12:30:24.127Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22003
Vulnerability from cvelistv5
Published
2023-04-18 19:54
Modified
2024-09-13 18:26
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2023.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Solaris Operating System |
Version: 10 Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:59:28.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-22003", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-13T17:57:38.827175Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-13T18:26:33.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "10" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-18T19:54:46.472Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-22003", "datePublished": "2023-04-18T19:54:46.472Z", "dateReserved": "2022-12-17T19:26:00.744Z", "dateUpdated": "2024-09-13T18:26:33.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0413
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 Version: >=3.6.0, <3.6.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18766" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Null pointer dereference in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18766" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0413", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:55.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23598
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 109 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.595Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800425" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "109", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Due to the Firefox GTK wrapper code\u0027s use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to \u003ccode\u003eDataTransfer.setData\u003c/code\u003e. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Arbitrary file read from GTK drag and drop on Linux", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800425" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-23598", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-16T00:00:00", "dateUpdated": "2024-08-02T10:35:33.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25752
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 111 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.593Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811627" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "111", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Potential out-of-bounds when accessing throttled streams", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811627" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25752", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.593Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-23521
Vulnerability from cvelistv5
Published
2023-01-17 22:17
Modified
2024-10-15 18:34
Severity ?
EPSS score ?
Summary
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
References
▼ | URL | Tags |
---|---|---|
https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89 | x_refsource_CONFIRM | |
https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202312-15 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | git | git |
Version: < 2.30.7 Version: >= 2.31.0, < 2.31.6 Version: >= 2.32.0, < 2.32.5 Version: >= 2.33.0, < 2.33.6 Version: >= 2.34.0, < 2.34.6 Version: >= 2.35.0, < 2.35.6 Version: >= 2.36.0, < 2.36.4 Version: >= 2.37.0, < 2.37.5 Version: >= 2.38.0, < 2.38.3 Version: = 2.39.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T03:43:46.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89" }, { "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-15" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-23521", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:36:25.330950Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T18:34:26.130Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "\u003c 2.30.7" }, { "status": "affected", "version": "\u003e= 2.31.0, \u003c 2.31.6" }, { "status": "affected", "version": "\u003e= 2.32.0, \u003c 2.32.5" }, { "status": "affected", "version": "\u003e= 2.33.0, \u003c 2.33.6" }, { "status": "affected", "version": "\u003e= 2.34.0, \u003c 2.34.6" }, { "status": "affected", "version": "\u003e= 2.35.0, \u003c 2.35.6" }, { "status": "affected", "version": "\u003e= 2.36.0, \u003c 2.36.4" }, { "status": "affected", "version": "\u003e= 2.37.0, \u003c 2.37.5" }, { "status": "affected", "version": "\u003e= 2.38.0, \u003c 2.38.3" }, { "status": "affected", "version": "= 2.39.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-17T22:17:17.765Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89" }, { "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76" }, { "url": "https://security.gentoo.org/glsa/202312-15" } ], "source": { "advisory": "GHSA-c738-c5qq-xg89", "discovery": "UNKNOWN" }, "title": "gitattributes parsing integer overflow in git" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23521", "datePublished": "2023-01-17T22:17:17.765Z", "dateReserved": "2022-01-19T21:23:53.781Z", "dateUpdated": "2024-10-15T18:34:26.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3256
Vulnerability from cvelistv5
Published
2022-09-22 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:05.916Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0530", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0530." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3" }, { "url": "https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "8336a3df-212a-4f8d-ae34-76ef1f936bb3", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3256", "datePublished": "2022-09-22T00:00:00", "dateReserved": "2022-09-21T00:00:00", "dateUpdated": "2024-08-03T01:07:05.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-38171
Vulnerability from cvelistv5
Published
2022-08-22 18:33
Modified
2024-09-16 18:34
Severity ?
EPSS score ?
Summary
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:45:52.914Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.xpdfreader.com/security-fixes.html" }, { "tags": [ "x_transferred" ], "url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz" }, { "tags": [ "x_transferred" ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-30860" }, { "tags": [ "x_transferred" ], "url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/jeffssh/CVE-2021-30860" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "tags": [ "x_transferred" ], "url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-04-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-18T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "http://www.xpdfreader.com/security-fixes.html" }, { "url": "https://dl.xpdfreader.com/xpdf-4.04.tar.gz" }, { "url": "https://www.cve.org/CVERecord?id=CVE-2021-30860" }, { "url": "https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html" }, { "url": "https://github.com/jeffssh/CVE-2021-30860" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "url": "https://github.com/zmanion/Vulnerabilities/blob/main/CVE-2022-38171.md" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.9" } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-38171", "datePublished": "2022-08-22T18:33:47.097485Z", "dateReserved": "2022-08-12T00:00:00", "dateUpdated": "2024-09-16T18:34:06.293Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30631
Vulnerability from cvelistv5
Published
2022-08-09 20:16
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | compress/gzip |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417067" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53168" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0524" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "compress/gzip", "product": "compress/gzip", "programRoutines": [ { "name": "Reader.Read" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:40.977Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417067" }, { "url": "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e" }, { "url": "https://go.dev/issue/53168" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0524" } ], "title": "Stack exhaustion when reading certain archives in compress/gzip" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30631", "datePublished": "2022-08-09T20:16:32", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0718
Vulnerability from cvelistv5
Published
2022-08-29 14:03
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2056850 | x_refsource_MISC | |
https://bugs.launchpad.net/oslo.utils/+bug/1949623 | x_refsource_MISC | |
https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa | x_refsource_MISC | |
https://security-tracker.debian.org/tracker/CVE-2022-0718 | x_refsource_MISC | |
https://access.redhat.com/security/cve/CVE-2022-0718 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | openstack/python-oslo.utils |
Version: Affects all versions, Fixed in 4.10.1, 4.12.1. |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:40:03.318Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056850" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.launchpad.net/oslo.utils/+bug/1949623" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-0718" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0718" }, { "name": "[debian-lts-announce] 20220913 [SECURITY] [DLA 3106-1] python-oslo.utils security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "openstack/python-oslo.utils", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Affects all versions, Fixed in 4.10.1, 4.12.1." } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( \" ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 - Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-13T15:06:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056850" }, { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.launchpad.net/oslo.utils/+bug/1949623" }, { "tags": [ "x_refsource_MISC" ], "url": "https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa" }, { "tags": [ "x_refsource_MISC" ], "url": "https://security-tracker.debian.org/tracker/CVE-2022-0718" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/cve/CVE-2022-0718" }, { "name": "[debian-lts-announce] 20220913 [SECURITY] [DLA 3106-1] python-oslo.utils security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00015.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0718", "datePublished": "2022-08-29T14:03:04", "dateReserved": "2022-02-22T00:00:00", "dateUpdated": "2024-08-02T23:40:03.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32208
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:55.993Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1590071" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-840", "description": "Business Logic Errors (CWE-840)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1590071" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32208", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:55.993Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3705
Vulnerability from cvelistv5
Published
2022-10-26 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | unspecified | vim |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:57.031Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.212324" }, { "name": "FEDORA-2022-06e4f1dd58", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "FEDORA-2022-3d354ef0fb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221223-0004/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Memory Corruption -\u003e CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731" }, { "url": "https://vuldb.com/?id.212324" }, { "name": "FEDORA-2022-06e4f1dd58", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4JCW33NOLMELTTTDJH7WGDIFJZ5YEEMK/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "FEDORA-2022-3d354ef0fb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYEK5RNMH7MVQH6RPBKLSCCA6NMIKHDV/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "url": "https://security.netapp.com/advisory/ntap-20221223-0004/" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "vim autocmd quickfix.c qf_update_buffer use after free", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3705", "datePublished": "2022-10-26T00:00:00", "dateReserved": "2022-10-26T00:00:00", "dateUpdated": "2024-08-03T01:20:57.031Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0411
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 Version: >=3.6.0, <3.6.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.910Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-06.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18711" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18720" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18737" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Excessive iteration in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-06.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18711" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18720" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18737" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0411", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:55.910Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0415
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 Version: >=3.6.0, <3.6.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.974Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-05.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18796" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.11" } ] } ], "descriptions": [ { "lang": "en", "value": "iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Null pointer dereference in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-05.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18796" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0415.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0415", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:55.974Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0800
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/496" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds write in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/issues/496" }, { "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0800.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0800", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46340
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.324Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-46340" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-3d88188071", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order." } ], "problemTypes": [ { "descriptions": [ { "description": "stack overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2022-46340" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151755" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-3d88188071", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWTH3SNJ3GKYDSN7I3QDGWYEPSMWU6EP/" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46340", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.324Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4450
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:41
Severity ?
EPSS score ?
Summary
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data.
If the function succeeds then the "name_out", "header" and "data" arguments are
populated with pointers to buffers containing the relevant decoded data. The
caller is responsible for freeing those buffers. It is possible to construct a
PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()
will return a failure code but will populate the header argument with a pointer
to a buffer that has already been freed. If the caller also frees this buffer
then a double free will occur. This will most likely lead to a crash. This
could be exploited by an attacker who has the ability to supply malicious PEM
files for parsing to achieve a denial of service attack.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal
uses of these functions are not vulnerable because the caller does not free the
header argument if PEM_read_bio_ex() returns a failure code. These locations
include the PEM_read_bio_TYPE() functions as well as the decoders introduced in
OpenSSL 3.0.
The OpenSSL asn1parse command line application is also impacted by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:41:44.632Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "CarpetFuzz" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Dawei Wang" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "Marc Sch\u00f6nefeld" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Kurt Roeckx" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\u003cbr\u003edecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\u003cbr\u003eIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\u003cbr\u003epopulated with pointers to buffers containing the relevant decoded data. The\u003cbr\u003ecaller is responsible for freeing those buffers. It is possible to construct a\u003cbr\u003ePEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\u003cbr\u003ewill return a failure code but will populate the header argument with a pointer\u003cbr\u003eto a buffer that has already been freed. If the caller also frees this buffer\u003cbr\u003ethen a double free will occur. This will most likely lead to a crash. This\u003cbr\u003ecould be exploited by an attacker who has the ability to supply malicious PEM\u003cbr\u003efiles for parsing to achieve a denial of service attack.\u003cbr\u003e\u003cbr\u003eThe functions PEM_read_bio() and PEM_read() are simple wrappers around\u003cbr\u003ePEM_read_bio_ex() and therefore these functions are also directly affected.\u003cbr\u003e\u003cbr\u003eThese functions are also called indirectly by a number of other OpenSSL\u003cbr\u003efunctions including PEM_X509_INFO_read_bio_ex() and\u003cbr\u003eSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\u003cbr\u003euses of these functions are not vulnerable because the caller does not free the\u003cbr\u003eheader argument if PEM_read_bio_ex() returns a failure code. These locations\u003cbr\u003einclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\u003cbr\u003eOpenSSL 3.0.\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eThe OpenSSL asn1parse command line application is also impacted by this issue.\u003c/div\u003e\u003cbr\u003e" } ], "value": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.\n\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "double-free", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:53:33.164Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Double free after calling PEM_read_bio_ex", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4450", "datePublished": "2023-02-08T19:04:04.874Z", "dateReserved": "2022-12-13T13:38:08.598Z", "dateUpdated": "2024-08-03T01:41:44.632Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-27778
Vulnerability from cvelistv5
Published
2022-06-01 19:03
Modified
2024-08-03 05:32
Severity ?
EPSS score ?
Summary
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
References
▼ | URL | Tags |
---|---|---|
https://hackerone.com/reports/1553598 | x_refsource_MISC | |
https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220609-0009/ | x_refsource_CONFIRM | |
https://security.netapp.com/advisory/ntap-20220729-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: fixed in 7.83.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:32:59.845Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/1553598" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "fixed in 7.83.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-706", "description": "Use of Incorrectly-Resolved Name or Reference (CWE-706)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-07-29T19:09:59", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/1553598" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-27778", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "https://github.com/curl/curl", "version": { "version_data": [ { "version_value": "fixed in 7.83.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Use of Incorrectly-Resolved Name or Reference (CWE-706)" } ] } ] }, "references": { "reference_data": [ { "name": "https://hackerone.com/reports/1553598", "refsource": "MISC", "url": "https://hackerone.com/reports/1553598" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220609-0009/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0004/" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-27778", "datePublished": "2022-06-01T19:03:32", "dateReserved": "2022-03-23T00:00:00", "dateUpdated": "2024-08-03T05:32:59.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37519
Vulnerability from cvelistv5
Published
2023-02-03 00:00
Modified
2024-08-04 01:22
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:22:59.364Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/memcached/memcached/issues/805" }, { "tags": [ "x_transferred" ], "url": "https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/memcached/memcached/issues/805" }, { "url": "https://github.com/memcached/memcached/pull/806/commits/264722ae4e248b453be00e97197dadc685b60fd0" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-37519", "datePublished": "2023-02-03T00:00:00", "dateReserved": "2021-07-26T00:00:00", "dateUpdated": "2024-08-04T01:22:59.364Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22809
Vulnerability from cvelistv5
Published
2023-01-18 00:00
Modified
2024-08-02 10:20
Severity ?
EPSS score ?
Summary
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:20:30.856Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.sudo.ws/security/advisories/sudoedit_any/" }, { "name": "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html" }, { "name": "DSA-5321", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5321" }, { "name": "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/01/19/1" }, { "name": "FEDORA-2023-9078f609e6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230127-0015/" }, { "name": "FEDORA-2023-298c136eee", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html" }, { "name": "GLSA-202305-12", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-12" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213758" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html" }, { "name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Aug/21" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR=\u0027vim -- /path/to/extra/file\u0027 value." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T07:06:47.365601", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf" }, { "url": "https://www.sudo.ws/security/advisories/sudoedit_any/" }, { "name": "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html" }, { "name": "DSA-5321", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5321" }, { "name": "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/01/19/1" }, { "name": "FEDORA-2023-9078f609e6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/" }, { "url": "https://security.netapp.com/advisory/ntap-20230127-0015/" }, { "name": "FEDORA-2023-298c136eee", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/" }, { "url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html" }, { "name": "GLSA-202305-12", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-12" }, { "url": "https://support.apple.com/kb/HT213758" }, { "url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html" }, { "name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Aug/21" }, { "url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-22809", "datePublished": "2023-01-18T00:00:00", "dateReserved": "2023-01-06T00:00:00", "dateUpdated": "2024-08-02T10:20:30.856Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23599
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 109 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.373Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1777800" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "109", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Malicious command could be hidden in devtools output on Windows", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1777800" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-23599", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-16T00:00:00", "dateUpdated": "2024-08-02T10:35:33.373Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0802
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.508Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/500" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds write in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/500" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0802.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0802", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.508Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-12613
Vulnerability from cvelistv5
Published
2017-10-24 01:00
Modified
2024-08-05 18:43
Severity ?
EPSS score ?
Summary
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Portable Runtime |
Version: 1.6.2 and prior |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T18:43:56.151Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html" }, { "name": "RHSA-2018:0316", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976" }, { "name": "1042004", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1042004" }, { "name": "RHSA-2017:3475", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "name": "RHSA-2018:0465", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.apache.org/dist/apr/Announcement1.x.html" }, { "name": "RHSA-2017:3270", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E" }, { "name": "RHSA-2017:3476", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "name": "RHSA-2018:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1253" }, { "name": "RHSA-2017:3477", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "name": "RHSA-2018:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "name": "101560", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/101560" }, { "name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E" }, { "name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E" }, { "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E" }, { "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E" }, { "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Portable Runtime", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "1.6.2 and prior" } ] } ], "datePublic": "2017-10-23T00:00:00", "descriptions": [ { "lang": "en", "value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-01-25T01:06:07", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html" }, { "name": "RHSA-2018:0316", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976" }, { "name": "1042004", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1042004" }, { "name": "RHSA-2017:3475", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "name": "RHSA-2018:0465", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.apache.org/dist/apr/Announcement1.x.html" }, { "name": "RHSA-2017:3270", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E" }, { "name": "RHSA-2017:3476", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "name": "RHSA-2018:1253", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1253" }, { "name": "RHSA-2017:3477", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "name": "RHSA-2018:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "name": "101560", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/101560" }, { "name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E" }, { "name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E" }, { "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E" }, { "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E" }, { "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2017-12613", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Portable Runtime", "version": { "version_data": [ { "version_value": "1.6.2 and prior" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-lts-announce] 20171106 [SECURITY] [DLA 1162-1] apr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html" }, { "name": "RHSA-2018:0316", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "name": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976", "refsource": "CONFIRM", "url": "https://svn.apache.org/viewvc?view=revision\u0026revision=1807976" }, { "name": "1042004", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1042004" }, { "name": "RHSA-2017:3475", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "name": "RHSA-2018:0465", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "name": "http://www.apache.org/dist/apr/Announcement1.x.html", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/apr/Announcement1.x.html" }, { "name": "RHSA-2017:3270", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "name": "[announce] 20171023 Apache Portable Runtime APR 1.6.3, APR-util 1.6.1 and APR-iconv 1.2.2 Released", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E" }, { "name": "RHSA-2017:3476", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "name": "RHSA-2018:1253", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1253" }, { "name": "RHSA-2017:3477", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "name": "RHSA-2018:0466", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "name": "101560", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101560" }, { "name": "[apr-commits] 20210816 svn commit: r1892358 - /apr/apr/branches/1.7.x/CHANGES", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9@%3Ccommits.apr.apache.org%3E" }, { "name": "[apr-commits] 20210820 svn commit: r49582 - /release/apr/patches/apr-1.7.0-CVE-2021-35940.patch", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339@%3Ccommits.apr.apache.org%3E" }, { "name": "[apr-dev] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e@%3Cdev.apr.apache.org%3E" }, { "name": "[oss-security] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "name": "[announce] 20210823 CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b@%3Cannounce.apache.org%3E" }, { "name": "[apr-dev] 20210916 Re: CVE-2021-35940: Apache Portable Runtime (APR): Regression of CVE-2017-12613", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8@%3Cdev.apr.apache.org%3E" }, { "name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2897-1] apr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-12613", "datePublished": "2017-10-24T01:00:00", "dateReserved": "2017-08-07T00:00:00", "dateUpdated": "2024-08-05T18:43:56.151Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30633
Vulnerability from cvelistv5
Published
2022-08-09 20:16
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | encoding/xml |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417061" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53611" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0523" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "encoding/xml", "product": "encoding/xml", "programRoutines": [ { "name": "Decoder.DecodeElement" }, { "name": "Decoder.unmarshal" }, { "name": "Decoder.unmarshalPath" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \u0027any\u0027 field tag." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:39.511Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417061" }, { "url": "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08" }, { "url": "https://go.dev/issue/53611" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0523" } ], "title": "Stack exhaustion when unmarshaling certain documents in encoding/xml" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30633", "datePublished": "2022-08-09T20:16:19", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.196Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25729
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Extensions could have opened external schemes without user knowledge", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1792138" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25729", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.249Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25738
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811852" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Members of the \u003ccode\u003eDEVMODEW\u003c/code\u003e struct set by the printer device driver weren\u0027t being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.\u003cbr\u003e*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Printing on Windows could potentially crash Firefox with some device drivers", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811852" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25738", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24998
Vulnerability from cvelistv5
Published
2023-02-20 15:57
Modified
2024-08-02 11:11
Severity ?
EPSS score ?
Summary
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Note that, like all of the file upload limits, the
new configuration option (FileUploadBase#setFileCountMax) is not
enabled by default and must be explicitly configured.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apache Software Foundation | Apache Commons FileUpload |
Version: 0 ≤ |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:11:43.763Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230302-0013/" }, { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/05/22/1" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-37" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5522" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Commons FileUpload", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "1.5", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "11.0.0-M1" }, { "lessThanOrEqual": "10.1.4", "status": "affected", "version": "10.0.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "9.0.70", "status": "affected", "version": "9.0.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "8.5.84", "status": "affected", "version": "8.5.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Jakob Ackermann" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\u003cbr\u003e\u003c/div\u003e" } ], "value": "Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\n\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-23T09:34:44.714Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy" }, { "url": "http://www.openwall.com/lists/oss-security/2023/05/22/1" }, { "url": "https://security.gentoo.org/glsa/202305-37" }, { "url": "https://www.debian.org/security/2023/dsa-5522" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-24998", "datePublished": "2023-02-20T15:57:07.372Z", "dateReserved": "2023-02-01T10:32:05.492Z", "dateUpdated": "2024-08-02T11:11:43.763Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-45939
Vulnerability from cvelistv5
Published
2022-11-28 00:00
Modified
2024-08-03 14:24
Severity ?
EPSS score ?
Summary
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:24:03.228Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51" }, { "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3257-1] emacs security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00046.html" }, { "name": "FEDORA-2022-d69c7f95a4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/" }, { "name": "FEDORA-2022-e37f239f2e", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/" }, { "name": "DSA-5314", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5314" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the \"ctags *\" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-12T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51" }, { "name": "[debian-lts-announce] 20221231 [SECURITY] [DLA 3257-1] emacs security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00046.html" }, { "name": "FEDORA-2022-d69c7f95a4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GOXIH2FDEQJEAARE52C3GHTLGQFBYPIB/" }, { "name": "FEDORA-2022-e37f239f2e", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FOSK3J7BBAEI4IITW2DRUKLQYUZYKH6Y/" }, { "name": "DSA-5314", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5314" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-45939", "datePublished": "2022-11-28T00:00:00", "dateReserved": "2022-11-28T00:00:00", "dateUpdated": "2024-08-03T14:24:03.228Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36760
Vulnerability from cvelistv5
Published
2023-01-17 19:11
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
References
▼ | URL | Tags |
---|---|---|
https://httpd.apache.org/security/vulnerabilities_24.html | vendor-advisory | |
https://security.gentoo.org/glsa/202309-01 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4 ≤ 2.4.54 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:14:28.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.54", "status": "affected", "version": "2.4", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "ZeddYu_Lu from Qi\u0027anxin Research Institute of Legendsec at Qi\u0027anxin Group" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions." } ], "value": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027) vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-17T19:11:55.106Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.gentoo.org/glsa/202309-01" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2022-07-12T11:00:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: mod_proxy_ajp Possible request smuggling", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-36760", "datePublished": "2023-01-17T19:11:55.106Z", "dateReserved": "2022-07-25T12:18:16.655Z", "dateUpdated": "2024-08-03T10:14:28.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46344
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-46344" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/13/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ], "problemTypes": [ { "descriptions": [ { "description": "out-of-bounds access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2022-46344" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/13/1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46344", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32207
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.011Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1573634" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-840", "description": "Business Logic Errors (CWE-840)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1573634" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32207", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.011Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25737
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811464" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An invalid downcast from \u003ccode\u003ensTextNode\u003c/code\u003e to \u003ccode\u003eSVGElement\u003c/code\u003e could have lead to undefined behavior. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Invalid downcast in SVGUtils::SetupStrokeGeometry", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811464" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25737", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0767
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.139Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230324-0008/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640" }, { "tags": [ "x_transferred" ], "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Arbitrary memory write via PKCS 12 in NSS", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-23T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640" }, { "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-0767", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-09T00:00:00", "dateUpdated": "2024-08-02T05:24:34.139Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-29526
Vulnerability from cvelistv5
Published
2022-06-22 13:15
Modified
2024-08-03 06:26
Severity ?
EPSS score ?
Summary
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:26:06.342Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/golang/go/issues/52313" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" }, { "name": "FEDORA-2022-fae3ecee19", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ffe7dba2cb", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/" }, { "name": "FEDORA-2022-ba365d3703", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0001/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-17T03:08:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/golang/go/issues/52313" }, { "tags": [ "x_refsource_MISC" ], "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" }, { "name": "FEDORA-2022-fae3ecee19", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ffe7dba2cb", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/" }, { "name": "FEDORA-2022-ba365d3703", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0001/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-29526", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://groups.google.com/g/golang-announce", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce" }, { "name": "https://github.com/golang/go/issues/52313", "refsource": "MISC", "url": "https://github.com/golang/go/issues/52313" }, { "name": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "refsource": "MISC", "url": "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU" }, { "name": "FEDORA-2022-fae3ecee19", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ffe7dba2cb", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/" }, { "name": "FEDORA-2022-ba365d3703", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0001/" }, { "name": "GLSA-202208-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-29526", "datePublished": "2022-06-22T13:15:32", "dateReserved": "2022-04-20T00:00:00", "dateUpdated": "2024-08-03T06:26:06.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21896
Vulnerability from cvelistv5
Published
2023-04-18 19:54
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2023.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Solaris Operating System |
Version: 10 Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:51:51.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21896", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T19:30:13.575307Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T19:30:50.474Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "10" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-18T19:54:00.359Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21896", "datePublished": "2023-04-18T19:54:00.359Z", "dateReserved": "2022-12-17T19:26:00.710Z", "dateUpdated": "2024-09-16T19:30:50.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0804
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.485Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/497" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230324-0009/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "name": "FEDORA-2023-8daf1023c7", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds write in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-01T05:06:14.054567", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/497" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0804.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230324-0009/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" }, { "name": "FEDORA-2023-8daf1023c7", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBF3UUFSB6NB3NFTQSKOOIZGXJP3T34Z/" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0804", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.485Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-37436
Vulnerability from cvelistv5
Published
2023-01-17 19:12
Modified
2024-08-03 10:29
Severity ?
EPSS score ?
Summary
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
References
▼ | URL | Tags |
---|---|---|
https://httpd.apache.org/security/vulnerabilities_24.html | vendor-advisory | |
https://security.gentoo.org/glsa/202309-01 |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T10:29:20.979Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThan": "2.4.55", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Dimas Fariski Setyawan Putra (@nyxsorcerer)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client." } ], "value": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-113", "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-17T19:12:59.968Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.gentoo.org/glsa/202309-01" } ], "source": { "discovery": "UNKNOWN" }, "timeline": [ { "lang": "en", "time": "2022-07-14T06:22:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: mod_proxy prior to 2.4.55 allows a backend to trigger HTTP response splitting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-37436", "datePublished": "2023-01-17T19:12:59.968Z", "dateReserved": "2022-08-05T12:37:59.731Z", "dateUpdated": "2024-08-03T10:29:20.979Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2980
Vulnerability from cvelistv5
Published
2022-08-25 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0259", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea" }, { "url": "https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "6e7b12a5-242c-453d-b39e-9625d563b0ea", "discovery": "EXTERNAL" }, "title": "NULL Pointer Dereference in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2980", "datePublished": "2022-08-25T00:00:00", "dateReserved": "2022-08-24T00:00:00", "dateUpdated": "2024-08-03T00:53:00.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-30860
Vulnerability from cvelistv5
Published
2021-08-24 18:49
Modified
2024-08-03 22:48
Severity ?
EPSS score ?
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:48:13.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212804" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212805" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212807" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://support.apple.com/en-us/HT212806" }, { "name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/28" }, { "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/27" }, { "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/25" }, { "name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/26" }, { "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/40" }, { "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/38" }, { "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/39" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/kb/HT212824" }, { "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/50" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "name": "GLSA-202209-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-21" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "2021-005", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "7.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS", "vendor": "Apple", "versions": [ { "lessThan": "14.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ], "problemTypes": [ { "descriptions": [ { "description": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:49", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212804" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212805" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212807" }, { "tags": [ "x_refsource_MISC" ], "url": "https://support.apple.com/en-us/HT212806" }, { "name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/28" }, { "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/27" }, { "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/25" }, { "name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/26" }, { "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/40" }, { "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/38" }, { "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/39" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/kb/HT212824" }, { "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2021/Sep/50" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "name": "GLSA-202209-21", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-21" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30860", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "11.6" } ] } }, { "product_name": "macOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "2021-005" } ] } }, { "product_name": "watchOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "7.6" } ] } }, { "product_name": "iOS", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "14.8" } ] } } ] }, "vendor_name": "Apple" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." } ] } ] }, "references": { "reference_data": [ { "name": "https://support.apple.com/en-us/HT212804", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212804" }, { "name": "https://support.apple.com/en-us/HT212805", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212805" }, { "name": "https://support.apple.com/en-us/HT212807", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212807" }, { "name": "https://support.apple.com/en-us/HT212806", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212806" }, { "name": "20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/28" }, { "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/27" }, { "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/25" }, { "name": "20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/26" }, { "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/40" }, { "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/38" }, { "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/39" }, { "name": "https://support.apple.com/kb/HT212824", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212824" }, { "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/50" }, { "name": "[oss-security] 20220902 JBIG2 integer overflow fixed in Xpdf 4.04, Poppler 22.09.0", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/09/02/11" }, { "name": "GLSA-202209-21", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-21" } ] } } } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30860", "datePublished": "2021-08-24T18:49:25", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2024-08-03T22:48:13.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0799
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/494" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds read in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/494" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0799.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0799", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.278Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3099
Vulnerability from cvelistv5
Published
2022-09-03 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0360.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.845Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "FEDORA-2022-3f5099bcc9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/" }, { "name": "FEDORA-2022-c28b637883", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0360", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0360." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e" }, { "url": "https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "FEDORA-2022-3f5099bcc9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DVWBI4BVTBUMNW4NMB3WZZDQJBKIGXI3/" }, { "name": "FEDORA-2022-c28b637883", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LLK2RMZEECKKWUQK7J46D2FQZOXFQLTC/" }, { "name": "[debian-lts-announce] 20221108 [SECURITY] [DLA 3182-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "403210c7-6cc7-4874-8934-b57f88bd4f5e", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3099", "datePublished": "2022-09-03T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T01:00:10.845Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0795
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/493" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds read in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/issues/493" }, { "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0795.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0795", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32206
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.021Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1570651" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling (CWE-770)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1570651" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/15/3" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32206", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.021Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46877
Vulnerability from cvelistv5
Published
2022-12-22 00:00
Modified
2024-08-03 14:39
Severity ?
EPSS score ?
Summary
By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:39:38.789Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795139" }, { "name": "DSA-5322", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5322" }, { "name": "[debian-lts-announce] 20230119 [SECURITY] [DLA 3275-1] firefox-esr security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html" }, { "name": "DSA-5355", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5355" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3324-1] thunderbird security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-13" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "108", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox \u003c 108." } ], "problemTypes": [ { "descriptions": [ { "description": "Fullscreen notification bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2022-51/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1795139" }, { "name": "DSA-5322", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5322" }, { "name": "[debian-lts-announce] 20230119 [SECURITY] [DLA 3275-1] firefox-esr security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00015.html" }, { "name": "DSA-5355", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5355" }, { "name": "[debian-lts-announce] 20230220 [SECURITY] [DLA 3324-1] thunderbird security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00018.html" }, { "name": "GLSA-202305-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-06" }, { "name": "GLSA-202305-13", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-13" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2022-46877", "datePublished": "2022-12-22T00:00:00", "dateReserved": "2022-12-09T00:00:00", "dateUpdated": "2024-08-03T14:39:38.789Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25743
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.727Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800203" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.\u003cbr\u003e*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Fullscreen notification not shown in Firefox Focus", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800203" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25743", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.727Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0803
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/501" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds write in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/501" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0803.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0002/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0803", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0286
Vulnerability from cvelistv5
Published
2023-02-08 19:01
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but
the public structure definition for GENERAL_NAME incorrectly specified the type
of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by
the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an
ASN1_STRING.
When CRL checking is enabled (i.e. the application sets the
X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass
arbitrary pointers to a memcmp call, enabling them to read memory contents or
enact a denial of service. In most cases, the attack requires the attacker to
provide both the certificate chain and CRL, neither of which need to have a
valid signature. If the attacker only controls one of these inputs, the other
input must already contain an X.400 address as a CRL distribution point, which
is uncommon. As such, this vulnerability is most likely to only affect
applications which have implemented their own functionality for retrieving CRLs
over a network.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:44.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "tags": [ "x_transferred" ], "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "David Benjamin (Google)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Hugo Landau" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There is a type confusion vulnerability relating to X.400 address processing\u003cbr\u003einside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\u003cbr\u003ethe public structure definition for GENERAL_NAME incorrectly specified the type\u003cbr\u003eof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\u003cbr\u003ethe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\u003cbr\u003eASN1_STRING.\u003cbr\u003e\u003cbr\u003eWhen CRL checking is enabled (i.e. the application sets the\u003cbr\u003eX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\u003cbr\u003earbitrary pointers to a memcmp call, enabling them to read memory contents or\u003cbr\u003eenact a denial of service. In most cases, the attack requires the attacker to\u003cbr\u003eprovide both the certificate chain and CRL, neither of which need to have a\u003cbr\u003evalid signature. If the attacker only controls one of these inputs, the other\u003cbr\u003einput must already contain an X.400 address as a CRL distribution point, which\u003cbr\u003eis uncommon. As such, this vulnerability is most likely to only affect\u003cbr\u003eapplications which have implemented their own functionality for retrieving CRLs\u003cbr\u003eover a network.\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "High" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": " type confusion vulnerability", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-27T18:25:32.958867Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658" }, { "name": "1.1.1t git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9" }, { "name": "1.0.2zg patch (premium)", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig" }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "X.400 address type confusion in X.509 GeneralName", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2023-0286", "datePublished": "2023-02-08T19:01:50.514Z", "dateReserved": "2023-01-13T10:40:41.259Z", "dateUpdated": "2024-08-02T05:02:44.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3235
Vulnerability from cvelistv5
Published
2022-09-18 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0490", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0490." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af" }, { "url": "https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "96d5f7a0-a834-4571-b73b-0fe523b941af", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3235", "datePublished": "2022-09-18T00:00:00", "dateReserved": "2022-09-17T00:00:00", "dateUpdated": "2024-08-03T01:00:10.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30629
Vulnerability from cvelistv5
Published
2022-08-09 20:17
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | crypto/tls |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/405994" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/52814" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0531" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "crypto/tls", "product": "crypto/tls", "programRoutines": [ { "name": "serverHandshakeStateTLS13.sendSessionTickets" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.11", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.3", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Github user @nervuri" } ], "descriptions": [ { "lang": "en", "value": "Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-200: Information Exposure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:50.302Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/405994" }, { "url": "https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5" }, { "url": "https://go.dev/issue/52814" }, { "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0531" } ], "title": "Session tickets lack random ticket_age_add in crypto/tls" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30629", "datePublished": "2022-08-09T20:17:31", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3037
Vulnerability from cvelistv5
Published
2022-08-30 20:35
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0322.
References
▼ | URL | Tags |
---|---|---|
https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 | x_refsource_CONFIRM | |
https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/ | vendor-advisory, x_refsource_FEDORA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb" }, { "name": "FEDORA-2022-221bd89404", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/" }, { "name": "FEDORA-2022-35d9bdb7dc", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0322", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0322." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-14T03:06:28", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb" }, { "name": "FEDORA-2022-221bd89404", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/" }, { "name": "FEDORA-2022-35d9bdb7dc", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" } ], "source": { "advisory": "af4c2f2d-d754-4607-b565-9e92f3f717b5", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@huntr.dev", "ID": "CVE-2022-3037", "STATE": "PUBLIC", "TITLE": "Use After Free in vim/vim" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "vim/vim", "version": { "version_data": [ { "version_affected": "\u003c", "version_value": "9.0.0322" } ] } } ] }, "vendor_name": "vim" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0322." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-416 Use After Free" } ] } ] }, "references": { "reference_data": [ { "name": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5" }, { "name": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb", "refsource": "MISC", "url": "https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb" }, { "name": "FEDORA-2022-221bd89404", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RY3GEN2Q46ZJKSNHTN2XB6B3VAJBEILN/" }, { "name": "FEDORA-2022-35d9bdb7dc", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHJ6LCLHGGVI2U6ZHXHTZ2PYP4STC23N/" }, { "name": "FEDORA-2022-b9edf60581", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" } ] }, "source": { "advisory": "af4c2f2d-d754-4607-b565-9e92f3f717b5", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3037", "datePublished": "2022-08-30T20:35:10", "dateReserved": "2022-08-29T00:00:00", "dateUpdated": "2024-08-03T01:00:10.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24675
Vulnerability from cvelistv5
Published
2022-04-20 00:00
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:49.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" }, { "name": "FEDORA-2022-a49babed75", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/" }, { "name": "FEDORA-2022-c0f780ecf1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/" }, { "name": "FEDORA-2022-e46e6e8317", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/" }, { "name": "FEDORA-2022-fae3ecee19", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ba365d3703", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0010/" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://groups.google.com/g/golang-announce" }, { "url": "https://groups.google.com/g/golang-announce/c/oecdBNLOml8" }, { "name": "FEDORA-2022-a49babed75", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/" }, { "name": "FEDORA-2022-c0f780ecf1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/" }, { "name": "FEDORA-2022-e46e6e8317", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/" }, { "name": "FEDORA-2022-fae3ecee19", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/" }, { "name": "FEDORA-2022-ba365d3703", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/" }, { "name": "GLSA-202208-02", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202208-02" }, { "name": "FEDORA-2022-30c5ed5625", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0010/" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24675", "datePublished": "2022-04-20T00:00:00", "dateReserved": "2022-02-08T00:00:00", "dateUpdated": "2024-08-03T04:20:49.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30635
Vulnerability from cvelistv5
Published
2022-08-09 20:16
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | encoding/gob |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417064" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53615" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0526" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "encoding/gob", "product": "encoding/gob", "programRoutines": [ { "name": "Decoder.decIgnoreOpFor" }, { "name": "Decoder.compileIgnoreSingle" }, { "name": "Decoder.compileDec" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:46.476Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417064" }, { "url": "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7" }, { "url": "https://go.dev/issue/53615" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0526" } ], "title": "Stack exhaustion when decoding certain messages in encoding/gob" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30635", "datePublished": "2022-08-09T20:16:05", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.235Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39253
Vulnerability from cvelistv5
Published
2022-10-19 00:00
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:43.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85" }, { "name": "FEDORA-2022-12790ca71a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFYXCTLOSESYIP72BUYD6ECDIMUM4WMB/" }, { "name": "FEDORA-2022-8b58806840", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213496" }, { "name": "FEDORA-2022-53aadd995f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/" }, { "name": "20221107 APPLE-SA-2022-11-01-1 Xcode 14.1", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Nov/1" }, { "name": "FEDORA-2022-2c33bba286", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMQWGMDLX6KTVWW5JZLVPI7ICAK72TN7/" }, { "name": "FEDORA-2022-fb088df94c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/" }, { "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html" }, { "name": "[oss-security] 20230214 [Announce] Git 2.39.2 and friends", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/5" }, { "name": "GLSA-202312-15", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-15" }, { "name": "[oss-security] 20240514 git: 5 vulnerabilities fixed", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "\u003c 2.30.6" }, { "status": "affected", "version": "\u003c 2.31.5" }, { "status": "affected", "version": "\u003c 2.32.4" }, { "status": "affected", "version": "\u003c 2.33.5" }, { "status": "affected", "version": "\u003c 2.34.5" }, { "status": "affected", "version": "\u003c 2.35.5" }, { "status": "affected", "version": "\u003c 2.36.3" }, { "status": "affected", "version": "\u003c 2.37.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source\u0027s `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim\u0027s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-10T17:14:58.362681", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/git/git/security/advisories/GHSA-3wp6-j8xr-qw85" }, { "name": "FEDORA-2022-12790ca71a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VFYXCTLOSESYIP72BUYD6ECDIMUM4WMB/" }, { "name": "FEDORA-2022-8b58806840", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKFHE4KVD7EKS5J3KTDFVBEKU3CLXGVV/" }, { "url": "https://support.apple.com/kb/HT213496" }, { "name": "FEDORA-2022-53aadd995f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHNO2FB55CPX47BAXMBWUBGWHO6N6ZZH/" }, { "name": "20221107 APPLE-SA-2022-11-01-1 Xcode 14.1", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Nov/1" }, { "name": "FEDORA-2022-2c33bba286", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMQWGMDLX6KTVWW5JZLVPI7ICAK72TN7/" }, { "name": "FEDORA-2022-fb088df94c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C7B6JPKX5CGGLAHXJVQMIZNNEEB72FHD/" }, { "name": "[debian-lts-announce] 20221213 [SECURITY] [DLA 3239-1] git security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html" }, { "name": "[oss-security] 20230214 [Announce] Git 2.39.2 and friends", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/02/14/5" }, { "name": "GLSA-202312-15", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-15" }, { "name": "[oss-security] 20240514 git: 5 vulnerabilities fixed", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/14/2" } ], "source": { "advisory": "GHSA-3wp6-j8xr-qw85", "discovery": "UNKNOWN" }, "title": "Git subject to exposure of sensitive information via local clone of symbolic links" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-39253", "datePublished": "2022-10-19T00:00:00", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:43.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32205
Vulnerability from cvelistv5
Published
2022-07-07 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.84.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.071Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1569946" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.84.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "Allocation of Resources Without Limits or Throttling (CWE-770)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-19T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1569946" }, { "name": "FEDORA-2022-1b3d7f6973", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/" }, { "name": "DSA-5197", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5197" }, { "url": "https://security.netapp.com/advisory/ntap-20220915-0003/" }, { "url": "https://support.apple.com/kb/HT213488" }, { "name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/41" }, { "name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2022/Oct/28" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32205", "datePublished": "2022-07-07T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4283
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-4283" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ], "problemTypes": [ { "descriptions": [ { "description": "use-after-free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151761" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-4283" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-4283", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-12-05T00:00:00", "dateUpdated": "2024-08-03T01:34:49.985Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32190
Vulnerability from cvelistv5
Published
2022-09-13 17:08
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/url |
Version: 1.19.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/54385" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/423514" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0988" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/url", "product": "net/url", "programRoutines": [ { "name": "URL.JoinPath" }, { "name": "JoinPath" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.19.1", "status": "affected", "version": "1.19.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "@q0jt" } ], "descriptions": [ { "lang": "en", "value": "JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath(\"https://go.dev\", \"../go\") returns the URL \"https://go.dev/../go\", despite the JoinPath documentation stating that ../ path elements are removed from the result." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:05:24.713Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s" }, { "url": "https://go.dev/issue/54385" }, { "url": "https://go.dev/cl/423514" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0988" } ], "title": "Failure to strip relative path components in net/url" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-32190", "datePublished": "2022-09-13T17:08:57", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-08-03T07:32:56.001Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-24807
Vulnerability from cvelistv5
Published
2023-02-16 17:30
Modified
2024-08-02 11:03
Severity ?
EPSS score ?
Summary
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
References
▼ | URL | Tags |
---|---|---|
https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w | x_refsource_CONFIRM | |
https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf | x_refsource_MISC | |
https://github.com/nodejs/undici/releases/tag/v5.19.1 | x_refsource_MISC | |
https://hackerone.com/bugs?report_id=1784449 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:03:19.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230324-0010/" }, { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w" }, { "name": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" }, { "name": "https://hackerone.com/bugs?report_id=1784449", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/bugs?report_id=1784449" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "undici", "vendor": "nodejs", "versions": [ { "status": "affected", "version": "\u003c 5.19.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T17:30:19.923Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w" }, { "name": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf" }, { "name": "https://github.com/nodejs/undici/releases/tag/v5.19.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/nodejs/undici/releases/tag/v5.19.1" }, { "name": "https://hackerone.com/bugs?report_id=1784449", "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/bugs?report_id=1784449" } ], "source": { "advisory": "GHSA-r6ch-mqf9-qc9w", "discovery": "UNKNOWN" }, "title": "Undici vulnerable to Regular Expression Denial of Service in Headers" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-24807", "datePublished": "2023-02-16T17:30:19.923Z", "dateReserved": "2023-01-30T14:43:33.703Z", "dateUpdated": "2024-08-02T11:03:19.291Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4304
Vulnerability from cvelistv5
Published
2023-02-08 19:04
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
A timing based side channel exists in the OpenSSL RSA Decryption implementation
which could be sufficient to recover a plaintext across a network in a
Bleichenbacher style attack. To achieve a successful decryption an attacker
would have to be able to send a very large number of trial messages for
decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,
RSA-OEAP and RSASVE.
For example, in a TLS connection, RSA is commonly used by a client to send an
encrypted pre-master secret to the server. An attacker that had observed a
genuine connection between a client and a server could use this flaw to send
trial messages to the server and record the time taken to process them. After a
sufficiently large number of messages the attacker could recover the pre-master
secret used for the original connection and thus be able to decrypt the
application data sent over that connection.
References
▼ | URL | Tags |
---|---|---|
https://www.openssl.org/news/secadv/20230207.txt | vendor-advisory | |
https://security.gentoo.org/glsa/202402-08 |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:50.158Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1t", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zg", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Hubert Kario from RedHat" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Dmitry Belyavsky from RedHat" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": " Hubert Kario from RedHat" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\u003cbr\u003ewhich could be sufficient to recover a plaintext across a network in a\u003cbr\u003eBleichenbacher style attack. To achieve a successful decryption an attacker\u003cbr\u003ewould have to be able to send a very large number of trial messages for\u003cbr\u003edecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\u003cbr\u003eRSA-OEAP and RSASVE.\u003cbr\u003e\u003cbr\u003eFor example, in a TLS connection, RSA is commonly used by a client to send an\u003cbr\u003eencrypted pre-master secret to the server. An attacker that had observed a\u003cbr\u003egenuine connection between a client and a server could use this flaw to send\u003cbr\u003etrial messages to the server and record the time taken to process them. After a\u003cbr\u003esufficiently large number of messages the attacker could recover the pre-master\u003cbr\u003esecret used for the original connection and thus be able to decrypt the\u003cbr\u003eapplication data sent over that connection.\u003cbr\u003e\u003cbr\u003e" } ], "value": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "MODERATE" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "timing based side channel attack", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-08T19:04:28.890Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "Timing Oracle in RSA Decryption", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4304", "datePublished": "2023-02-08T19:04:28.890Z", "dateReserved": "2022-12-06T10:38:40.463Z", "dateUpdated": "2024-08-03T01:34:50.158Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30632
Vulnerability from cvelistv5
Published
2022-08-09 20:15
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | path/filepath |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:13.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417066" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53416" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0522" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "path/filepath", "product": "path/filepath", "programRoutines": [ { "name": "Glob" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Juho Nurminen of Mattermost" } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:36.688Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417066" }, { "url": "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef" }, { "url": "https://go.dev/issue/53416" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0522" } ], "title": "Stack exhaustion on crafted paths in path/filepath" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30632", "datePublished": "2022-08-09T20:15:37", "dateReserved": "2022-05-12T00:00:00", "dateUpdated": "2024-08-03T06:56:13.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2862
Vulnerability from cvelistv5
Published
2022-08-17 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0221.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:59.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0221", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0221." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765" }, { "url": "https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "71180988-1ab6-4311-bca8-e9a879b06765", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2862", "datePublished": "2022-08-17T00:00:00", "dateReserved": "2022-08-16T00:00:00", "dateUpdated": "2024-08-03T00:52:59.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42898
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.317Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "tags": [ "x_transferred" ], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583" }, { "tags": [ "x_transferred" ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c" }, { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt" }, { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/krb5-1.19/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230223-0001/" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202310-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-08T08:06:38.475643", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://web.mit.edu/kerberos/advisories/" }, { "url": "https://www.samba.org/samba/security/CVE-2022-42898.html" }, { "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583" }, { "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c" }, { "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt" }, { "url": "https://web.mit.edu/kerberos/krb5-1.19/" }, { "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203" }, { "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "url": "https://security.netapp.com/advisory/ntap-20230223-0001/" }, { "name": "GLSA-202309-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "name": "GLSA-202310-06", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202310-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42898", "datePublished": "2022-12-25T00:00:00", "dateReserved": "2022-10-13T00:00:00", "dateUpdated": "2024-08-03T13:19:05.317Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21985
Vulnerability from cvelistv5
Published
2023-04-18 19:54
Modified
2024-09-16 14:24
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2023.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Solaris Operating System |
Version: 10 Version: 11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:59:28.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-21985", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-16T14:23:34.707511Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-16T14:24:39.285Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "10" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-18T19:54:40.659Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2023.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2023-21985", "datePublished": "2023-04-18T19:54:40.659Z", "dateReserved": "2022-12-17T19:26:00.739Z", "dateUpdated": "2024-09-16T14:24:39.285Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-37750
Vulnerability from cvelistv5
Published
2021-08-23 00:00
Modified
2024-08-04 01:30
Severity ?
EPSS score ?
Summary
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T01:30:08.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/releases" }, { "name": "FEDORA-2021-f2c8514f02", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/" }, { "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210923-0002/" }, { "tags": [ "x_transferred" ], "url": "https://www.starwindsoftware.com/security/sw-20220817-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-11T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://web.mit.edu/kerberos/advisories/" }, { "url": "https://github.com/krb5/krb5/releases" }, { "name": "FEDORA-2021-f2c8514f02", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/" }, { "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2771-1] krb5 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html" }, { "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "url": "https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49" }, { "url": "https://security.netapp.com/advisory/ntap-20210923-0002/" }, { "url": "https://www.starwindsoftware.com/security/sw-20220817-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-37750", "datePublished": "2021-08-23T00:00:00", "dateReserved": "2021-07-30T00:00:00", "dateUpdated": "2024-08-04T01:30:08.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25742
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:11.854Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813424" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Web Crypto ImportKey crashes tab", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813424" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25742", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:11.854Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42915
Vulnerability from cvelistv5
Published
2022-10-29 00:00
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.396Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "name": "FEDORA-2022-01ffde372c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/" }, { "name": "FEDORA-2022-39688a779d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/" }, { "name": "FEDORA-2022-e9d65906c4", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/" }, { "url": "https://security.netapp.com/advisory/ntap-20221209-0010/" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42915", "datePublished": "2022-10-29T00:00:00", "dateReserved": "2022-10-13T00:00:00", "dateUpdated": "2024-08-03T13:19:05.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25728
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:12.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790345" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The \u003ccode\u003eContent-Security-Policy-Report-Only\u003c/code\u003e header could allow an attacker to leak a child iframe\u0027s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Content security policy leak in violation reports using iframes", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1790345" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25728", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:12.356Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28176
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 111 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:30:24.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1808352%2C1811637%2C1815904%2C1817442%2C1818674" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "111", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1808352%2C1811637%2C1815904%2C1817442%2C1818674" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-28176", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-03-13T00:00:00", "dateUpdated": "2024-08-02T12:30:24.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32189
Vulnerability from cvelistv5
Published
2022-08-09 20:17
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | math/big |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.026Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417774" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53871" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/YqYYG87xB10" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0537" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "math/big", "product": "math/big", "programRoutines": [ { "name": "Float.GobDecode" }, { "name": "Rat.GobDecode" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.13", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.5", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "@catenacyber" } ], "descriptions": [ { "lang": "en", "value": "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE 400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:05:15.506Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417774" }, { "url": "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66" }, { "url": "https://go.dev/issue/53871" }, { "url": "https://groups.google.com/g/golang-announce/c/YqYYG87xB10" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0537" } ], "title": "Panic when decoding Float and Rat types in math/big" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-32189", "datePublished": "2022-08-09T20:17:59", "dateReserved": "2022-05-31T00:00:00", "dateUpdated": "2024-08-03T07:32:56.026Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46342
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.114Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-46342" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se" } ], "problemTypes": [ { "descriptions": [ { "description": "use-after-free", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151757" }, { "url": "https://access.redhat.com/security/cve/CVE-2022-46342" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46342", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.114Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0416
Vulnerability from cvelistv5
Published
2023-01-24 00:00
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.3 Version: >=3.6.0, <3.6.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:55.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2023-04.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18779" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.3" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.11" } ] } ], "descriptions": [ { "lang": "en", "value": "GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Expired pointer dereference in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-24T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2023-04.html" }, { "url": "https://gitlab.com/wireshark/wireshark/-/issues/18779" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0416.json" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0416", "datePublished": "2023-01-24T00:00:00", "dateReserved": "2023-01-20T00:00:00", "dateUpdated": "2024-08-02T05:10:55.762Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32221
Vulnerability from cvelistv5
Published
2022-12-05 00:00
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | https://github.com/curl/curl |
Version: Fixed in 7.86.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.010Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/1704017" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213604" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "name": "DSA-5330", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5330" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230208-0002/" }, { "name": "[oss-security] 20230517 curl: CVE-2023-28322: more POST-after-PUT confusion", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "https://github.com/curl/curl", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Fixed in 7.86.0" } ] } ], "descriptions": [ { "lang": "en", "value": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "Information Disclosure (CWE-200)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-17T00:00:00", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/1704017" }, { "name": "GLSA-202212-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202212-01" }, { "url": "https://security.netapp.com/advisory/ntap-20230110-0006/" }, { "url": "https://support.apple.com/kb/HT213604" }, { "url": "https://support.apple.com/kb/HT213605" }, { "name": "20230123 APPLE-SA-2023-01-23-5 macOS Monterey 12.6.3", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/20" }, { "name": "20230123 APPLE-SA-2023-01-23-4 macOS Ventura 13.2", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2023/Jan/19" }, { "name": "DSA-5330", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5330" }, { "name": "[debian-lts-announce] 20230128 [SECURITY] [DLA 3288-1] curl security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230208-0002/" }, { "name": "[oss-security] 20230517 curl: CVE-2023-28322: more POST-after-PUT confusion", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/05/17/4" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-32221", "datePublished": "2022-12-05T00:00:00", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.010Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3736
Vulnerability from cvelistv5
Published
2023-01-25 21:39
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/cve-2022-3736 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:57.535Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2022-3736", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-3736" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.36", "status": "affected", "version": "9.16.12", "versionType": "custom" }, { "lessThanOrEqual": "9.18.10", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.8", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.36-S1", "status": "affected", "version": "9.16.12-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Borja Marcos from Sarenet (with assistance by Iratxe Ni\u00f1o from Fundaci\u00f3n Sarenet) for bringing this vulnerability to our attention." } ], "datePublic": "2023-01-25T00:00:00Z", "descriptions": [ { "lang": "en", "value": "BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By sending specific queries to the resolver, an attacker can cause `named` to crash." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-26T06:03:10.975661Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2022-3736", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2022-3736" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries", "workarounds": [ { "lang": "en", "value": "Setting `stale-answer-client-timeout` to `0` or to `off/disabled` will prevent BIND from crashing due to this issue." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-3736", "datePublished": "2023-01-25T21:39:18.187Z", "dateReserved": "2022-10-28T07:04:32.966Z", "dateUpdated": "2024-08-03T01:20:57.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25732
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 11:32
Severity ?
EPSS score ?
Summary
When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 110 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:32:11.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804564" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "110", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "When encoding data from an \u003ccode\u003einputStream\u003c/code\u003e in \u003ccode\u003expcom\u003c/code\u003e the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Out of bounds memory write from EncodeInputStream", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804564" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-25732", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-02-13T00:00:00", "dateUpdated": "2024-08-02T11:32:11.641Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-30580
Vulnerability from cvelistv5
Published
2022-08-09 20:18
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | os/exec |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T06:56:12.971Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/403759" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/52574" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0532" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "os/exec", "platforms": [ "windows" ], "product": "os/exec", "programRoutines": [ { "name": "Cmd.Start" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.11", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.3", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Chris Darroch (chrisd8088@github.com)" }, { "lang": "en", "value": "brian m. carlson (bk2204@github.com)" }, { "lang": "en", "value": "Mikhail Shcherbakov (https://twitter.com/yu5k3)" } ], "descriptions": [ { "lang": "en", "value": "Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either \"..com\" or \"..exe\" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:12:35.518Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/403759" }, { "url": "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e" }, { "url": "https://go.dev/issue/52574" }, { "url": "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0532" } ], "title": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-30580", "datePublished": "2022-08-09T20:18:04", "dateReserved": "2022-05-11T00:00:00", "dateUpdated": "2024-08-03T06:56:12.971Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36113
Vulnerability from cvelistv5
Published
2022-09-14 00:00
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain.
Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.
References
▼ | URL | Tags |
---|---|---|
https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j | x_refsource_CONFIRM | |
https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:52:00.553Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j" }, { "name": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cargo", "vendor": "rust-lang", "versions": [ { "status": "affected", "version": "\u003c 0.65.0" }, { "status": "affected", "version": "= 0.66.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes \"ok\" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write \"ok\" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it\u0027s possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain.\nMitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-14T16:16:10.762Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j" }, { "name": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a" } ], "source": { "advisory": "GHSA-rfj2-q3h3-hm5j", "discovery": "UNKNOWN" }, "title": "Extracting malicious crates can corrupt arbitrary files" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36113", "datePublished": "2022-09-14T00:00:00", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2024-08-03T09:52:00.553Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-28131
Vulnerability from cvelistv5
Published
2022-08-09 00:00
Modified
2024-08-03 05:48
Severity ?
EPSS score ?
Summary
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | encoding/xml |
Version: 0 ≤ Version: 1.18.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T05:48:36.830Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/417062" }, { "tags": [ "x_transferred" ], "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/53614" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2022-0521" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "encoding/xml", "product": "encoding/xml", "programRoutines": [ { "name": "Decoder.Skip" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.17.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.18.4", "status": "affected", "version": "1.18.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Go Security Team" }, { "lang": "en", "value": "Juho Nurminen of Mattermost" } ], "descriptions": [ { "lang": "en", "value": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-674: Uncontrolled Recursion", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-12T19:04:35.004Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/cl/417062" }, { "url": "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3" }, { "url": "https://go.dev/issue/53614" }, { "url": "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" }, { "url": "https://pkg.go.dev/vuln/GO-2022-0521" } ], "title": "Stack exhaustion from deeply nested XML documents in encoding/xml" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2022-28131", "datePublished": "2022-08-09T00:00:00", "dateReserved": "2022-03-29T00:00:00", "dateUpdated": "2024-08-03T05:48:36.830Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3352
Vulnerability from cvelistv5
Published
2022-09-29 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:07:06.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0614", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0614." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60" }, { "url": "https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15" }, { "name": "FEDORA-2022-40161673a3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSSEWQLK55MCNT4Z2IIJEJYEI5HLCODI/" }, { "name": "FEDORA-2022-fff548cfab", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QI7AETXBHPC7SGA77Q7O5IEGULWYET7/" }, { "name": "FEDORA-2022-4bc60c32a2", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTBVD4J2SKVSWK4VBN5JP5OEVK6GDS3N/" }, { "name": "[debian-lts-announce] 20221124 [SECURITY] [DLA 3204-1] vim security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "d058f182-a49b-40c7-9234-43d4c5a29f60", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3352", "datePublished": "2022-09-29T00:00:00", "dateReserved": "2022-09-28T00:00:00", "dateUpdated": "2024-08-03T01:07:06.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0796
Vulnerability from cvelistv5
Published
2023-02-13 00:00
Modified
2024-08-02 05:24
Severity ?
EPSS score ?
Summary
LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:24:34.251Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/499" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-31" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libtiff", "vendor": "libtiff", "versions": [ { "status": "affected", "version": "\u003c=4.4.0" } ] } ], "credits": [ { "lang": "en", "value": "wangdw.augustus@gmail.com" } ], "descriptions": [ { "lang": "en", "value": "LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Out-of-bounds read in libtiff", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-30T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/499" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0796.json" }, { "name": "[debian-lts-announce] 20230221 [SECURITY] [DLA 3333-1] tiff security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html" }, { "name": "DSA-5361", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5361" }, { "url": "https://security.netapp.com/advisory/ntap-20230316-0003/" }, { "name": "GLSA-202305-31", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-31" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2023-0796", "datePublished": "2023-02-13T00:00:00", "dateReserved": "2023-02-12T00:00:00", "dateUpdated": "2024-08-02T05:24:34.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24963
Vulnerability from cvelistv5
Published
2023-01-31 15:52
Modified
2024-08-03 04:29
Severity ?
EPSS score ?
Summary
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime (APR) version 1.7.0.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Portable Runtime (APR) |
Version: 1.7.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:29:01.595Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230908-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Portable Runtime (APR)", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "1.7.0" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Ronald Crane (Zippenhop LLC)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\u003cbr\u003eThis issue affects Apache Portable Runtime (APR) version 1.7.0." } ], "value": "Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime (APR) version 1.7.0." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-31T15:52:09.716Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9" }, { "url": "https://security.netapp.com/advisory/ntap-20230908-0008/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions ", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2022-24963", "datePublished": "2023-01-31T15:52:09.716Z", "dateReserved": "2022-02-11T12:49:56.769Z", "dateUpdated": "2024-08-03T04:29:01.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0568
Vulnerability from cvelistv5
Published
2023-02-16 06:34
Modified
2024-08-02 05:17
Severity ?
EPSS score ?
Summary
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:17:49.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugs.php.net/bug.php?id=81746" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "PHP", "repo": "https://github.com/php/php-src", "vendor": "PHP Group", "versions": [ { "lessThan": "8.0.28", "status": "affected", "version": "8.0.x", "versionType": "semver" }, { "lessThan": "8.1.16", "status": "affected", "version": "8.1.x", "versionType": "semver" }, { "lessThan": "8.2.3", "status": "affected", "version": "8.2.x", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Niels Dossche" } ], "datePublic": "2023-02-13T05:40:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\u0026nbsp;" } ], "value": "In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.\u00a0" } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131 Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-16T06:34:04.101Z", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php" }, "references": [ { "url": "https://bugs.php.net/bug.php?id=81746" }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0001/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Array overrun in common path resolve code", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2023-0568", "datePublished": "2023-02-16T06:34:04.101Z", "dateReserved": "2023-01-29T07:46:39.833Z", "dateUpdated": "2024-08-02T05:17:49.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2817
Vulnerability from cvelistv5
Published
2022-08-15 00:00
Modified
2024-08-03 00:52
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:52:58.962Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20" }, { "name": "FEDORA-2022-6f5e420e52", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0213", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0213." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f" }, { "url": "https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20" }, { "name": "FEDORA-2022-6f5e420e52", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHFAR6OY6G77M6GXCJT75A4KITLNR6GO/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "a7b7d242-3d88-4bde-a681-6c986aff886f", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-2817", "datePublished": "2022-08-15T00:00:00", "dateReserved": "2022-08-14T00:00:00", "dateUpdated": "2024-08-03T00:52:58.962Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4345
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: >=4.0.0, <4.0.2 Version: >=3.6.0, <3.6.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:50.168Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" }, { "name": "FEDORA-2023-9ddb9b9757", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/" }, { "name": "FEDORA-2023-f9e2ad8b73", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "status": "affected", "version": "\u003e=4.0.0, \u003c4.0.2" }, { "status": "affected", "version": "\u003e=3.6.0, \u003c3.6.10" } ] } ], "credits": [ { "lang": "en", "value": "Sharon Brizinov" } ], "descriptions": [ { "lang": "en", "value": "Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-11T00:00:00", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2022-09.html" }, { "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json" }, { "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html" }, { "name": "FEDORA-2023-9ddb9b9757", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/" }, { "name": "FEDORA-2023-f9e2ad8b73", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/" } ] } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2022-4345", "datePublished": "2023-01-12T00:00:00", "dateReserved": "2022-12-07T00:00:00", "dateUpdated": "2024-08-03T01:34:50.168Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23603
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 109 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800832" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "109", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Regular expressions used to filter out forbidden properties and values from style directives in calls to \u003ccode\u003econsole.log\u003c/code\u003e weren\u0027t accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Calls to console.log allowed bypasing Content Security Policy via format directive", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1800832" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-23603", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-16T00:00:00", "dateUpdated": "2024-08-02T10:35:33.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4203
Vulnerability from cvelistv5
Published
2023-02-24 14:53
Modified
2024-08-03 01:34
Severity ?
EPSS score ?
Summary
A read buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs
after certificate chain signature verification and requires either a
CA to have signed the malicious certificate or for the application to
continue certificate verification despite failure to construct a path
to a trusted issuer.
The read buffer overrun might result in a crash which could lead to
a denial of service attack. In theory it could also result in the disclosure
of private memory contents (such as private keys, or sensitive plaintext)
although we are not aware of any working exploit leading to memory
contents disclosure as of the time of release of this advisory.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:34:49.843Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.0.8", "status": "affected", "version": "3.0.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Corey Bonnell from Digicert" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Viktor Dukhovni" } ], "datePublic": "2023-02-07T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A read buffer overrun can be triggered in X.509 certificate verification,\u003cbr\u003especifically in name constraint checking. Note that this occurs\u003cbr\u003eafter certificate chain signature verification and requires either a\u003cbr\u003eCA to have signed the malicious certificate or for the application to\u003cbr\u003econtinue certificate verification despite failure to construct a path\u003cbr\u003eto a trusted issuer.\u003cbr\u003e\u003cbr\u003eThe read buffer overrun might result in a crash which could lead to\u003cbr\u003ea denial of service attack. In theory it could also result in the disclosure\u003cbr\u003eof private memory contents (such as private keys, or sensitive plaintext)\u003cbr\u003ealthough we are not aware of any working exploit leading to memory\u003cbr\u003econtents disclosure as of the time of release of this advisory.\u003cbr\u003e\u003cbr\u003eIn a TLS client, this can be triggered by connecting to a malicious\u003cbr\u003eserver. In a TLS server, this can be triggered if the server requests\u003cbr\u003eclient authentication and a malicious client connects.\u003cbr\u003e\u003cbr\u003e" } ], "value": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.\n\n" } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Moderate" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "description": "read buffer overrun ", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-24T14:53:08.485Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20230207.txt" }, { "name": "3.0.8 git commit", "tags": [ "patch" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc" }, { "url": "https://security.gentoo.org/glsa/202402-08" } ], "source": { "discovery": "UNKNOWN" }, "title": "X.509 Name Constraints Read Buffer Overflow", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2022-4203", "datePublished": "2023-02-24T14:53:08.485Z", "dateReserved": "2022-11-29T10:00:42.027Z", "dateUpdated": "2024-08-03T01:34:49.843Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23605
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 109 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1764921%2C1802690%2C1806974" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "109", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 109, Thunderbird \u003c 102.7, and Firefox ESR \u003c 102.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-03/" }, { "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1764921%2C1802690%2C1806974" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-23605", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-01-16T00:00:00", "dateUpdated": "2024-08-02T10:35:33.330Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-41903
Vulnerability from cvelistv5
Published
2023-01-17 22:17
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | git | git |
Version: < 2.30.7 Version: >= 2.31.0, < 2.31.6 Version: >= 2.32.0, < 2.32.5 Version: >= 2.33.0, < 2.33.6 Version: >= 2.34.0, < 2.34.6 Version: >= 2.35.0, < 2.35.6 Version: >= 2.36.0, < 2.36.4 Version: >= 2.37.0, < 2.37.5 Version: >= 2.38.0, < 2.38.3 Version: = 2.39.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:38.383Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq" }, { "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76" }, { "name": "https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst" }, { "name": "https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-15" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "git", "vendor": "git", "versions": [ { "status": "affected", "version": "\u003c 2.30.7" }, { "status": "affected", "version": "\u003e= 2.31.0, \u003c 2.31.6" }, { "status": "affected", "version": "\u003e= 2.32.0, \u003c 2.32.5" }, { "status": "affected", "version": "\u003e= 2.33.0, \u003c 2.33.6" }, { "status": "affected", "version": "\u003e= 2.34.0, \u003c 2.34.6" }, { "status": "affected", "version": "\u003e= 2.35.0, \u003c 2.35.6" }, { "status": "affected", "version": "\u003e= 2.36.0, \u003c 2.36.4" }, { "status": "affected", "version": "\u003e= 2.37.0, \u003c 2.37.5" }, { "status": "affected", "version": "\u003e= 2.38.0, \u003c 2.38.3" }, { "status": "affected", "version": "= 2.39.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-17T22:17:16.123Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq" }, { "name": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/git/git/commit/508386c6c5857b4faa2c3e491f422c98cc69ae76" }, { "name": "https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#_export_subst" }, { "name": "https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem", "tags": [ "x_refsource_MISC" ], "url": "https://git-scm.com/docs/pretty-formats#Documentation/pretty-formats.txt-emltltNgttruncltruncmtruncem" }, { "url": "https://security.gentoo.org/glsa/202312-15" } ], "source": { "advisory": "GHSA-475x-2q3q-hvwq", "discovery": "UNKNOWN" }, "title": "Integer overflow in `git archive`, `git log --format` leading to RCE in git" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-41903", "datePublished": "2023-01-17T22:17:16.123Z", "dateReserved": "2022-09-30T16:38:28.931Z", "dateUpdated": "2024-08-03T12:56:38.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28164
Vulnerability from cvelistv5
Published
2023-06-02 00:00
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 111 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:30:24.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1809122" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "111", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "102.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox \u003c 111, Firefox ESR \u003c 102.9, and Thunderbird \u003c 102.9." } ], "problemTypes": [ { "descriptions": [ { "description": "URL being dragged from a removed cross-origin iframe into the same tab triggered navigation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-02T00:00:00", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://www.mozilla.org/security/advisories/mfsa2023-09/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-10/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-11/" }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1809122" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-28164", "datePublished": "2023-06-02T00:00:00", "dateReserved": "2023-03-13T00:00:00", "dateUpdated": "2024-08-02T12:30:24.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42010
Vulnerability from cvelistv5
Published
2022-10-09 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:56:39.269Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://gitlab.freedesktop.org/dbus/dbus/-/issues/418" }, { "url": "https://www.openwall.com/lists/oss-security/2022/10/06/1" }, { "name": "FEDORA-2022-076544c8aa", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SQCSLMCK2XGX23R2DKW2MSAICQAK6MT2/" }, { "name": "FEDORA-2022-7a963a79d1", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E4CO7N226I3X5FNBR2MACCH6TS764VJP/" }, { "name": "FEDORA-2022-b0c2f2ab74", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ND74SKN56BCYL3QLEAAB6E64UUBRA5UG/" }, { "name": "GLSA-202305-08", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-08" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-42010", "datePublished": "2022-10-09T00:00:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2024-08-03T12:56:39.269Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3924
Vulnerability from cvelistv5
Published
2023-01-25 21:39
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero.
If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
References
▼ | URL | Tags |
---|---|---|
https://kb.isc.org/docs/cve-2022-3924 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:58.777Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2022-3924", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2022-3924" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.36", "status": "affected", "version": "9.16.12", "versionType": "custom" }, { "lessThanOrEqual": "9.18.10", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.8", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.36-S1", "status": "affected", "version": "9.16.12-S1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Maksym Odinintsev from AWS for bringing this vulnerability to our attention." } ], "datePublic": "2023-01-25T00:00:00Z", "descriptions": [ { "lang": "en", "value": "This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero.\n\nIf the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "By sending specific queries to the resolver, an attacker can cause `named` to crash." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-26T06:03:10.975661Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2022-3924", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2022-3924" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota", "workarounds": [ { "lang": "en", "value": "Disabling `stale-answer-client-timeout` entirely or setting the timeout value to zero prevents the problem.\n\nIt is not possible to disable the limit on `recursive-clients`, though it could be set to a very high value in order to reduce the likelihood of encountering this scenario. However, this is not recommended as the limit on recursive clients is important for preventing exhaustion of server resources." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2022-3924", "datePublished": "2023-01-25T21:39:49.110Z", "dateReserved": "2022-11-10T09:07:37.642Z", "dateUpdated": "2024-08-03T01:20:58.777Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3016
Vulnerability from cvelistv5
Published
2022-08-28 00:00
Modified
2024-08-03 00:53
Severity ?
EPSS score ?
Summary
Use After Free in GitHub repository vim/vim prior to 9.0.0286.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:53:00.487Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371" }, { "tags": [ "x_transferred" ], "url": "https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "vim/vim", "vendor": "vim", "versions": [ { "lessThan": "9.0.0286", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "Use After Free in GitHub repository vim/vim prior to 9.0.0286." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-03T00:00:00", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev" }, "references": [ { "url": "https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371" }, { "url": "https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7" }, { "name": "FEDORA-2022-b9edf60581", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/" }, { "name": "GLSA-202305-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202305-16" } ], "source": { "advisory": "260516c2-5c4a-4b7f-a01c-04b1aeeea371", "discovery": "EXTERNAL" }, "title": "Use After Free in vim/vim" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2022-3016", "datePublished": "2022-08-28T00:00:00", "dateReserved": "2022-08-27T00:00:00", "dateUpdated": "2024-08-03T00:53:00.487Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.