csaf_redhat - rhsa-2023

rhsa-2023_2707

Vulnerability from csaf_redhat

Published

2023-05-10 11:25

Modified

2024-09-16 09:25

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9

Notes

Topic

New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341) * undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492) * snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) * apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787) * RESTEasy: creation of insecure temp files (CVE-2023-0482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat Single Sign-On 7.6.3 packages are now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.6.3 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* okhttp: information disclosure via improperly used cryptographic function (CVE-2021-0341)\n\n* undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)\n\n* snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode (CVE-2022-38752)\n\n* dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854)\n\n* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881)\n\n* apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider (CVE-2022-45787)\n\n* RESTEasy: creation of insecure temp files (CVE-2023-0482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:2707",
        "url": "https://access.redhat.com/errata/RHSA-2023:2707"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2129710",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
      },
      {
        "category": "external",
        "summary": "2151988",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
      },
      {
        "category": "external",
        "summary": "2153260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
      },
      {
        "category": "external",
        "summary": "2153379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
      },
      {
        "category": "external",
        "summary": "2154086",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
      },
      {
        "category": "external",
        "summary": "2158916",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158916"
      },
      {
        "category": "external",
        "summary": "2166004",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_2707.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.3 security update on RHEL 9",
    "tracking": {
      "current_release_date": "2024-09-16T09:25:44+00:00",
      "generator": {
        "date": "2024-09-16T09:25:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2023:2707",
      "initial_release_date": "2023-05-10T11:25:29+00:00",
      "revision_history": [
        {
          "date": "2023-05-10T11:25:29+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-05-10T11:25:29+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T09:25:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.6 for RHEL 9",
                "product": {
                  "name": "Red Hat Single Sign-On 7.6 for RHEL 9",
                  "product_id": "9Base-RHSSO-7.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
                  "product_id": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.7-1.redhat_00001.1.el9sso?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
                  "product_id": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak@18.0.7-1.redhat_00001.1.el9sso?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
                "product": {
                  "name": "rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
                  "product_id": "rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-sso7-keycloak-server@18.0.7-1.redhat_00001.1.el9sso?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src"
        },
        "product_reference": "rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch as a component of Red Hat Single Sign-On 7.6 for RHEL 9",
          "product_id": "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        },
        "product_reference": "rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
        "relates_to_product_reference": "9Base-RHSSO-7.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-0341",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2022-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2154086"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "okhttp: information disclosure via improperly used cryptographic function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-0341"
        },
        {
          "category": "external",
          "summary": "RHBZ#2154086",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
        },
        {
          "category": "external",
          "summary": "https://source.android.com/security/bulletin/2021-02-01",
          "url": "https://source.android.com/security/bulletin/2021-02-01"
        }
      ],
      "release_date": "2021-02-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "okhttp: information disclosure via improperly used cryptographic function"
    },
    {
      "cve": "CVE-2022-4492",
      "cwe": {
        "id": "CWE-550",
        "name": "Server-generated Error Message Containing Sensitive Information"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153260"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a compulsory step ( that should at least be performed by default) in HTTPS and in http/2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: Server identity in https connection is not checked by the undertow client",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-4492"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153260",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-4492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4492"
        }
      ],
      "release_date": "2022-12-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: Server identity in https connection is not checked by the undertow client"
    },
    {
      "cve": "CVE-2022-38752",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2129710"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-38752"
        },
        {
          "category": "external",
          "summary": "RHBZ#2129710",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129710"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-38752",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38752"
        }
      ],
      "release_date": "2022-09-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCode"
    },
    {
      "cve": "CVE-2022-41854",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2022-12-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2151988"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dev-java/snakeyaml: DoS via stack overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "RHBZ#2151988",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151988"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41854",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41854"
        },
        {
          "category": "external",
          "summary": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355",
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355"
        },
        {
          "category": "external",
          "summary": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355",
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
        }
      ],
      "release_date": "2022-11-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dev-java/snakeyaml: DoS via stack overflow"
    },
    {
      "cve": "CVE-2022-41881",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2022-12-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2153379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in codec-haproxy from the Netty project. This flaw allows an attacker to build a malformed crafted message and cause infinite recursion, causing stack exhaustion and leading to a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "RHBZ#2153379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
        }
      ],
      "release_date": "2022-12-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS"
    },
    {
      "cve": "CVE-2022-45787",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2023-01-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2158916"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Apache James\u0027s Mime4j TempFileStorageProvider class, where it may set improper permissions when utilizing temporary files. This flaw allows a locally authorized attacker to access information outside their intended permissions.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-45787"
        },
        {
          "category": "external",
          "summary": "RHBZ#2158916",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158916"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-45787",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45787"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-45787",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45787"
        }
      ],
      "release_date": "2023-01-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "apache-james-mime4j: Temporary File Information Disclosure in MIME4J TempFileStorageProvider"
    },
    {
      "cve": "CVE-2023-0482",
      "cwe": {
        "id": "CWE-378",
        "name": "Creation of Temporary File With Insecure Permissions"
      },
      "discovery_date": "2023-01-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2166004"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "RESTEasy: creation of insecure temp files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
          "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-0482"
        },
        {
          "category": "external",
          "summary": "RHBZ#2166004",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0482",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0482"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482"
        }
      ],
      "release_date": "2023-01-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:2707"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.noarch",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-0:18.0.7-1.redhat_00001.1.el9sso.src",
            "9Base-RHSSO-7.6:rh-sso7-keycloak-server-0:18.0.7-1.redhat_00001.1.el9sso.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "RESTEasy: creation of insecure temp files"
    }
  ]
}

cve-2022-4492

Vulnerability from cvelistv5

Published

2023-02-23 00:00

Modified

2024-08-03 01:41

Severity

Summary

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

References

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=2153260
https://access.redhat.com/security/cve/CVE-2022-4492
https://security.netapp.com/advisory/ntap-20230324-0002/

Impacted products

Vendor	Product
n/a	undertow

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:41:45.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2022-4492"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230324-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "undertow",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "ssrf",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-24T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2153260"
        },
        {
          "url": "https://access.redhat.com/security/cve/CVE-2022-4492"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230324-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-4492",
    "datePublished": "2023-02-23T00:00:00",
    "dateReserved": "2022-12-14T00:00:00",
    "dateUpdated": "2024-08-03T01:41:45.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41854

Vulnerability from cvelistv5

Published

2022-11-11 13:10

Modified

2024-09-16 16:24

Severity

5.8 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H

Summary

Stack Overflow in Snakeyaml

References

URL	Tags
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/	vendor-advisory
https://security.netapp.com/advisory/ntap-20240315-0009/
https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

Vendor	Product
SnakeYaml	SnakeYaml

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
          },
          {
            "name": "FEDORA-2022-c01dd659fa",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/"
          },
          {
            "name": "FEDORA-2022-8a4e8aa190",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/"
          },
          {
            "name": "FEDORA-2023-27ec59a486",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SnakeYaml",
          "vendor": "SnakeYaml",
          "versions": [
            {
              "lessThan": "1.32",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:02.723948",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"
        },
        {
          "name": "FEDORA-2022-c01dd659fa",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/"
        },
        {
          "name": "FEDORA-2022-8a4e8aa190",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/"
        },
        {
          "name": "FEDORA-2023-27ec59a486",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Stack Overflow in Snakeyaml",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-41854",
    "datePublished": "2022-11-11T13:10:10.912038Z",
    "dateReserved": "2022-09-30T00:00:00",
    "dateUpdated": "2024-09-16T16:24:11.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-0482

Vulnerability from cvelistv5

Published

2023-02-17 00:00

Modified

2024-08-02 05:10

Severity

Summary

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

References

URL	Tags
https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56
https://security.netapp.com/advisory/ntap-20230427-0001/

Impacted products

Vendor	Product
n/a	RESTEasy

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RESTEasy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in RESTEasy 4.7.8.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-378",
              "description": "CWE-378",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-27T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0001/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-0482",
    "datePublished": "2023-02-17T00:00:00",
    "dateReserved": "2023-01-24T00:00:00",
    "dateUpdated": "2024-08-02T05:10:56.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-41881

Vulnerability from cvelistv5

Published

2022-12-12 00:00

Modified

2024-08-03 12:56

Severity

5.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.

References

URL	Tags
https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html	mailing-list
https://www.debian.org/security/2023/dsa-5316	vendor-advisory
https://security.netapp.com/advisory/ntap-20230113-0004/

Impacted products

Vendor	Product
netty	netty

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.229Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v"
          },
          {
            "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
          },
          {
            "name": "DSA-5316",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5316"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230113-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.1.86.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-13T00:00:00",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v"
        },
        {
          "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
        },
        {
          "name": "DSA-5316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5316"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230113-0004/"
        }
      ],
      "source": {
        "advisory": "GHSA-fx2c-96vj-985v",
        "discovery": "UNKNOWN"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41881",
    "datePublished": "2022-12-12T00:00:00",
    "dateReserved": "2022-09-30T00:00:00",
    "dateUpdated": "2024-08-03T12:56:38.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-45787

Vulnerability from cvelistv5

Published

2023-01-06 09:31

Modified

2024-08-03 14:17

Severity

Summary

Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider

References

URL	Tags
https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj	vendor-advisory

Impacted products

Vendor	Product
Apache Software Foundation	Apache James MIME4J

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:17:04.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache James MIME4J",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "0.8.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jonathan Leitschuh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\u003cbr\u003e\u003cbr\u003eWe recommend users to upgrade to MIME4j version 0.8.9 or later.\u003cbr\u003e"
            }
          ],
          "value": "Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions.\n\nWe recommend users to upgrade to MIME4j version 0.8.9 or later.\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312 Cleartext Storage of Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-16T10:27:24.515Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/26s8p9stl1z261c4qw15bsq03tt7t0rj"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache James MIME4J: Temporary File Information Disclosure in MIME4J TempFileStorageProvider",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-45787",
    "datePublished": "2023-01-06T09:31:40.118Z",
    "dateReserved": "2022-11-22T08:49:26.227Z",
    "dateUpdated": "2024-08-03T14:17:04.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-38752

Vulnerability from cvelistv5

Published

2022-09-05 00:00

Modified

2024-08-03 11:02

Severity

6.5 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

DoS in SnakeYAML

References

URL	Tags
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
https://security.gentoo.org/glsa/202305-28	vendor-advisory
https://security.netapp.com/advisory/ntap-20240315-0009/

Impacted products

Vendor	Product
snakeyaml	SnakeYAML

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:snakeyaml_project:snakeyaml:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "snakeyaml",
            "vendor": "snakeyaml_project",
            "versions": [
              {
                "lessThan": "1.32",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-38752",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T14:02:33.055634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T14:03:52.086Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T11:02:14.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"
          },
          {
            "name": "GLSA-202305-28",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SnakeYAML",
          "vendor": "snakeyaml",
          "versions": [
            {
              "lessThanOrEqual": "1.31",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-15T11:06:17.930113",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081"
        },
        {
          "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081"
        },
        {
          "name": "GLSA-202305-28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-28"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240315-0009/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "DoS in SnakeYAML",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2022-38752",
    "datePublished": "2022-09-05T00:00:00",
    "dateReserved": "2022-08-25T00:00:00",
    "dateUpdated": "2024-08-03T11:02:14.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-0341

Vulnerability from cvelistv5

Published

2021-02-10 16:50

Modified

2024-08-03 15:40

Severity

Summary

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069

References

URL	Tags
https://source.android.com/security/bulletin/2021-02-01	x_refsource_MISC

Impacted products

Vendor	Product
n/a	Android

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:40:00.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2021-02-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android-8.1 Android-9 Android-10 Android-11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-10T16:50:15",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2021-02-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2021-0341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android-8.1 Android-9 Android-10 Android-11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2021-02-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2021-02-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2021-0341",
    "datePublished": "2021-02-10T16:50:15",
    "dateReserved": "2020-11-06T00:00:00",
    "dateUpdated": "2024-08-03T15:40:00.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_redhat

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags