Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-1969
Vulnerability from csaf_certbund
Published
2023-08-06 22:00
Modified
2023-08-06 22:00
Summary
HPE Fabric OS: Mehrere Schwachstellen ermöglichen Privilegieneskalation
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Fabric OS (FOS) ist ein Betriebssystem für FibreChannel Switches.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HPE Fabric OS für HPE Fibre Channel und SAN Switches ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- BIOS/Firmware
- Hardware Appliance
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Fabric OS (FOS) ist ein Betriebssystem für FibreChannel Switches.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HPE Fabric OS für HPE Fibre Channel und SAN Switches ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- BIOS/Firmware\n- Hardware Appliance", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1969 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1969.json", }, { category: "self", summary: "WID-SEC-2023-1969 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1969", }, { category: "external", summary: "HPE Security Bulletin HPESBST04494 vom 2023-08-04", url: "https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-hpesbst04494en_us", }, ], source_lang: "en-US", title: "HPE Fabric OS: Mehrere Schwachstellen ermöglichen Privilegieneskalation", tracking: { current_release_date: "2023-08-06T22:00:00.000+00:00", generator: { date: "2024-08-15T17:56:35.841+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1969", initial_release_date: "2023-08-06T22:00:00.000+00:00", revision_history: [ { date: "2023-08-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "HPE Fabric OS < 9.1.1", product: { name: "HPE Fabric OS < 9.1.1", product_id: "T024587", product_identification_helper: { cpe: "cpe:/o:hpe:fabric_os:9.1.1", }, }, }, { category: "product_name", name: "HPE Fabric OS < v8.2.3c", product: { name: "HPE Fabric OS < v8.2.3c", product_id: "T024589", product_identification_helper: { cpe: "cpe:/o:hpe:fabric_os:v8.2.3c", }, }, }, { category: "product_name", name: "HPE Fabric OS < 7.4.2j", product: { name: "HPE Fabric OS < 7.4.2j", product_id: "T029096", product_identification_helper: { cpe: "cpe:/o:hpe:fabric_os:7.4.2j", }, }, }, { category: "product_name", name: "HPE Fabric OS < v8.2.3d", product: { name: "HPE Fabric OS < v8.2.3d", product_id: "T029097", product_identification_helper: { cpe: "cpe:/o:hpe:fabric_os:v8.2.3d", }, }, }, { category: "product_name", name: "HPE Fabric OS < 9.0.1e", product: { name: "HPE Fabric OS < 9.0.1e", product_id: "T029098", product_identification_helper: { cpe: "cpe:/o:hpe:fabric_os:9.0.1e", }, }, }, { category: "product_name", name: "HPE Fabric OS < 9.1.1c", product: { name: "HPE Fabric OS < 9.1.1c", product_id: "T029101", product_identification_helper: { cpe: "cpe:/o:hpe:fabric_os:9.1.1c", }, }, }, ], category: "product_name", name: "Fabric OS", }, { branches: [ { category: "product_name", name: "HPE Switch SAN", product: { name: "HPE Switch SAN", product_id: "T029100", product_identification_helper: { cpe: "cpe:/h:hp:switch:san_switch", }, }, }, { category: "product_name", name: "HPE Switch Fibre Channel", product: { name: "HPE Switch Fibre Channel", product_id: "T029104", product_identification_helper: { cpe: "cpe:/h:hp:switch:fibre_channel", }, }, }, ], category: "product_name", name: "Switch", }, ], category: "vendor", name: "HPE", }, ], }, vulnerabilities: [ { cve: "CVE-2023-31928", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31928", }, { cve: "CVE-2023-31927", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31927", }, { cve: "CVE-2023-31926", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31926", }, { cve: "CVE-2023-31432", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31432", }, { cve: "CVE-2023-31431", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31431", }, { cve: "CVE-2023-31430", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31430", }, { cve: "CVE-2023-31429", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31429", }, { cve: "CVE-2023-31428", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31428", }, { cve: "CVE-2023-31427", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31427", }, { cve: "CVE-2023-31426", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31426", }, { cve: "CVE-2023-31425", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2023-31425", }, { cve: "CVE-2022-44792", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-44792", }, { cve: "CVE-2022-3786", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-3786", }, { cve: "CVE-2022-3602", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-3602", }, { cve: "CVE-2022-29154", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-29154", }, { cve: "CVE-2022-28615", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-28615", }, { cve: "CVE-2022-28614", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-28614", }, { cve: "CVE-2022-25313", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-25313", }, { cve: "CVE-2022-25236", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-25236", }, { cve: "CVE-2022-25235", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-25235", }, { cve: "CVE-2022-24448", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-24448", }, { cve: "CVE-2022-23219", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-23219", }, { cve: "CVE-2022-2097", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-2097", }, { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-0778", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-0778", }, { cve: "CVE-2022-0322", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-0322", }, { cve: "CVE-2022-0155", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2022-0155", }, { cve: "CVE-2021-45486", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-45486", }, { cve: "CVE-2021-45485", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-45485", }, { cve: "CVE-2021-41617", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-41617", }, { cve: "CVE-2021-4145", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-4145", }, { cve: "CVE-2021-39275", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-39275", }, { cve: "CVE-2021-3800", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-3800", }, { cve: "CVE-2021-20193", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-20193", }, { cve: "CVE-2021-0146", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2021-0146", }, { cve: "CVE-2020-36558", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2020-36558", }, { cve: "CVE-2020-36557", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2020-36557", }, { cve: "CVE-2020-15861", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2020-15861", }, { cve: "CVE-2020-14145", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2020-14145", }, { cve: "CVE-2019-0220", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2019-0220", }, { cve: "CVE-2018-7738", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2018-7738", }, { cve: "CVE-2018-25032", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2018-25032", }, { cve: "CVE-2018-14404", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2018-14404", }, { cve: "CVE-2018-14348", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2018-14348", }, { cve: "CVE-2018-0739", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2018-0739", }, { cve: "CVE-2014-2524", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2014-2524", }, { cve: "CVE-2012-0060", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2012-0060", }, { cve: "CVE-2011-4917", notes: [ { category: "description", text: "In HPE Fabric OS für HPE Fibre Channel und SAN Switches existieren mehrere Schwachstellen. Diese werden nicht einzeln im Detail beschrieben. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Informationen offenzulegen, oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T029100", "T029104", ], }, release_date: "2023-08-06T22:00:00.000+00:00", title: "CVE-2011-4917", }, ], }
cve-2018-7738
Vulnerability from cvelistv5
Published
2018-03-06 22:00
Modified
2024-12-13 13:09
Severity ?
EPSS score ?
Summary
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/karelzak/util-linux/issues/539 | x_refsource_MISC | |
| https://www.debian.org/security/2018/dsa-4134 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/103367 | vdb-entry, x_refsource_BID | |
| https://bugs.debian.org/892179 | x_refsource_MISC | |
| https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55 | x_refsource_MISC | |
| https://usn.ubuntu.com/4512-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-12-13T13:09:22.233Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/karelzak/util-linux/issues/539", }, { name: "DSA-4134", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4134", }, { name: "103367", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103367", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/892179", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", }, { name: "USN-4512-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4512-1/", }, { url: "https://security.netapp.com/advisory/ntap-20241213-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-06T00:00:00", descriptions: [ { lang: "en", value: "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-25T17:06:19", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/karelzak/util-linux/issues/539", }, { name: "DSA-4134", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4134", }, { name: "103367", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103367", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/892179", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", }, { name: "USN-4512-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4512-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-7738", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/karelzak/util-linux/issues/539", refsource: "MISC", url: "https://github.com/karelzak/util-linux/issues/539", }, { name: "DSA-4134", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4134", }, { name: "103367", refsource: "BID", url: "http://www.securityfocus.com/bid/103367", }, { name: "https://bugs.debian.org/892179", refsource: "MISC", url: "https://bugs.debian.org/892179", }, { name: "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", refsource: "MISC", url: "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55", }, { name: "USN-4512-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4512-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-7738", datePublished: "2018-03-06T22:00:00", dateReserved: "2018-03-06T00:00:00", dateUpdated: "2024-12-13T13:09:22.233Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14348
Vulnerability from cvelistv5
Published
2018-08-14 16:00
Modified
2024-08-05 09:21
Severity ?
EPSS score ?
Summary
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1100365 | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/ | vendor-advisory, x_refsource_FEDORA | |
| https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/ | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:2047 | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:21:41.677Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1100365", }, { name: "FEDORA-2018-f6adf1cb62", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", }, { name: "openSUSE-SU-2018:2241", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html", }, { name: "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html", }, { name: "RHSA-2019:2047", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2047", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-30T00:00:00", descriptions: [ { lang: "en", value: "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-08-06T16:06:32", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1100365", }, { name: "FEDORA-2018-f6adf1cb62", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", }, { name: "openSUSE-SU-2018:2241", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html", }, { name: "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html", }, { name: "RHSA-2019:2047", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2047", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14348", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.suse.com/show_bug.cgi?id=1100365", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1100365", }, { name: "FEDORA-2018-f6adf1cb62", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/", }, { name: "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", refsource: "CONFIRM", url: "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", }, { name: "openSUSE-SU-2018:2241", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html", }, { name: "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html", }, { name: "RHSA-2019:2047", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2047", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14348", datePublished: "2018-08-14T16:00:00", dateReserved: "2018-07-17T00:00:00", dateUpdated: "2024-08-05T09:21:41.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31425
Vulnerability from cvelistv5
Published
2023-08-01 20:34
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:30.965Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-31425", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-18T20:19:05.869901Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-18T20:20:48.709Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.</span>", }, ], value: "A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Privilege escalation", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:29.535Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22407", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "Privilege escalation via the fosexec command", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31425", datePublished: "2023-08-01T20:34:47.165Z", dateReserved: "2023-04-28T00:14:58.124Z", dateUpdated: "2025-02-13T16:50:09.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23219
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.178Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-24", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-23219", datePublished: "2022-01-14T00:00:00", dateReserved: "2022-01-14T00:00:00", dateUpdated: "2024-08-03T03:36:20.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0778
Vulnerability from cvelistv5
Published
2022-03-15 17:05
Modified
2024-09-17 00:01
Severity ?
EPSS score ?
Summary
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:40:03.765Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20220315.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", }, { name: "DSA-5103", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5103", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", }, { name: "FEDORA-2022-a5f51502f0", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", }, { name: "FEDORA-2022-9e88b5d8d7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", }, { name: "FEDORA-2022-8bb51f6901", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220321-0002/", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-06", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-07", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-08", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213257", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213256", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213255", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/security/tns-2022-09", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220429-0005/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", }, { name: "GLSA-202210-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-02", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1)", }, { status: "affected", version: "Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)", }, ], }, ], credits: [ { lang: "en", value: "Tavis Ormandy (Google)", }, ], datePublic: "2022-03-15T00:00:00", descriptions: [ { lang: "en", value: "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#High", value: "High", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Infinite loop", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:01.186352", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20220315.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83", }, { name: "DSA-5103", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5103", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2952-1] openssl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", }, { name: "[debian-lts-announce] 20220317 [SECURITY] [DLA 2953-1] openssl1.0 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", }, { name: "FEDORA-2022-a5f51502f0", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", }, { name: "FEDORA-2022-9e88b5d8d7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", }, { name: "FEDORA-2022-8bb51f6901", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://security.netapp.com/advisory/ntap-20220321-0002/", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", }, { url: "https://www.tenable.com/security/tns-2022-06", }, { url: "https://www.tenable.com/security/tns-2022-07", }, { url: "https://www.tenable.com/security/tns-2022-08", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://support.apple.com/kb/HT213257", }, { url: "https://support.apple.com/kb/HT213256", }, { url: "https://support.apple.com/kb/HT213255", }, { url: "https://www.tenable.com/security/tns-2022-09", }, { url: "https://security.netapp.com/advisory/ntap-20220429-0005/", }, { url: "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", }, { name: "GLSA-202210-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-02", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "Infinite loop in BN_mod_sqrt() reachable when parsing certificates", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-0778", datePublished: "2022-03-15T17:05:20.382533Z", dateReserved: "2022-02-28T00:00:00", dateUpdated: "2024-09-17T00:01:02.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-36558
Vulnerability from cvelistv5
Published
2022-07-21 03:46
Modified
2024-08-04 17:30
Severity ?
EPSS score ?
Summary
A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:30:08.247Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-21T03:46:33", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-36558", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.5.7", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-36558", datePublished: "2022-07-21T03:46:33", dateReserved: "2022-07-21T00:00:00", dateUpdated: "2024-08-04T17:30:08.247Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25313
Vulnerability from cvelistv5
Published
2022-02-18 04:23
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/558 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/19/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5085 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0008/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.700Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/558", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/558", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25313", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/558", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/558", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25313", datePublished: "2022-02-18T04:23:04", dateReserved: "2022-02-18T00:00:00", dateUpdated: "2024-08-03T04:36:06.700Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31926
Vulnerability from cvelistv5
Published
2023-08-02 00:22
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.531Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22388", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c and v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.<br>", }, ], value: "System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.", }, ], impacts: [ { capecId: "CAPEC-165", descriptions: [ { lang: "en", value: "CAPEC-165 File Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-665", description: "CWE-665 Improper Initialization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:24.841Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22388", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "Arbitrary File Overwrite using less command", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31926", datePublished: "2023-08-02T00:22:14.166Z", dateReserved: "2023-04-29T01:29:30.560Z", dateUpdated: "2025-02-13T16:50:15.001Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-14404
Vulnerability from cvelistv5
Published
2018-07-19 13:00
Modified
2024-08-05 09:29
Severity ?
EPSS score ?
Summary
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html | mailing-list, x_refsource_MLIST | |
| https://gitlab.gnome.org/GNOME/libxml2/issues/10 | x_refsource_MISC | |
| https://usn.ubuntu.com/3739-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 | x_refsource_MISC | |
| https://usn.ubuntu.com/3739-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1595985 | x_refsource_MISC | |
| https://access.redhat.com/errata/RHSA-2019:1543 | vendor-advisory, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20190719-0002/ | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:29:51.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[debian-lts-announce] 20180927 [SECURITY] [DLA 1524-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/issues/10", }, { name: "USN-3739-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3739-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", }, { name: "USN-3739-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3739-2/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { name: "RHSA-2019:1543", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190719-0002/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-07-19T00:00:00", descriptions: [ { lang: "en", value: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-10T00:06:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[debian-lts-announce] 20180927 [SECURITY] [DLA 1524-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.gnome.org/GNOME/libxml2/issues/10", }, { name: "USN-3739-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3739-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", }, { name: "USN-3739-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3739-2/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { name: "RHSA-2019:1543", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190719-0002/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-14404", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[debian-lts-announce] 20180927 [SECURITY] [DLA 1524-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", }, { name: "https://gitlab.gnome.org/GNOME/libxml2/issues/10", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/issues/10", }, { name: "USN-3739-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3739-1/", }, { name: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", refsource: "MISC", url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", }, { name: "USN-3739-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3739-2/", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", }, { name: "RHSA-2019:1543", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1543", }, { name: "https://security.netapp.com/advisory/ntap-20190719-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190719-0002/", }, { name: "[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-14404", datePublished: "2018-07-19T13:00:00", dateReserved: "2018-07-19T00:00:00", dateUpdated: "2024-08-05T09:29:51.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24448
Vulnerability from cvelistv5
Published
2022-02-04 19:45
Modified
2024-08-03 04:13
Severity ?
EPSS score ?
Summary
An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.spinics.net/lists/stable/msg531976.html | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5 | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf | x_refsource_MISC | |
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf | x_refsource_MISC | |
| https://www.debian.org/security/2022/dsa-5092 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5096 | vendor-advisory, x_refsource_DEBIAN | |
| https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/ | x_refsource_MISC | |
| https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:56.018Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.spinics.net/lists/stable/msg531976.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf", }, { name: "DSA-5092", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5092", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-05T16:38:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.spinics.net/lists/stable/msg531976.html", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf", }, { name: "DSA-5092", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5092", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5096", }, { tags: [ "x_refsource_MISC", ], url: "https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a%40huawei.com/T/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-24448", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.spinics.net/lists/stable/msg531976.html", refsource: "MISC", url: "https://www.spinics.net/lists/stable/msg531976.html", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5", }, { name: "https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/ac795161c93699d600db16c1a8cc23a65a1eceaf", }, { name: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf", refsource: "MISC", url: "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac795161c93699d600db16c1a8cc23a65a1eceaf", }, { name: "DSA-5092", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5092", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5096", }, { name: "https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a@huawei.com/T/", refsource: "MISC", url: "https://lore.kernel.org/all/67d6a536-9027-1928-99b6-af512a36cd1a@huawei.com/T/", }, { name: "https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a", refsource: "MISC", url: "https://github.com/torvalds/linux/commit/ab0fc21bc7105b54bafd85bd8b82742f9e68898a", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-24448", datePublished: "2022-02-04T19:45:48", dateReserved: "2022-02-04T00:00:00", dateUpdated: "2024-08-03T04:13:56.018Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45486
Vulnerability from cvelistv5
Published
2021-12-25 01:04
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 | x_refsource_MISC | |
| https://arxiv.org/pdf/2112.09604.pdf | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:21.222Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:42:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4", }, { tags: [ "x_refsource_MISC", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45486", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4", }, { name: "https://arxiv.org/pdf/2112.09604.pdf", refsource: "MISC", url: "https://arxiv.org/pdf/2112.09604.pdf", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/ipv4/route.c?id=aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45486", datePublished: "2021-12-25T01:04:27", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:39:21.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31927
Vulnerability from cvelistv5
Published
2023-08-02 00:06
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.826Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22389", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-31927", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-18T14:41:13.883150Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-18T14:41:27.885Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.2.0 and v9.1.1c", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.<br>", }, ], value: "An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.", }, ], impacts: [ { descriptions: [ { lang: "en", value: "Information disclosure", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:27.975Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22389", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "An information disclosure in the web interface of Brocade Fabric OS", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31927", datePublished: "2023-08-02T00:06:48.374Z", dateReserved: "2023-04-29T01:29:30.560Z", dateUpdated: "2025-02-13T16:50:15.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31429
Vulnerability from cvelistv5
Published
2023-08-01 20:20
Modified
2024-10-15 14:12
Severity ?
EPSS score ?
Summary
Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:30.864Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-31429", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T14:08:06.655868Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T14:12:35.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c, v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.</span>", }, ], value: "Brocade Fabric OS before Brocade Fabric OS 9.1.1c, 9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.", }, ], impacts: [ { capecId: "CAPEC-155", descriptions: [ { lang: "en", value: "CAPEC-155: Screen Temporary Files for Sensitive Information", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-18T21:53:45.190Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22408", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "INTERNAL", }, title: "Multiple commands print sensitive information in the terminal", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31429", datePublished: "2023-08-01T20:20:52.128Z", dateReserved: "2023-04-28T00:14:58.125Z", dateUpdated: "2024-10-15T14:12:35.099Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31427
Vulnerability from cvelistv5
Published
2023-08-01 22:46
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:31.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22379", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "after 9.1.0 and before Brocade Fabric OS v9.2.0 and v9.1.1c", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.</span>\n\n<br></p>", }, ], value: "Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:31.179Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22379", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "Knowledge of full path name", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31427", datePublished: "2023-08-01T22:46:17.756Z", dateReserved: "2023-04-28T00:14:58.125Z", dateUpdated: "2025-02-13T16:50:10.000Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25235
Vulnerability from cvelistv5
Published
2022-02-16 00:40
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/562 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/02/19/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5085 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220303-0008/ | x_refsource_CONFIRM | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202209-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.591Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/562", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:09", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/562", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25235", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/562", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/562", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25235", datePublished: "2022-02-16T00:40:20", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.591Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0220
Vulnerability from cvelistv5
Published
2019-06-11 20:49
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: 2.4.0 to 2.4.38 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:15.395Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20190401 CVE-2019-0220: URL normalization inconsistincies", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/04/02/6", }, { name: "107670", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107670", }, { name: "20190403 [SECURITY] [DSA 4422-1] apache2 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Apr/5", }, { name: "[debian-lts-announce] 20190403 [SECURITY] [DLA 1748-1] apache2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html", }, { name: "USN-3937-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3937-1/", }, { name: "FEDORA-2019-cf7695b470", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { name: "DSA-4422", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4422", }, { name: "FEDORA-2019-119b14075a", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { name: "openSUSE-SU-2019:1190", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { name: "openSUSE-SU-2019:1209", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { name: "openSUSE-SU-2019:1258", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { name: "FEDORA-2019-a4ed7400f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { name: "RHSA-2019:2343", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2343", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { name: "RHSA-2019:3436", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3436", }, { name: "RHSA-2019:4126", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:4126", }, { name: "RHSA-2020:0250", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0250", }, { name: "RHSA-2020:0251", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0251", }, { name: "[httpd-bugs] 20200325 [Bug 63437] MergeSlashes option breaks protocol specifier in URIs", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K44591505", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20190625-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache HTTP Server", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "2.4.0 to 2.4.38", }, ], }, ], datePublic: "2019-04-01T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.", }, ], problemTypes: [ { descriptions: [ { description: "URL normalization inconsistencies", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-22T17:58:57", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[oss-security] 20190401 CVE-2019-0220: URL normalization inconsistincies", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/04/02/6", }, { name: "107670", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107670", }, { name: "20190403 [SECURITY] [DSA 4422-1] apache2 security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Apr/5", }, { name: "[debian-lts-announce] 20190403 [SECURITY] [DLA 1748-1] apache2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html", }, { name: "USN-3937-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3937-1/", }, { name: "FEDORA-2019-cf7695b470", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { name: "DSA-4422", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4422", }, { name: "FEDORA-2019-119b14075a", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { name: "openSUSE-SU-2019:1190", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { name: "openSUSE-SU-2019:1209", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { name: "openSUSE-SU-2019:1258", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { name: "FEDORA-2019-a4ed7400f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { name: "RHSA-2019:2343", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2343", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", }, { name: "RHSA-2019:3436", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3436", }, { name: "RHSA-2019:4126", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:4126", }, { name: "RHSA-2020:0250", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0250", }, { name: "RHSA-2020:0251", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0251", }, { name: "[httpd-bugs] 20200325 [Bug 63437] MergeSlashes option breaks protocol specifier in URIs", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7%40%3Cbugs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K44591505", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20190625-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0220", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_value: "2.4.0 to 2.4.38", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "URL normalization inconsistencies", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20190401 CVE-2019-0220: URL normalization inconsistincies", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/04/02/6", }, { name: "107670", refsource: "BID", url: "http://www.securityfocus.com/bid/107670", }, { name: "20190403 [SECURITY] [DSA 4422-1] apache2 security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Apr/5", }, { name: "[debian-lts-announce] 20190403 [SECURITY] [DLA 1748-1] apache2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html", }, { name: "USN-3937-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3937-1/", }, { name: "FEDORA-2019-cf7695b470", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", }, { name: "DSA-4422", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4422", }, { name: "FEDORA-2019-119b14075a", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", }, { name: "openSUSE-SU-2019:1190", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", }, { name: "openSUSE-SU-2019:1209", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", }, { name: "openSUSE-SU-2019:1258", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", }, { name: "FEDORA-2019-a4ed7400f4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", }, { name: "RHSA-2019:2343", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2343", }, { name: "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E", }, { name: "RHSA-2019:3436", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3436", }, { name: "RHSA-2019:4126", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:4126", }, { name: "RHSA-2020:0250", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0250", }, { name: "RHSA-2020:0251", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0251", }, { name: "[httpd-bugs] 20200325 [Bug 63437] MergeSlashes option breaks protocol specifier in URIs", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r31f46d1f16ffcafa68058596b21f6eaf6d352290e522690a1cdccdd7@%3Cbugs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://httpd.apache.org/security/vulnerabilities_24.html", refsource: "CONFIRM", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "https://support.f5.com/csp/article/K44591505", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K44591505", }, { name: "https://security.netapp.com/advisory/ntap-20190625-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20190625-0007/", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E", }, { name: "[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0220", datePublished: "2019-06-11T20:49:50", dateReserved: "2018-11-14T00:00:00", dateUpdated: "2024-08-04T17:44:15.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-25236
Vulnerability from cvelistv5
Published
2022-02-16 00:39
Modified
2024-08-03 04:36
Severity ?
EPSS score ?
Summary
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:36:06.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libexpat/libexpat/pull/561", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-29T16:07:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libexpat/libexpat/pull/561", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202209-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-25236", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libexpat/libexpat/pull/561", refsource: "MISC", url: "https://github.com/libexpat/libexpat/pull/561", }, { name: "[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/02/19/1", }, { name: "DSA-5085", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5085", }, { name: "FEDORA-2022-04f206996b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/", }, { name: "FEDORA-2022-3d9d67f558", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/", }, { name: "[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220303-0008/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220303-0008/", }, { name: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", }, { name: "GLSA-202209-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202209-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-25236", datePublished: "2022-02-16T00:39:16", dateReserved: "2022-02-16T00:00:00", dateUpdated: "2024-08-03T04:36:06.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31431
Vulnerability from cvelistv5
Published
2023-08-01 23:23
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:31.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22384", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c, v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.<br>", }, ], value: "A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.", }, ], impacts: [ { capecId: "CAPEC-25", descriptions: [ { lang: "en", value: "CAPEC-25 Forced Deadlock", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:20.105Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22384", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "A buffer overflow vulnerability in “diagstatus” command", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31431", datePublished: "2023-08-01T23:23:18.522Z", dateReserved: "2023-04-28T00:14:58.125Z", dateUpdated: "2025-02-13T16:50:11.782Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41617
Vulnerability from cvelistv5
Published
2021-09-26 00:00
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:29.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssh.com/security.html", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2021/09/26/1", }, { tags: [ "x_transferred", ], url: "https://www.openssh.com/txt/release-8.8", }, { name: "FEDORA-2021-1f7339271d", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/", }, { name: "FEDORA-2021-f8df0f8563", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/", }, { name: "FEDORA-2021-fa0e94198f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1190975", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211014-0004/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://www.starwindsoftware.com/security/sw-20220805-0001/", }, { tags: [ "x_transferred", ], url: "https://www.tenable.com/plugins/nessus/154174", }, { name: "DSA-5586", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-26T04:06:21.619780", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openssh.com/security.html", }, { url: "https://www.openwall.com/lists/oss-security/2021/09/26/1", }, { url: "https://www.openssh.com/txt/release-8.8", }, { name: "FEDORA-2021-1f7339271d", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/", }, { name: "FEDORA-2021-f8df0f8563", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/", }, { name: "FEDORA-2021-fa0e94198f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/", }, { url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1190975", }, { url: "https://security.netapp.com/advisory/ntap-20211014-0004/", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://www.starwindsoftware.com/security/sw-20220805-0001/", }, { url: "https://www.tenable.com/plugins/nessus/154174", }, { name: "DSA-5586", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5586", }, { name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41617", datePublished: "2021-09-26T00:00:00", dateReserved: "2021-09-26T00:00:00", dateUpdated: "2024-08-04T03:15:29.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45485
Vulnerability from cvelistv5
Published
2021-12-25 01:05
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3 | x_refsource_MISC | |
| https://arxiv.org/pdf/2112.09604.pdf | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220121-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:21.141Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:42:06", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { tags: [ "x_refsource_MISC", ], url: "https://arxiv.org/pdf/2112.09604.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.3", }, { name: "https://arxiv.org/pdf/2112.09604.pdf", refsource: "MISC", url: "https://arxiv.org/pdf/2112.09604.pdf", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=62f20e068ccc50d6ab66fdb72ba90da2b9418c99", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20220121-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220121-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45485", datePublished: "2021-12-25T01:05:07", dateReserved: "2021-12-25T00:00:00", dateUpdated: "2024-08-04T04:39:21.141Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0322
Vulnerability from cvelistv5
Published
2022-03-25 18:02
Modified
2024-08-02 23:25
Severity ?
EPSS score ?
Summary
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2042822 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:25:40.198Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "kernel", vendor: "n/a", versions: [ { status: "affected", version: "kernel 5.15 rc6", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-681", description: "CWE-681", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:44:33", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2022-0322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "kernel", version: { version_data: [ { version_value: "kernel 5.15 rc6", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-681", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2022-0322", datePublished: "2022-03-25T18:02:58", dateReserved: "2022-01-20T00:00:00", dateUpdated: "2024-08-02T23:25:40.198Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-20193
Vulnerability from cvelistv5
Published
2021-03-26 16:41
Modified
2024-08-03 17:30
Severity ?
EPSS score ?
Summary
A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1917565 | x_refsource_MISC | |
| https://savannah.gnu.org/bugs/?59897 | x_refsource_MISC | |
| https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-29 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:30:07.480Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1917565", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://savannah.gnu.org/bugs/?59897", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777", }, { name: "GLSA-202105-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-29", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "tar", vendor: "n/a", versions: [ { status: "affected", version: "1.33 and earlier", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-401", description: "CWE-401->CWE-125", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-26T11:08:51", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1917565", }, { tags: [ "x_refsource_MISC", ], url: "https://savannah.gnu.org/bugs/?59897", }, { tags: [ "x_refsource_MISC", ], url: "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777", }, { name: "GLSA-202105-29", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-29", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-20193", datePublished: "2021-03-26T16:41:23", dateReserved: "2020-12-17T00:00:00", dateUpdated: "2024-08-03T17:30:07.480Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-3800
Vulnerability from cvelistv5
Published
2022-08-23 00:00
Modified
2024-08-03 17:09
Severity ?
EPSS score ?
Summary
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:09:08.749Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1938284", }, { tags: [ "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2021-3800", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2017/06/23/8", }, { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995", }, { name: "[debian-lts-announce] 20220915 [SECURITY] [DLA 3110-1] glib2.0 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221028-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Glib", vendor: "n/a", versions: [ { status: "affected", version: "Fixed in glib2 2.63.6", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-28T00:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1938284", }, { url: "https://access.redhat.com/security/cve/CVE-2021-3800", }, { url: "https://www.openwall.com/lists/oss-security/2017/06/23/8", }, { url: "https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a51995", }, { name: "[debian-lts-announce] 20220915 [SECURITY] [DLA 3110-1] glib2.0 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html", }, { url: "https://security.netapp.com/advisory/ntap-20221028-0004/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-3800", datePublished: "2022-08-23T00:00:00", dateReserved: "2021-09-14T00:00:00", dateUpdated: "2024-08-03T17:09:08.749Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2068
Vulnerability from cvelistv5
Published
2022-06-21 14:45
Modified
2024-09-16 19:41
Severity ?
EPSS score ?
Summary
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:44.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20220621.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", }, { name: "DSA-5169", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5169", }, { name: "FEDORA-2022-3b7d0abd0b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220707-0008/", }, { name: "FEDORA-2022-41890e9e44", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3)", }, { status: "affected", version: "Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze)", }, ], }, ], credits: [ { lang: "en", value: "Chancen (Qingteng 73lab)", }, ], datePublic: "2022-06-21T00:00:00", descriptions: [ { lang: "en", value: "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Command injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-10T00:00:00", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20220621.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", }, { name: "DSA-5169", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5169", }, { name: "FEDORA-2022-3b7d0abd0b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", }, { url: "https://security.netapp.com/advisory/ntap-20220707-0008/", }, { name: "FEDORA-2022-41890e9e44", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, ], title: "The c_rehash script allows command injection", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-2068", datePublished: "2022-06-21T14:45:20.597138Z", dateReserved: "2022-06-13T00:00:00", dateUpdated: "2024-09-16T19:41:46.658Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31928
Vulnerability from cvelistv5
Published
2023-08-01 23:53
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22390", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.</span>", }, ], value: "A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.", }, ], impacts: [ { capecId: "CAPEC-243", descriptions: [ { lang: "en", value: "CAPEC-243 XSS Targeting HTML Attributes", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:18.550Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22390", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "XSS vulnerability in Brocade Webtools", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31928", datePublished: "2023-08-01T23:53:58.100Z", dateReserved: "2023-04-29T01:29:30.560Z", dateUpdated: "2025-02-13T16:50:16.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-0146
Vulnerability from cvelistv5
Published
2021-11-17 19:25
Modified
2024-08-03 15:32
Severity ?
EPSS score ?
Summary
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211210-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) processors which |
Version: See references |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T15:32:09.490Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211210-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Intel(R) processors which", vendor: "n/a", versions: [ { status: "affected", version: "See references", }, ], }, ], descriptions: [ { lang: "en", value: "Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.", }, ], problemTypes: [ { descriptions: [ { description: "escalation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-10T06:06:31", orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", shortName: "intel", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211210-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@intel.com", ID: "CVE-2021-0146", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Intel(R) processors which", version: { version_data: [ { version_value: "See references", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "escalation of privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html", refsource: "MISC", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html", }, { name: "https://security.netapp.com/advisory/ntap-20211210-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211210-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce", assignerShortName: "intel", cveId: "CVE-2021-0146", datePublished: "2021-11-17T19:25:13", dateReserved: "2020-10-22T00:00:00", dateUpdated: "2024-08-03T15:32:09.490Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0060
Vulnerability from cvelistv5
Published
2012-06-04 20:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:17.306Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "RHSA-2012:0531", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html", }, { name: "MDVSA-2012:056", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056", }, { name: "1026882", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1026882", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://rpm.org/wiki/Releases/4.9.1.3", }, { name: "48716", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48716", }, { name: "81010", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/81010", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=744858", }, { name: "48651", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/48651", }, { name: "RHSA-2012:0451", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0451.html", }, { name: "FEDORA-2012-5421", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190", }, { name: "52865", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52865", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29", }, { name: "USN-1695-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1695-1", }, { name: "openSUSE-SU-2012:0588", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "https://hermes.opensuse.org/messages/14440932", }, { name: "49110", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49110", }, { name: "rpm-loadsigverify-code-execution(74582)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582", }, { name: "FEDORA-2012-5420", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html", }, { name: "FEDORA-2012-5298", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html", }, { name: "openSUSE-SU-2012:0589", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "https://hermes.opensuse.org/messages/14441362", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-04T00:00:00", descriptions: [ { lang: "en", value: "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-17T19:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "RHSA-2012:0531", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html", }, { name: "MDVSA-2012:056", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056", }, { name: "1026882", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1026882", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://rpm.org/wiki/Releases/4.9.1.3", }, { name: "48716", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48716", }, { name: "81010", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/81010", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=744858", }, { name: "48651", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/48651", }, { name: "RHSA-2012:0451", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-0451.html", }, { name: "FEDORA-2012-5421", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190", }, { name: "52865", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52865", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://rpm.org/gitweb?p=rpm.git%3Ba=commitdiff%3Bh=f23998251992b8ae25faf5113c42fee2c49c7f29", }, { name: "USN-1695-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1695-1", }, { name: "openSUSE-SU-2012:0588", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "https://hermes.opensuse.org/messages/14440932", }, { name: "49110", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49110", }, { name: "rpm-loadsigverify-code-execution(74582)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582", }, { name: "FEDORA-2012-5420", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html", }, { name: "FEDORA-2012-5298", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html", }, { name: "openSUSE-SU-2012:0589", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "https://hermes.opensuse.org/messages/14441362", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-0060", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", }, { name: "RHSA-2012:0531", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0531.html", }, { name: "MDVSA-2012:056", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2012:056", }, { name: "1026882", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1026882", }, { name: "http://rpm.org/wiki/Releases/4.9.1.3", refsource: "CONFIRM", url: "http://rpm.org/wiki/Releases/4.9.1.3", }, { name: "48716", refsource: "SECUNIA", url: "http://secunia.com/advisories/48716", }, { name: "81010", refsource: "OSVDB", url: "http://www.osvdb.org/81010", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=744858", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=744858", }, { name: "48651", refsource: "SECUNIA", url: "http://secunia.com/advisories/48651", }, { name: "RHSA-2012:0451", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-0451.html", }, { name: "FEDORA-2012-5421", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078907.html", }, { name: "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190", refsource: "CONFIRM", url: "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190", }, { name: "52865", refsource: "BID", url: "http://www.securityfocus.com/bid/52865", }, { name: "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29", refsource: "CONFIRM", url: "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29", }, { name: "USN-1695-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1695-1", }, { name: "openSUSE-SU-2012:0588", refsource: "SUSE", url: "https://hermes.opensuse.org/messages/14440932", }, { name: "49110", refsource: "SECUNIA", url: "http://secunia.com/advisories/49110", }, { name: "rpm-loadsigverify-code-execution(74582)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/74582", }, { name: "FEDORA-2012-5420", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078819.html", }, { name: "FEDORA-2012-5298", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077960.html", }, { name: "openSUSE-SU-2012:0589", refsource: "SUSE", url: "https://hermes.opensuse.org/messages/14441362", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0060", datePublished: "2012-06-04T20:00:00", dateReserved: "2011-12-07T00:00:00", dateUpdated: "2024-08-06T18:09:17.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44792
Vulnerability from cvelistv5
Published
2022-11-07 00:00
Modified
2024-08-03 14:01
Severity ?
EPSS score ?
Summary
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:01:31.305Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/issues/474", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428", }, { name: "[debian-lts-announce] 20230115 [SECURITY] [DLA 3270-1] net-snmp security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230223-0011/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-23T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/net-snmp/net-snmp/issues/474", }, { url: "https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428", }, { name: "[debian-lts-announce] 20230115 [SECURITY] [DLA 3270-1] net-snmp security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00010.html", }, { url: "https://security.netapp.com/advisory/ntap-20230223-0011/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-44792", datePublished: "2022-11-07T00:00:00", dateReserved: "2022-11-07T00:00:00", dateUpdated: "2024-08-03T14:01:31.305Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31428
Vulnerability from cvelistv5
Published
2023-08-01 23:41
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:30.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22380", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-31428", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-11T13:03:12.520187Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-11T14:08:28.685Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c, v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.<br>", }, ], value: "Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.", }, ], impacts: [ { capecId: "CAPEC-23", descriptions: [ { lang: "en", value: "CAPEC-23 File Content Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:26.435Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22380", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "CLI allows upload or transfer files of dangerous types", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31428", datePublished: "2023-08-01T23:41:41.990Z", dateReserved: "2023-04-28T00:14:58.125Z", dateUpdated: "2025-02-13T16:50:10.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4917
Vulnerability from cvelistv5
Published
2022-04-18 16:20
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lkml.org/lkml/2011/11/7/340 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2011/12/28/4 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Linux kernel |
Version: Linux kernel through 3.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:23:38.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lkml.org/lkml/2011/11/7/340", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2011/12/28/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux kernel", vendor: "n/a", versions: [ { status: "affected", version: "Linux kernel through 3.1", }, ], }, ], descriptions: [ { lang: "en", value: "In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-04-18T16:20:43", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lkml.org/lkml/2011/11/7/340", }, { tags: [ "x_refsource_MISC", ], url: "https://www.openwall.com/lists/oss-security/2011/12/28/4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2011-4917", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux kernel", version: { version_data: [ { version_value: "Linux kernel through 3.1", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200", }, ], }, ], }, references: { reference_data: [ { name: "https://lkml.org/lkml/2011/11/7/340", refsource: "MISC", url: "https://lkml.org/lkml/2011/11/7/340", }, { name: "https://www.openwall.com/lists/oss-security/2011/12/28/4", refsource: "MISC", url: "https://www.openwall.com/lists/oss-security/2011/12/28/4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4917", datePublished: "2022-04-18T16:20:43", dateReserved: "2011-12-23T00:00:00", dateUpdated: "2024-08-07T00:23:38.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-2097
Vulnerability from cvelistv5
Published
2022-07-05 10:30
Modified
2024-09-17 01:06
Severity ?
EPSS score ?
Summary
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T00:24:44.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20220705.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431", }, { name: "FEDORA-2022-3fdc2d3047", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", }, { name: "FEDORA-2022-89a17be281", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220715-0011/", }, { name: "FEDORA-2022-41890e9e44", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { name: "GLSA-202210-02", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-02", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, { name: "DSA-5343", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5343", }, { name: "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230420-0008/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssl", vendor: "openssl", versions: [ { lessThan: "1.1.1q", status: "affected", version: "1.1.1", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:openssl:openssl:3.0.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openssl", vendor: "openssl", versions: [ { lessThan: "3.0.5", status: "affected", version: "3.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:netapp:ontap_antivirus_connector:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ontap_antivirus_connector", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ontap_select_deploy_administration_utility", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "35", }, { status: "affected", version: "36", }, ], }, { cpes: [ "cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "active_iq_unified_manager_for_vmware_vsphere", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:hci_baseboard_management_controller:h300s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410c:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h410s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h500s:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:hci_baseboard_management_controller:h700s:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "hci_baseboard_management_controller", vendor: "netapp", versions: [ { status: "affected", version: "h300s", }, { status: "affected", version: "h410c", }, { status: "affected", version: "h410s", }, { status: "affected", version: "h500s", }, { status: "affected", version: "h700s", }, ], }, { cpes: [ "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "brocade_fabric_operating_system_firmware", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:snapcenter:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapcenter", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "oncommand_insight", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:netapp:smi-s_provider:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "smi-s_provider", vendor: "netapp", versions: [ { status: "affected", version: "0", }, ], }, { cpes: [ "cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sinec_ins", vendor: "siemens", versions: [ { lessThan: "1.0_sp2_update_1", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "debian_linux", vendor: "debian", versions: [ { status: "affected", version: "10.0", }, { status: "affected", version: "11.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-2097", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T19:45:07.166681Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-08T15:19:36.662Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4)", }, { status: "affected", version: "Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p)", }, ], }, ], credits: [ { lang: "en", value: "Alex Chernyakhovsky", }, ], datePublic: "2022-07-05T00:00:00", descriptions: [ { lang: "en", value: "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Fencepost error", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-21T19:07:25.963480", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20220705.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431", }, { name: "FEDORA-2022-3fdc2d3047", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", }, { name: "FEDORA-2022-89a17be281", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", }, { url: "https://security.netapp.com/advisory/ntap-20220715-0011/", }, { name: "FEDORA-2022-41890e9e44", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", }, { name: "GLSA-202210-02", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-02", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", }, { name: "DSA-5343", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2023/dsa-5343", }, { name: "[debian-lts-announce] 20230220 [SECURITY] [DLA 3325-1] openssl security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", }, { url: "https://security.netapp.com/advisory/ntap-20230420-0008/", }, { url: "https://security.netapp.com/advisory/ntap-20240621-0006/", }, ], title: "AES OCB fails to encrypt some bytes", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-2097", datePublished: "2022-07-05T10:30:13.658000Z", dateReserved: "2022-06-16T00:00:00", dateUpdated: "2024-09-17T01:06:49.390Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-4145
Vulnerability from cvelistv5
Published
2022-01-25 19:11
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2034602 | x_refsource_MISC | |
| https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220311-0004/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-27 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T17:16:04.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2034602", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220311-0004/", }, { name: "GLSA-202208-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-27", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "QEMU", vendor: "n/a", versions: [ { status: "affected", version: "qemu-kvm 6.2.0", }, ], }, ], descriptions: [ { lang: "en", value: "A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-14T18:12:08", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2034602", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220311-0004/", }, { name: "GLSA-202208-27", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202208-27", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2021-4145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "QEMU", version: { version_data: [ { version_value: "qemu-kvm 6.2.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.redhat.com/show_bug.cgi?id=2034602", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2034602", }, { name: "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd", refsource: "MISC", url: "https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd", }, { name: "https://security.netapp.com/advisory/ntap-20220311-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220311-0004/", }, { name: "GLSA-202208-27", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202208-27", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2021-4145", datePublished: "2022-01-25T19:11:14", dateReserved: "2021-12-21T00:00:00", dateUpdated: "2024-08-03T17:16:04.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0739
Vulnerability from cvelistv5
Published
2018-03-27 21:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:35:49.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3611-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3611-2/", }, { name: "DSA-4158", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4158", }, { name: "GLSA-201811-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201811-21", }, { name: "RHSA-2019:0367", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0367", }, { name: "DSA-4157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4157", }, { name: "RHSA-2018:3505", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3505", }, { name: "103518", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/103518", }, { name: "1040576", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040576", }, { name: "RHSA-2018:3221", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3221", }, { name: "105609", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105609", }, { name: "USN-3611-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3611-1/", }, { name: "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html", }, { name: "RHSA-2019:0366", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:0366", }, { name: "RHSA-2018:3090", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2018:3090", }, { name: "RHSA-2019:1711", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1711", }, { name: "RHSA-2019:1712", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:1712", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { name: "GLSA-202007-53", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-53", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-07", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-04", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2018-06", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20180330-0002/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20180327.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)", }, { status: "affected", version: "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)", }, ], }, ], credits: [ { lang: "en", value: "OSS-fuzz", }, ], datePublic: "2018-03-27T00:00:00", descriptions: [ { lang: "en", value: "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Stack overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-20T22:53:11", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "USN-3611-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3611-2/", }, { name: "DSA-4158", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4158", }, { name: "GLSA-201811-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201811-21", }, { name: "RHSA-2019:0367", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0367", }, { name: "DSA-4157", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4157", }, { name: "RHSA-2018:3505", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3505", }, { name: "103518", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/103518", }, { name: "1040576", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040576", }, { name: "RHSA-2018:3221", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3221", }, { name: "105609", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105609", }, { name: "USN-3611-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3611-1/", }, { name: "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html", }, { name: "RHSA-2019:0366", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:0366", }, { name: "RHSA-2018:3090", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2018:3090", }, { name: "RHSA-2019:1711", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1711", }, { name: "RHSA-2019:1712", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:1712", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { name: "GLSA-202007-53", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-53", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-07", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-04", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2018-06", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20180330-0002/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.openssl.org/news/secadv/20180327.txt", }, ], title: "Constructed ASN.1 types with a recursive definition could exceed the stack", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "openssl-security@openssl.org", DATE_PUBLIC: "2018-03-27", ID: "CVE-2018-0739", STATE: "PUBLIC", TITLE: "Constructed ASN.1 types with a recursive definition could exceed the stack", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "OpenSSL", version: { version_data: [ { version_value: "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)", }, { version_value: "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)", }, ], }, }, ], }, vendor_name: "OpenSSL", }, ], }, }, credit: [ { lang: "eng", value: "OSS-fuzz", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).", }, ], }, impact: [ { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#Moderate", value: "Moderate", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stack overflow", }, ], }, ], }, references: { reference_data: [ { name: "USN-3611-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3611-2/", }, { name: "DSA-4158", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4158", }, { name: "GLSA-201811-21", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201811-21", }, { name: "RHSA-2019:0367", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0367", }, { name: "DSA-4157", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4157", }, { name: "RHSA-2018:3505", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3505", }, { name: "103518", refsource: "BID", url: "http://www.securityfocus.com/bid/103518", }, { name: "1040576", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040576", }, { name: "RHSA-2018:3221", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3221", }, { name: "105609", refsource: "BID", url: "http://www.securityfocus.com/bid/105609", }, { name: "USN-3611-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3611-1/", }, { name: "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html", }, { name: "RHSA-2019:0366", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:0366", }, { name: "RHSA-2018:3090", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2018:3090", }, { name: "RHSA-2019:1711", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1711", }, { name: "RHSA-2019:1712", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:1712", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://security.netapp.com/advisory/ntap-20180726-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180726-0002/", }, { name: "GLSA-202007-53", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-53", }, { name: "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", refsource: "CONFIRM", url: "https://securityadvisories.paloaltonetworks.com/Home/Detail/133", }, { name: "https://www.oracle.com//security-alerts/cpujul2021.html", refsource: "MISC", url: "https://www.oracle.com//security-alerts/cpujul2021.html", }, { name: "https://www.tenable.com/security/tns-2018-07", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-07", }, { name: "https://www.tenable.com/security/tns-2018-04", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-04", }, { name: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", refsource: "CONFIRM", url: "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33", }, { name: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d", refsource: "CONFIRM", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d", }, { name: "https://www.tenable.com/security/tns-2018-06", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2018-06", }, { name: "https://security.netapp.com/advisory/ntap-20180330-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20180330-0002/", }, { name: "https://www.openssl.org/news/secadv/20180327.txt", refsource: "CONFIRM", url: "https://www.openssl.org/news/secadv/20180327.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2018-0739", datePublished: "2018-03-27T21:00:00Z", dateReserved: "2017-11-30T00:00:00", dateUpdated: "2024-09-16T22:35:29.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28614
Vulnerability from cvelistv5
Published
2022-06-08 10:00
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://httpd.apache.org/security/vulnerabilities_24.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/06/08/4 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220624-0005/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202208-20 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "[oss-security] 20220608 CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/06/08/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220624-0005/", }, { name: "FEDORA-2022-e620fb15d5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", }, { name: "FEDORA-2022-b54a8dee29", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", }, { name: "GLSA-202208-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache HTTP Server", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.4.53", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue", }, ], descriptions: [ { lang: "en", value: "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-14T01:06:39", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "[oss-security] 20220608 CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/06/08/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220624-0005/", }, { name: "FEDORA-2022-e620fb15d5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", }, { name: "FEDORA-2022-b54a8dee29", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", }, { name: "GLSA-202208-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202208-20", }, ], source: { discovery: "UNKNOWN", }, timeline: [ { lang: "en", time: "2022-06-08T00:00:00", value: "released in 2.4.54", }, ], title: "read beyond bounds via ap_rwrite() ", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-28614", STATE: "PUBLIC", TITLE: "read beyond bounds via ap_rwrite() ", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_affected: "<=", version_value: "2.4.53", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "low", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-190 Integer Overflow or Wraparound", }, ], }, { description: [ { lang: "eng", value: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://httpd.apache.org/security/vulnerabilities_24.html", refsource: "MISC", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "[oss-security] 20220608 CVE-2022-28614: Apache HTTP Server: read beyond bounds via ap_rwrite()", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/06/08/4", }, { name: "https://security.netapp.com/advisory/ntap-20220624-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220624-0005/", }, { name: "FEDORA-2022-e620fb15d5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", }, { name: "FEDORA-2022-b54a8dee29", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", }, { name: "GLSA-202208-20", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202208-20", }, ], }, source: { discovery: "UNKNOWN", }, timeline: [ { lang: "en", time: "2022-06-08T00:00:00", value: "released in 2.4.54", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-28614", datePublished: "2022-06-08T10:00:48", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3786
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:20:58.788Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.openssl.org/news/secadv/20221101.txt", }, { name: "3.0.7 git commit", tags: [ "patch", "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "OpenSSL", vendor: "OpenSSL", versions: [ { lessThan: "3.0.7", status: "affected", version: "3.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Viktor Dukhovni", }, ], datePublic: "2022-11-01T00:00:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.</p>", }, ], value: "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.\n\n", }, ], metrics: [ { format: "other", other: { content: { text: "HIGH", }, type: "https://www.openssl.org/policies/secpolicy.html#high", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer overflow", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-04T07:28:32.835Z", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { name: "OpenSSL Advisory", tags: [ "vendor-advisory", ], url: "https://www.openssl.org/news/secadv/20221101.txt", }, { name: "3.0.7 git commit", tags: [ "patch", ], url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a", }, ], source: { discovery: "UNKNOWN", }, title: "X.509 Email Address Variable Length Buffer Overflow", x_generator: { engine: "Vulnogram 0.1.0-dev", importer: "vulnxml2json5.py 2022-11-04 07:19:07.034873", }, }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-3786", datePublished: "2022-11-01T00:00:00", dateReserved: "2022-11-01T00:00:00", dateUpdated: "2024-08-03T01:20:58.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-0155
Vulnerability from cvelistv5
Published
2022-01-10 19:30
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 | x_refsource_CONFIRM | |
| https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 | x_refsource_MISC | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| follow-redirects | follow-redirects/follow-redirects |
Version: unspecified < 1.14.7 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T23:18:42.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "follow-redirects/follow-redirects", vendor: "follow-redirects", versions: [ { lessThan: "1.14.7", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-359", description: "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-13T11:06:25", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntrdev", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, ], source: { advisory: "fc524e4b-ebb6-427d-ab67-a64181020406", discovery: "EXTERNAL", }, title: "Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@huntr.dev", ID: "CVE-2022-0155", STATE: "PUBLIC", TITLE: "Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "follow-redirects/follow-redirects", version: { version_data: [ { version_affected: "<", version_value: "1.14.7", }, ], }, }, ], }, vendor_name: "follow-redirects", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406", refsource: "CONFIRM", url: "https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406", }, { name: "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22", refsource: "MISC", url: "https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", }, ], }, source: { advisory: "fc524e4b-ebb6-427d-ab67-a64181020406", discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntrdev", cveId: "CVE-2022-0155", datePublished: "2022-01-10T19:30:10", dateReserved: "2022-01-07T00:00:00", dateUpdated: "2024-08-02T23:18:42.041Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-36557
Vulnerability from cvelistv5
Published
2022-07-21 03:46
Modified
2024-08-04 17:30
Severity ?
EPSS score ?
Summary
A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:30:08.357Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-21T03:46:49", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-36557", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca4463bf8438b403596edd0ec961ca0d4fbe0220", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-36557", datePublished: "2022-07-21T03:46:49", dateReserved: "2022-07-21T00:00:00", dateUpdated: "2024-08-04T17:30:08.357Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-39275
Vulnerability from cvelistv5
Published
2021-09-16 14:40
Modified
2024-08-04 02:06
Severity ?
EPSS score ?
Summary
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server 2.4 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T02:06:42.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "FEDORA-2021-dce7e7738e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", }, { name: "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", }, { name: "FEDORA-2021-e3f6dd670d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", }, { name: "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", }, { name: "DSA-4982", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4982", }, { name: "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211008-0004/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", }, { name: "GLSA-202208-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache HTTP Server", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.4.48", status: "affected", version: "Apache HTTP Server 2.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "ClusterFuzz", }, ], descriptions: [ { lang: "en", value: "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-14T01:06:08", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "FEDORA-2021-dce7e7738e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", }, { name: "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", }, { name: "FEDORA-2021-e3f6dd670d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", }, { name: "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", }, { name: "DSA-4982", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4982", }, { name: "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211008-0004/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", }, { name: "GLSA-202208-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202208-20", }, ], source: { discovery: "UNKNOWN", }, timeline: [ { lang: "en", time: "2021-09-16T00:00:00", value: "2.4.49 released", }, ], title: "ap_escape_quotes buffer overflow", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-39275", STATE: "PUBLIC", TITLE: "ap_escape_quotes buffer overflow", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_affected: "<=", version_name: "Apache HTTP Server 2.4", version_value: "2.4.48", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "ClusterFuzz", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "low", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer Overflow", }, ], }, ], }, references: { reference_data: [ { name: "https://httpd.apache.org/security/vulnerabilities_24.html", refsource: "MISC", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "FEDORA-2021-dce7e7738e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", }, { name: "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E", }, { name: "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E", }, { name: "FEDORA-2021-e3f6dd670d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", }, { name: "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", }, { name: "DSA-4982", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4982", }, { name: "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", }, { name: "https://www.oracle.com/security-alerts/cpujan2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { name: "https://security.netapp.com/advisory/ntap-20211008-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211008-0004/", }, { name: "https://www.oracle.com/security-alerts/cpuapr2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", }, { name: "GLSA-202208-20", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202208-20", }, ], }, source: { discovery: "UNKNOWN", }, timeline: [ { lang: "en", time: "2021-09-16T00:00:00", value: "2.4.49 released", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-39275", datePublished: "2021-09-16T14:40:22", dateReserved: "2021-08-18T00:00:00", dateUpdated: "2024-08-04T02:06:42.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31426
Vulnerability from cvelistv5
Published
2023-08-01 21:18
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade | Brocade Fabric OS |
Version: before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-31426", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-14T14:15:50.047091Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-20T15:01:31.722Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T14:53:31.068Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Brocade Fabric OS ", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<p>The Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.</p>\n\n</span>\n\n", }, ], value: "\n\n\nThe Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\n\n\n\n\n\n", }, ], impacts: [ { capecId: "CAPEC-155", descriptions: [ { lang: "en", value: "CAPEC-155 Screen Temporary Files for Sensitive Information", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-13T21:16:11.404Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22377", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "scp, sftp, ftp servers passwords in supportsave", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31426", datePublished: "2023-08-01T21:18:55.037Z", dateReserved: "2023-04-28T00:14:58.124Z", dateUpdated: "2024-08-02T14:53:31.068Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14145
Vulnerability from cvelistv5
Published
2020-06-29 17:33
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1 | x_refsource_MISC | |
| https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200709-0004/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/12/02/1 | mailing-list, x_refsource_MLIST | |
| https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d | x_refsource_MISC | |
| https://docs.ssh-mitm.at/CVE-2020-14145.html | x_refsource_MISC | |
| https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-35 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:39:36.101Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { name: "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { name: "GLSA-202105-35", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-35", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-26T13:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { tags: [ "x_refsource_MISC", ], url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { name: "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { tags: [ "x_refsource_MISC", ], url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { tags: [ "x_refsource_MISC", ], url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { name: "GLSA-202105-35", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-35", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14145", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", refsource: "MISC", url: "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1", }, { name: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", refsource: "MISC", url: "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/", }, { name: "https://security.netapp.com/advisory/ntap-20200709-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200709-0004/", }, { name: "[oss-security] 20201202 Some mitigation for openssh CVE-2020-14145", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/12/02/1", }, { name: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", refsource: "MISC", url: "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d", }, { name: "https://docs.ssh-mitm.at/CVE-2020-14145.html", refsource: "MISC", url: "https://docs.ssh-mitm.at/CVE-2020-14145.html", }, { name: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", refsource: "MISC", url: "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py", }, { name: "GLSA-202105-35", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-35", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14145", datePublished: "2020-06-29T17:33:36", dateReserved: "2020-06-15T00:00:00", dateUpdated: "2024-08-04T12:39:36.101Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-28615
Vulnerability from cvelistv5
Published
2022-06-08 10:00
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://httpd.apache.org/security/vulnerabilities_24.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/06/08/9 | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20220624-0005/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202208-20 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:16.195Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "[oss-security] 20220608 CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match()", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/06/08/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220624-0005/", }, { name: "FEDORA-2022-e620fb15d5", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", }, { name: "FEDORA-2022-b54a8dee29", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", }, { name: "GLSA-202208-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-20", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache HTTP Server", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.4.53", status: "affected", version: "Apache HTTP Server", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue", }, ], descriptions: [ { lang: "en", value: "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-14T01:07:39", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "[oss-security] 20220608 CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match()", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/06/08/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220624-0005/", }, { name: "FEDORA-2022-e620fb15d5", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", }, { name: "FEDORA-2022-b54a8dee29", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", }, { name: "GLSA-202208-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202208-20", }, ], source: { discovery: "UNKNOWN", }, timeline: [ { lang: "en", time: "2022-06-08T00:00:00", value: "released in 2.4.54", }, ], title: "Read beyond bounds in ap_strcmp_match()", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-28615", STATE: "PUBLIC", TITLE: "Read beyond bounds in ap_strcmp_match()", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache HTTP Server", version: { version_data: [ { version_affected: "<=", version_name: "Apache HTTP Server", version_value: "2.4.53", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache HTTP Server project would like to thank Ronald Crane (Zippenhop LLC) for reporting this issue", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "low", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-190 Integer Overflow or Wraparound", }, ], }, ], }, references: { reference_data: [ { name: "https://httpd.apache.org/security/vulnerabilities_24.html", refsource: "MISC", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, { name: "[oss-security] 20220608 CVE-2022-28615: Apache HTTP Server: Read beyond bounds in ap_strcmp_match()", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/06/08/9", }, { name: "https://security.netapp.com/advisory/ntap-20220624-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220624-0005/", }, { name: "FEDORA-2022-e620fb15d5", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", }, { name: "FEDORA-2022-b54a8dee29", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", }, { name: "GLSA-202208-20", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202208-20", }, ], }, source: { discovery: "UNKNOWN", }, timeline: [ { lang: "en", time: "2022-06-08T00:00:00", value: "released in 2.4.54", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-28615", datePublished: "2022-06-08T10:00:51", dateReserved: "2022-04-04T00:00:00", dateUpdated: "2024-08-03T05:56:16.195Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-3602
Vulnerability from cvelistv5
Published
2022-11-01 00:00
Modified
2024-08-03 01:14
Severity ?
EPSS score ?
Summary
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:14:02.712Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openssl.org/news/secadv/20221101.txt", }, { tags: [ "x_transferred", ], url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3", }, { name: "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/15", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/16", }, { name: "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/21", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/19", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/18", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/20", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/24", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/17", }, { name: "GLSA-202211-01", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202211-01", }, { tags: [ "x_transferred", ], url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023", }, { name: "VU#794340", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/794340", }, { name: "FEDORA-2022-0f1d2e0537", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/", }, { name: "FEDORA-2022-502f096dce", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/2", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/6", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/5", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/1", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/3", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/7", }, { name: "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/10", }, { name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/9", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html", }, { name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/12", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/11", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/15", }, { name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/14", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/13", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221102-0001/", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/1", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/2", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/3", }, { name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/5", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/7", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/6", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/9", }, { name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/10", }, { name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/11", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "OpenSSL", vendor: "OpenSSL", versions: [ { status: "affected", version: "Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6)", }, ], }, ], credits: [ { lang: "en", value: "Polar Bear", }, ], datePublic: "2022-11-01T00:00:00", descriptions: [ { lang: "en", value: "A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).", }, ], metrics: [ { other: { content: { lang: "eng", url: "https://www.openssl.org/policies/secpolicy.html#HIGH", value: "HIGH", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-03T00:00:00", orgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", shortName: "openssl", }, references: [ { url: "https://www.openssl.org/news/secadv/20221101.txt", }, { url: "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fe3b639dc19b325846f4f6801f2f4604f56e3de3", }, { name: "[oss-security] 20221101 OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/15", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/16", }, { name: "20221028 Vulnerabilities in OpenSSL Affecting Cisco Products: November 2022", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-W9sdCc2a", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/21", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/19", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/18", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/20", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/24", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/01/17", }, { name: "GLSA-202211-01", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202211-01", }, { url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0023", }, { name: "VU#794340", tags: [ "third-party-advisory", ], url: "https://www.kb.cert.org/vuls/id/794340", }, { name: "FEDORA-2022-0f1d2e0537", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWP23EZYOBDJQP7HP4YU7W2ABU2YDITS/", }, { name: "FEDORA-2022-502f096dce", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63YRPWPUSX3MBHNPIEJZDKQT6YA7UF6S/", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/2", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/6", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/5", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/1", }, { name: "[oss-security] 20221101 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/3", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/7", }, { name: "[oss-security] 20221102 Re: Fwd: Node.js security updates for all active release lines, November 2022", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/10", }, { name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/9", }, { url: "http://packetstormsecurity.com/files/169687/OpenSSL-Security-Advisory-20221101.html", }, { name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/12", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/11", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/15", }, { name: "[oss-security] 20221102 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/14", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/02/13", }, { url: "https://security.netapp.com/advisory/ntap-20221102-0001/", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/1", }, { name: "[oss-security] 20221102 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/2", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/3", }, { name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/5", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/7", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/6", }, { name: "[oss-security] 20221103 Re: Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/9", }, { name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/10", }, { name: "[oss-security] 20221103 Re: OpenSSL X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602), X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/03/11", }, ], title: "X.509 Email Address 4-byte Buffer Overflow", }, }, cveMetadata: { assignerOrgId: "3a12439a-ef3a-4c79-92e6-6081a721f1e5", assignerShortName: "openssl", cveId: "CVE-2022-3602", datePublished: "2022-11-01T00:00:00", dateReserved: "2022-10-19T00:00:00", dateUpdated: "2024-08-03T01:14:02.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29154
Vulnerability from cvelistv5
Published
2022-08-02 14:22
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/WayneD/rsync/tags | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/08/02/1 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ | vendor-advisory, x_refsource_FEDORA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/WayneD/rsync/tags", }, { name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { name: "FEDORA-2022-25e4dbedf9", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { name: "FEDORA-2022-15da0cf165", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-31T11:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/WayneD/rsync/tags", }, { name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { name: "FEDORA-2022-25e4dbedf9", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { name: "FEDORA-2022-15da0cf165", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-29154", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/WayneD/rsync/tags", refsource: "MISC", url: "https://github.com/WayneD/rsync/tags", }, { name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/08/02/1", }, { name: "FEDORA-2022-25e4dbedf9", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", }, { name: "FEDORA-2022-15da0cf165", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29154", datePublished: "2022-08-02T14:22:52", dateReserved: "2022-04-13T00:00:00", dateUpdated: "2024-08-03T06:10:59.386Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-25032
Vulnerability from cvelistv5
Published
2022-03-25 00:00
Modified
2024-08-05 12:26
Severity ?
EPSS score ?
Summary
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:26:39.599Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/03/24/1", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", }, { name: "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/03/25/2", }, { name: "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/03/26/1", }, { name: "DSA-5111", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5111", }, { name: "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", }, { name: "FEDORA-2022-413a80a102", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", }, { name: "FEDORA-2022-dbd2935e44", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", }, { name: "FEDORA-2022-12b89e2aad", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", }, { name: "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { name: "FEDORA-2022-61cf1c64f6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/3", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/03/28/1", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", }, { tags: [ "x_transferred", ], url: "https://github.com/madler/zlib/issues/605", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213257", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213256", }, { tags: [ "x_transferred", ], url: "https://support.apple.com/kb/HT213255", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220526-0009/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { name: "FEDORA-2022-3a92250fd5", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", }, { name: "FEDORA-2022-b58a85e167", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", }, { name: "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", }, { name: "GLSA-202210-42", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-42", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-13T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.openwall.com/lists/oss-security/2022/03/24/1", }, { url: "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", }, { name: "[oss-security] 20220325 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/03/25/2", }, { name: "[oss-security] 20220326 Re: zlib memory corruption on deflate (i.e. compress)", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/03/26/1", }, { name: "DSA-5111", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5111", }, { name: "[debian-lts-announce] 20220402 [SECURITY] [DLA 2968-1] zlib security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", }, { name: "FEDORA-2022-413a80a102", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", }, { name: "FEDORA-2022-dbd2935e44", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", }, { name: "FEDORA-2022-12b89e2aad", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", }, { name: "[debian-lts-announce] 20220507 [SECURITY] [DLA 2993-1] libz-mingw-w64 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", }, { name: "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/33", }, { name: "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/35", }, { name: "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2022/May/38", }, { name: "FEDORA-2022-61cf1c64f6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://www.openwall.com/lists/oss-security/2022/03/28/3", }, { url: "https://www.openwall.com/lists/oss-security/2022/03/28/1", }, { url: "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", }, { url: "https://github.com/madler/zlib/issues/605", }, { url: "https://support.apple.com/kb/HT213257", }, { url: "https://support.apple.com/kb/HT213256", }, { url: "https://support.apple.com/kb/HT213255", }, { url: "https://security.netapp.com/advisory/ntap-20220526-0009/", }, { url: "https://security.netapp.com/advisory/ntap-20220729-0004/", }, { name: "FEDORA-2022-3a92250fd5", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", }, { name: "FEDORA-2022-b58a85e167", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", }, { name: "[debian-lts-announce] 20220916 [SECURITY] [DLA 3114-1] mariadb-10.3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", }, { name: "GLSA-202210-42", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-42", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-25032", datePublished: "2022-03-25T00:00:00", dateReserved: "2022-03-25T00:00:00", dateUpdated: "2024-08-05T12:26:39.599Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31430
Vulnerability from cvelistv5
Published
2023-08-01 23:31
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Brocade | Brocade Fabric OS |
Version: before Brocade Fabric OS v9.1.1c and v9.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:31.056Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22381", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Brocade Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c and v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.<br>", }, ], value: "A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.", }, ], impacts: [ { capecId: "CAPEC-25", descriptions: [ { lang: "en", value: "CAPEC-25 Forced Deadlock", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:16.954Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22381", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "buffer overflow vulnerability in “secpolicydelete” command", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31430", datePublished: "2023-08-01T23:31:00.376Z", dateReserved: "2023-04-28T00:14:58.125Z", dateUpdated: "2025-02-13T16:50:11.199Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2524
Vulnerability from cvelistv5
Published
2014-08-20 14:00
Modified
2024-08-06 10:14
Severity ?
EPSS score ?
Summary
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2014:154 | vendor-advisory, x_refsource_MANDRIVA | |
| http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1077023 | x_refsource_MISC | |
| https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html | vendor-advisory, x_refsource_FEDORA | |
| http://seclists.org/oss-sec/2014/q1/587 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:132 | vendor-advisory, x_refsource_MANDRIVA | |
| http://advisories.mageia.org/MGASA-2014-0319.html | x_refsource_CONFIRM | |
| http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2014/q1/579 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:14:26.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "MDVSA-2014:154", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:154", }, { name: "openSUSE-SU-2014:1226", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", }, { name: "FEDORA-2014-7523", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html", }, { name: "[oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q1/587", }, { name: "MDVSA-2015:132", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:132", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2014-0319.html", }, { name: "[Bug-readline] 20140331 Readline-6.3 Official Patch 3", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html", }, { name: "[oss-security] 20140314 Insecure usage of temporary files in GNU Readline", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q1/579", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-14T00:00:00", descriptions: [ { lang: "en", value: "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-04-13T14:57:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "MDVSA-2014:154", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:154", }, { name: "openSUSE-SU-2014:1226", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", }, { name: "FEDORA-2014-7523", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html", }, { name: "[oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q1/587", }, { name: "MDVSA-2015:132", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:132", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2014-0319.html", }, { name: "[Bug-readline] 20140331 Readline-6.3 Official Patch 3", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html", }, { name: "[oss-security] 20140314 Insecure usage of temporary files in GNU Readline", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q1/579", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2524", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "MDVSA-2014:154", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2014:154", }, { name: "openSUSE-SU-2014:1226", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1077023", }, { name: "FEDORA-2014-7523", refsource: "FEDORA", url: "https://lists.fedoraproject.org/pipermail/package-announce/2014-July/135686.html", }, { name: "[oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q1/587", }, { name: "MDVSA-2015:132", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:132", }, { name: "http://advisories.mageia.org/MGASA-2014-0319.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2014-0319.html", }, { name: "[Bug-readline] 20140331 Readline-6.3 Official Patch 3", refsource: "MLIST", url: "http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html", }, { name: "[oss-security] 20140314 Insecure usage of temporary files in GNU Readline", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q1/579", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2524", datePublished: "2014-08-20T14:00:00", dateReserved: "2014-03-17T00:00:00", dateUpdated: "2024-08-06T10:14:26.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31432
Vulnerability from cvelistv5
Published
2023-08-01 23:58
Modified
2025-02-13 16:50
Severity ?
EPSS score ?
Summary
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:53:30.665Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22385", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-31432", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T18:31:52.659185Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T18:32:12.504Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Fabric OS", vendor: "Brocade", versions: [ { status: "affected", version: "before Brocade Fabric OS v9.1.1c and v9.2.0", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.<br>", }, ], value: "Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T16:06:23.274Z", orgId: "87b297d7-335e-4844-9551-11b97995a791", shortName: "brocade", }, references: [ { url: "https://support.broadcom.com/external/content/SecurityAdvisories/0/22385", }, { url: "https://security.netapp.com/advisory/ntap-20230908-0007/", }, ], source: { discovery: "UNKNOWN", }, title: "Privilege issues in multiple commands", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "87b297d7-335e-4844-9551-11b97995a791", assignerShortName: "brocade", cveId: "CVE-2023-31432", datePublished: "2023-08-01T23:58:59.015Z", dateReserved: "2023-04-28T00:14:58.125Z", dateUpdated: "2025-02-13T16:50:12.408Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15861
Vulnerability from cvelistv5
Published
2020-08-19 18:28
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599 | x_refsource_CONFIRM | |
| https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 | x_refsource_CONFIRM | |
| https://github.com/net-snmp/net-snmp/issues/145 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202008-12 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4471-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20200904-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/net-snmp/net-snmp/issues/145", }, { name: "GLSA-202008-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202008-12", }, { name: "USN-4471-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4471-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20200904-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-07-31T00:00:00", descriptions: [ { lang: "en", value: "Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-04T10:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/net-snmp/net-snmp/issues/145", }, { name: "GLSA-202008-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202008-12", }, { name: "USN-4471-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4471-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20200904-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15861", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599", refsource: "CONFIRM", url: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966599", }, { name: "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602", refsource: "CONFIRM", url: "https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602", }, { name: "https://github.com/net-snmp/net-snmp/issues/145", refsource: "CONFIRM", url: "https://github.com/net-snmp/net-snmp/issues/145", }, { name: "GLSA-202008-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202008-12", }, { name: "USN-4471-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4471-1/", }, { name: "https://security.netapp.com/advisory/ntap-20200904-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20200904-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15861", datePublished: "2020-08-19T18:28:30", dateReserved: "2020-07-20T00:00:00", dateUpdated: "2024-08-04T13:30:22.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.