- bucket: vulnerability pairs: - key: CVE-2022-38177 value: Title: "bind: memory leak in ECDSA DNSSEC verification code" Description: "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources." Severity: HIGH CVSS: nvd: V3Score: 7.5 V3Vector: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" redhat: V3Score: 7.5 V3Vector: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" LastModifiedDate: "2022-09-21T11:15:00Z" PublishedDate: "2022-09-21T11:15:00Z" References: - "http://www.openwall.com/lists/oss-security/2022/09/21/3" - "https://access.redhat.com/errata/RHSA-2022:6763" - "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38177.json" - "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json" - "https://access.redhat.com/security/cve/CVE-2022-38177" VendorSeverity: arch-linux: 2 nvd: 2 redhat: 2 ubuntu: 2 - key: CVE-2022-3715 value: Title: a heap-buffer-overflow in valid_parameter_transform Severity: LOW Description: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. CVSS: nvd: V3Score: 7.8 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 6.6 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CweIDs: - CWE-787 LastModifiedDate: 2023-02-24T18:38:00Z PublishedDate: 2023-01-05T15:15:00Z References: - https://access.redhat.com/errata/RHSA-2023:0340 - https://access.redhat.com/security/cve/CVE-2022-3715 - https://bugzilla.redhat.com/2126720 - https://bugzilla.redhat.com/show_bug.cgi?id=2126720 VendorSeverity: cbl-mariner: 3.0 nvd: 3.0 photon: 3.0 redhat: 1.0 ubuntu: 2.0 - key: CVE-2016-9401 value: CVSS: nvd: V2Score: 2.1 V2Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P V3Score: 5.5 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H redhat: V2Score: 1.9 V2Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P V3Score: 3.3 V3Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CweIDs: - CWE-416 Description: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. LastModifiedDate: 2020-09-14T18:32:00Z PublishedDate: 2017-01-23T21:59:00Z References: - http://rhn.redhat.com/errata/RHSA-2017-0725.html - http://www.openwall.com/lists/oss-security/2016/11/17/5 - http://www.openwall.com/lists/oss-security/2016/11/17/9 - http://www.securityfocus.com/bid/94398 - https://access.redhat.com/errata/RHSA-2017:1931 - https://access.redhat.com/security/cve/CVE-2016-9401 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401 - https://linux.oracle.com/cve/CVE-2016-9401.html - https://linux.oracle.com/errata/ELSA-2017-1931.html - https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html - https://security.gentoo.org/glsa/201701-02 - https://ubuntu.com/security/notices/USN-3294-1 Severity: MEDIUM Title: "bash: popd controlled free" VendorSeverity: amazon: 2.0 nvd: 2.0 oracle-oval: 2.0 photon: 2.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2018-0734 value: CVSS: nvd: V2Score: 4.3 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N V3Score: 5.9 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N redhat: V3Score: 5.1 V3Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CweIDs: - CWE-327 Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). LastModifiedDate: 2020-08-24T17:37:00Z PublishedDate: 2018-10-30T12:29:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html - http://www.securityfocus.com/bid/105758 - https://access.redhat.com/errata/RHSA-2019:2304 - https://access.redhat.com/errata/RHSA-2019:3700 - https://access.redhat.com/errata/RHSA-2019:3932 - https://access.redhat.com/errata/RHSA-2019:3933 - https://access.redhat.com/errata/RHSA-2019:3935 - https://access.redhat.com/security/cve/CVE-2018-0734 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7 - https://linux.oracle.com/cve/CVE-2018-0734.html - https://linux.oracle.com/errata/ELSA-2019-3700.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ - https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ - https://nvd.nist.gov/vuln/detail/CVE-2018-0734 - https://security.netapp.com/advisory/ntap-20181105-0002/ - https://security.netapp.com/advisory/ntap-20190118-0002/ - https://security.netapp.com/advisory/ntap-20190423-0002/ - https://ubuntu.com/security/notices/USN-3840-1 - https://usn.ubuntu.com/3840-1/ - https://www.debian.org/security/2018/dsa-4348 - https://www.debian.org/security/2018/dsa-4355 - https://www.openssl.org/news/secadv/20181030.txt - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - https://www.tenable.com/security/tns-2018-16 - https://www.tenable.com/security/tns-2018-17 Severity: MEDIUM Title: "openssl: timing side channel attack in the DSA signature algorithm" VendorSeverity: amazon: 2.0 arch-linux: 1.0 cbl-mariner: 2.0 nvd: 2.0 oracle-oval: 1.0 photon: 2.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2019-10744 value: CVSS: nvd: V2Score: 6.4 V2Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P V3Score: 9.1 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H redhat: V3Score: 9.1 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Description: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. LastModifiedDate: 2021-03-16T13:57:00Z PublishedDate: 2019-07-26T00:15:00Z References: - https://access.redhat.com/errata/RHSA-2019:3024 - https://access.redhat.com/security/cve/CVE-2019-10744 - https://github.com/advisories/GHSA-jf85-cpcp-j695 - https://github.com/lodash/lodash/pull/4336 - https://nvd.nist.gov/vuln/detail/CVE-2019-10744 - https://security.netapp.com/advisory/ntap-20191004-0005/ - https://snyk.io/vuln/SNYK-JS-LODASH-450202 - https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS - https://www.npmjs.com/advisories/1065 - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/security-alerts/cpuoct2020.html Severity: CRITICAL Title: "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties" VendorSeverity: ghsa: 4.0 nvd: 4.0 redhat: 3.0 - key: CVE-2019-11358 value: CVSS: nvd: V2Score: 4.3 V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N V3Score: 6.1 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N redhat: V3Score: 5.6 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CweIDs: - CWE-79 Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. LastModifiedDate: 2021-10-20T11:15:00Z PublishedDate: 2019-04-20T00:29:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html - http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html - http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html - http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html - http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html - http://seclists.org/fulldisclosure/2019/May/10 - http://seclists.org/fulldisclosure/2019/May/11 - http://seclists.org/fulldisclosure/2019/May/13 - http://www.openwall.com/lists/oss-security/2019/06/03/2 - http://www.securityfocus.com/bid/108023 - https://access.redhat.com/errata/RHBA-2019:1570 - https://access.redhat.com/errata/RHSA-2019:1456 - https://access.redhat.com/errata/RHSA-2019:2587 - https://access.redhat.com/errata/RHSA-2019:3023 - https://access.redhat.com/errata/RHSA-2019:3024 - https://access.redhat.com/security/cve/CVE-2019-11358 - https://backdropcms.org/security/backdrop-sa-core-2019-009 - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 - https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 - https://github.com/advisories/GHSA-6c3j-c64m-qhgq - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b - https://github.com/jquery/jquery/pull/4333 - "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" - https://hackerone.com/reports/454365 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 - https://linux.oracle.com/cve/CVE-2019-11358.html - https://linux.oracle.com/errata/ELSA-2020-4847.html - https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E - https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E - https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E - https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E - https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E - https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E - https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E - https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E - https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E - https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E - https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E - https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E - https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E - https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E - https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E - https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E - https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E - https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E - https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E - https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html - https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html - https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/ - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 - https://seclists.org/bugtraq/2019/Apr/32 - https://seclists.org/bugtraq/2019/Jun/12 - https://seclists.org/bugtraq/2019/May/18 - https://security.netapp.com/advisory/ntap-20190919-0001/ - https://snyk.io/vuln/SNYK-JS-JQUERY-174006 - https://www.debian.org/security/2019/dsa-4434 - https://www.debian.org/security/2019/dsa-4460 - https://www.drupal.org/sa-core-2019-006 - https://www.oracle.com//security-alerts/cpujul2021.html - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.oracle.com/security-alerts/cpuoct2020.html - https://www.oracle.com/security-alerts/cpuoct2021.html - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ - https://www.synology.com/security/advisory/Synology_SA_19_19 - https://www.tenable.com/security/tns-2019-08 - https://www.tenable.com/security/tns-2020-02 Severity: MEDIUM Title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection" VendorSeverity: alma: 2.0 amazon: 2.0 arch-linux: 2.0 ghsa: 2.0 nodejs-security-wg: 2.0 nvd: 2.0 oracle-oval: 2.0 redhat: 2.0 ruby-advisory-db: 2.0 ubuntu: 1.0 - key: CVE-2019-14697 value: CVSS: nvd: V2Score: 7.5 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P V3Score: 9.8 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-787 Description: musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. LastModifiedDate: 2020-03-14T19:15:00Z PublishedDate: 2019-08-06T16:15:00Z References: - http://www.openwall.com/lists/oss-security/2019/08/06/4 - https://security.gentoo.org/glsa/202003-13 - https://www.openwall.com/lists/musl/2019/08/06/1 Severity: CRITICAL VendorSeverity: nvd: 4.0 - key: CVE-2019-14806 value: CVSS: nvd: V2Score: 5.0 V2Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N V3Score: 7.5 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N redhat: V3Score: 7.5 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CweIDs: - CWE-331 Description: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. LastModifiedDate: 2019-09-11T00:15:00Z PublishedDate: 2019-08-09T15:15:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html - https://access.redhat.com/security/cve/CVE-2019-14806 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806 - https://github.com/advisories/GHSA-gq9m-qvpx-68hc - "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168" - https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246 - https://nvd.nist.gov/vuln/detail/CVE-2019-14806 - https://palletsprojects.com/blog/werkzeug-0-15-3-released/ - https://ubuntu.com/security/notices/USN-4655-1 Severity: HIGH Title: "python-werkzeug: insufficient debugger PIN randomness vulnerability" VendorSeverity: ghsa: 3.0 nvd: 3.0 redhat: 2.0 ubuntu: 1.0 - key: CVE-2019-1549 value: CVSS: nvd: V2Score: 5.0 V2Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N V3Score: 5.3 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N redhat: V3Score: 4.8 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CweIDs: - CWE-330 Description: OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). LastModifiedDate: 2020-10-20T22:15:00Z PublishedDate: 2019-09-10T17:15:00Z References: - https://access.redhat.com/security/cve/CVE-2019-1549 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be - https://linux.oracle.com/cve/CVE-2019-1549.html - https://linux.oracle.com/errata/ELSA-2020-1840.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ - https://seclists.org/bugtraq/2019/Oct/1 - https://security.netapp.com/advisory/ntap-20190919-0002/ - https://support.f5.com/csp/article/K44070243 - https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS - https://ubuntu.com/security/notices/USN-4376-1 - https://usn.ubuntu.com/4376-1/ - https://www.debian.org/security/2019/dsa-4539 - https://www.openssl.org/news/secadv/20190910.txt - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.oracle.com/security-alerts/cpuoct2020.html - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Severity: MEDIUM Title: "openssl: information disclosure in fork()" VendorSeverity: amazon: 2.0 nvd: 2.0 oracle-oval: 2.0 photon: 2.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2019-1551 value: CVSS: nvd: V2Score: 5.0 V2Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N V3Score: 5.3 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N redhat: V3Score: 4.8 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CweIDs: - CWE-200 Description: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). LastModifiedDate: 2021-07-21T11:39:00Z PublishedDate: 2019-12-06T18:15:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html - http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html - https://access.redhat.com/security/cve/CVE-2019-1551 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98 - https://github.com/openssl/openssl/pull/10575 - https://linux.oracle.com/cve/CVE-2019-1551.html - https://linux.oracle.com/errata/ELSA-2020-4514.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ - https://seclists.org/bugtraq/2019/Dec/39 - https://seclists.org/bugtraq/2019/Dec/46 - https://security.gentoo.org/glsa/202004-10 - https://security.netapp.com/advisory/ntap-20191210-0001/ - https://ubuntu.com/security/notices/USN-4376-1 - https://ubuntu.com/security/notices/USN-4504-1 - https://usn.ubuntu.com/4376-1/ - https://usn.ubuntu.com/4504-1/ - https://www.debian.org/security/2019/dsa-4594 - https://www.debian.org/security/2021/dsa-4855 - https://www.openssl.org/news/secadv/20191206.txt - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.tenable.com/security/tns-2019-09 - https://www.tenable.com/security/tns-2020-03 - https://www.tenable.com/security/tns-2020-11 - https://www.tenable.com/security/tns-2021-10 Severity: MEDIUM Title: "openssl: Integer overflow in RSAZ modular exponentiation on x86_64" VendorSeverity: amazon: 1.0 nvd: 2.0 oracle-oval: 1.0 photon: 2.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2019-15542 value: CVSS: nvd: V2Score: 5.0 V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P V3Score: 7.5 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CweIDs: - CWE-674 Description: An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. LastModifiedDate: 2020-08-24T17:37:00Z PublishedDate: 2019-08-26T18:15:00Z References: - https://crates.io/crates/ammonia - "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210" - https://rustsec.org/advisories/RUSTSEC-2019-0001.html Severity: HIGH Title: Uncontrolled recursion leads to abort in HTML serialization VendorSeverity: nvd: 3.0 - key: CVE-2019-1559 value: CVSS: nvd: V2Score: 4.3 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N V3Score: 5.9 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N redhat: V3Score: 5.9 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CweIDs: - CWE-203 Description: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). LastModifiedDate: 2021-01-20T15:15:00Z PublishedDate: 2019-02-27T23:29:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html - http://www.securityfocus.com/bid/107174 - https://access.redhat.com/errata/RHSA-2019:2304 - https://access.redhat.com/errata/RHSA-2019:2437 - https://access.redhat.com/errata/RHSA-2019:2439 - https://access.redhat.com/errata/RHSA-2019:2471 - https://access.redhat.com/errata/RHSA-2019:3929 - https://access.redhat.com/errata/RHSA-2019:3931 - https://access.redhat.com/security/cve/CVE-2019-1559 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e - https://github.com/RUB-NDS/TLS-Padding-Oracles - https://kc.mcafee.com/corporate/index?page=content&id=SB10282 - https://linux.oracle.com/cve/CVE-2019-1559.html - https://linux.oracle.com/errata/ELSA-2019-2471.html - https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ - https://security.gentoo.org/glsa/201903-10 - https://security.netapp.com/advisory/ntap-20190301-0001/ - https://security.netapp.com/advisory/ntap-20190301-0002/ - https://security.netapp.com/advisory/ntap-20190423-0002/ - https://support.f5.com/csp/article/K18549143 - https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS - https://ubuntu.com/security/notices/USN-3899-1 - https://ubuntu.com/security/notices/USN-4376-2 - https://usn.ubuntu.com/3899-1/ - https://usn.ubuntu.com/4376-2/ - https://www.debian.org/security/2019/dsa-4400 - https://www.openssl.org/news/secadv/20190226.txt - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - https://www.tenable.com/security/tns-2019-02 - https://www.tenable.com/security/tns-2019-03 Severity: MEDIUM Title: "openssl: 0-byte record padding oracle" VendorSeverity: amazon: 2.0 arch-linux: 2.0 nvd: 2.0 oracle-oval: 2.0 redhat: 2.0 ubuntu: 2.0 - key: CVE-2019-1563 value: CVSS: nvd: V2Score: 4.3 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N V3Score: 3.7 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N redhat: V3Score: 3.7 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CweIDs: - CWE-327 - CWE-203 Description: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). LastModifiedDate: 2021-07-31T08:15:00Z PublishedDate: 2019-09-10T17:15:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html - http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html - https://access.redhat.com/security/cve/CVE-2019-1563 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f - https://kc.mcafee.com/corporate/index?page=content&id=SB10365 - https://linux.oracle.com/cve/CVE-2019-1563.html - https://linux.oracle.com/errata/ELSA-2020-1840.html - https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ - https://seclists.org/bugtraq/2019/Oct/0 - https://seclists.org/bugtraq/2019/Oct/1 - https://seclists.org/bugtraq/2019/Sep/25 - https://security.gentoo.org/glsa/201911-04 - https://security.netapp.com/advisory/ntap-20190919-0002/ - https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS - https://ubuntu.com/security/notices/USN-4376-1 - https://ubuntu.com/security/notices/USN-4376-2 - https://ubuntu.com/security/notices/USN-4504-1 - https://usn.ubuntu.com/4376-1/ - https://usn.ubuntu.com/4376-2/ - https://usn.ubuntu.com/4504-1/ - https://www.debian.org/security/2019/dsa-4539 - https://www.debian.org/security/2019/dsa-4540 - https://www.openssl.org/news/secadv/20190910.txt - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.oracle.com/security-alerts/cpuoct2020.html - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html - https://www.tenable.com/security/tns-2019-09 Severity: LOW Title: "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey" VendorSeverity: amazon: 2.0 nvd: 1.0 oracle-oval: 2.0 photon: 1.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2019-18224 value: CVSS: nvd: V2Score: 7.5 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P V3Score: 9.8 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 5.6 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CweIDs: - CWE-787 Description: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. LastModifiedDate: 2019-10-29T19:15:00Z PublishedDate: 2019-10-21T17:15:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html - http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html - https://access.redhat.com/security/cve/CVE-2019-18224 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224 - https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c - https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/ - https://seclists.org/bugtraq/2020/Feb/4 - https://security.gentoo.org/glsa/202003-63 - https://ubuntu.com/security/notices/USN-4168-1 - https://usn.ubuntu.com/4168-1/ - https://www.debian.org/security/2020/dsa-4613 Severity: CRITICAL Title: "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c" VendorSeverity: amazon: 2.0 nvd: 4.0 redhat: 2.0 ubuntu: 2.0 - key: CVE-2019-18276 value: CVSS: nvd: V2Score: 7.2 V2Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C V3Score: 7.8 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 7.8 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-273 Description: An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. LastModifiedDate: 2021-05-26T12:15:00Z PublishedDate: 2019-11-28T01:15:00Z References: - http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html - https://access.redhat.com/security/cve/CVE-2019-18276 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276 - https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff - https://linux.oracle.com/cve/CVE-2019-18276.html - https://linux.oracle.com/errata/ELSA-2021-1679.html - https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2019-18276 - https://security.gentoo.org/glsa/202105-34 - https://security.netapp.com/advisory/ntap-20200430-0003/ - https://www.youtube.com/watch?v=-wGtxJ8opa8 Severity: HIGH Title: "bash: when effective UID is not equal to its real UID the saved UID is not dropped" VendorSeverity: cbl-mariner: 3.0 nvd: 3.0 oracle-oval: 1.0 photon: 3.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2019-3823 value: CVSS: nvd: V2Score: 5.0 V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P V3Score: 7.5 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H redhat: V3Score: 4.3 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CweIDs: - CWE-125 Description: libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. LastModifiedDate: 2021-03-09T15:15:00Z PublishedDate: 2019-02-06T20:29:00Z References: - http://www.securityfocus.com/bid/106950 - https://access.redhat.com/errata/RHSA-2019:3701 - https://access.redhat.com/security/cve/CVE-2019-3823 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823 - https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf - https://curl.haxx.se/docs/CVE-2019-3823.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 - https://linux.oracle.com/cve/CVE-2019-3823.html - https://linux.oracle.com/errata/ELSA-2019-3701.html - https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E - https://security.gentoo.org/glsa/201903-03 - https://security.netapp.com/advisory/ntap-20190315-0001/ - https://ubuntu.com/security/notices/USN-3882-1 - https://usn.ubuntu.com/3882-1/ - https://www.debian.org/security/2019/dsa-4386 - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html Severity: HIGH Title: "curl: SMTP end-of-response out-of-bounds read" VendorSeverity: amazon: 2.0 arch-linux: 3.0 nvd: 3.0 oracle-oval: 2.0 photon: 3.0 redhat: 1.0 ubuntu: 1.0 - key: CVE-2019-5094 value: CVSS: nvd: V2Score: 4.6 V2Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P V3Score: 6.7 V3Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 6.4 V3Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-787 Description: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. LastModifiedDate: 2021-01-11T19:21:00Z PublishedDate: 2019-09-24T22:15:00Z References: - https://access.redhat.com/security/cve/CVE-2019-5094 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094 - https://linux.oracle.com/cve/CVE-2019-5094.html - https://linux.oracle.com/errata/ELSA-2020-4011.html - https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/ - https://nvd.nist.gov/vuln/detail/CVE-2019-5094 - https://seclists.org/bugtraq/2019/Sep/58 - https://security.gentoo.org/glsa/202003-05 - https://security.netapp.com/advisory/ntap-20200115-0002/ - https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 - https://ubuntu.com/security/notices/USN-4142-1 - https://ubuntu.com/security/notices/USN-4142-2 - https://usn.ubuntu.com/4142-1/ - https://usn.ubuntu.com/4142-2/ - https://www.debian.org/security/2019/dsa-4535 Severity: MEDIUM Title: "e2fsprogs: Crafted ext4 partition leads to out-of-bounds write" VendorSeverity: amazon: 2.0 cbl-mariner: 2.0 nvd: 2.0 oracle-oval: 2.0 photon: 2.0 redhat: 2.0 ubuntu: 2.0 - key: CVE-2019-5436 value: CVSS: nvd: V2Score: 4.6 V2Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P V3Score: 7.8 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 7.0 V3Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-787 Description: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. LastModifiedDate: 2020-10-20T22:15:00Z PublishedDate: 2019-05-28T19:29:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html - http://www.openwall.com/lists/oss-security/2019/09/11/6 - https://access.redhat.com/security/cve/CVE-2019-5436 - https://curl.haxx.se/docs/CVE-2019-5436.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 - https://linux.oracle.com/cve/CVE-2019-5436.html - https://linux.oracle.com/errata/ELSA-2020-1792.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/ - https://seclists.org/bugtraq/2020/Feb/36 - https://security.gentoo.org/glsa/202003-29 - https://security.netapp.com/advisory/ntap-20190606-0004/ - https://support.f5.com/csp/article/K55133295 - https://support.f5.com/csp/article/K55133295?utm_source=f5support&utm_medium=RSS - https://ubuntu.com/security/notices/USN-3993-1 - https://ubuntu.com/security/notices/USN-3993-2 - https://www.debian.org/security/2020/dsa-4633 - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpuoct2020.html - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Severity: HIGH Title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function" VendorSeverity: amazon: 1.0 arch-linux: 3.0 nvd: 3.0 oracle-oval: 2.0 photon: 3.0 redhat: 1.0 ubuntu: 2.0 - key: CVE-2019-5481 value: CVSS: nvd: V2Score: 7.5 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P V3Score: 9.8 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 5.7 V3Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CweIDs: - CWE-415 Description: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. LastModifiedDate: 2020-10-20T22:15:00Z PublishedDate: 2019-09-16T19:15:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html - https://access.redhat.com/security/cve/CVE-2019-5481 - https://curl.haxx.se/docs/CVE-2019-5481.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481 - https://linux.oracle.com/cve/CVE-2019-5481.html - https://linux.oracle.com/errata/ELSA-2020-1792.html - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/ - https://seclists.org/bugtraq/2020/Feb/36 - https://security.gentoo.org/glsa/202003-29 - https://security.netapp.com/advisory/ntap-20191004-0003/ - https://ubuntu.com/security/notices/USN-4129-1 - https://www.debian.org/security/2020/dsa-4633 - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/security-alerts/cpuoct2020.html Severity: CRITICAL Title: "curl: double free due to subsequent call of realloc()" VendorSeverity: amazon: 2.0 arch-linux: 2.0 nvd: 4.0 oracle-oval: 2.0 photon: 4.0 redhat: 2.0 ubuntu: 2.0 - key: CVE-2020-28724 value: CVSS: nvd: V2Score: 5.8 V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N V3Score: 6.1 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N redhat: V3Score: 5.4 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CweIDs: - CWE-601 Description: Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. LastModifiedDate: 2020-12-01T16:05:00Z PublishedDate: 2020-11-18T15:15:00Z References: - https://access.redhat.com/security/cve/CVE-2020-28724 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724 - https://github.com/advisories/GHSA-3p3h-qghp-hvh2 - https://github.com/pallets/flask/issues/1639 - https://github.com/pallets/werkzeug/issues/822 - https://github.com/pallets/werkzeug/pull/890/files - https://nvd.nist.gov/vuln/detail/CVE-2020-28724 - https://ubuntu.com/security/notices/USN-4655-1 Severity: MEDIUM Title: "python-werkzeug: open redirect via double slash in the URL" VendorSeverity: ghsa: 2.0 nvd: 2.0 redhat: 2.0 ubuntu: 2.0 - key: CVE-2020-29573 value: CVSS: nvd: V2Score: 5.0 V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P V3Score: 7.5 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H redhat: V3Score: 7.5 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CweIDs: - CWE-787 Description: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference." LastModifiedDate: 2021-01-26T18:15:00Z PublishedDate: 2020-12-06T00:15:00Z References: - https://access.redhat.com/security/cve/CVE-2020-29573 - https://linux.oracle.com/cve/CVE-2020-29573.html - https://linux.oracle.com/errata/ELSA-2021-0348.html - https://security.gentoo.org/glsa/202101-20 - https://security.netapp.com/advisory/ntap-20210122-0004/ - https://sourceware.org/bugzilla/show_bug.cgi?id=26649 - https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html Severity: HIGH Title: "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern" VendorSeverity: amazon: 2.0 arch-linux: 2.0 nvd: 3.0 oracle-oval: 2.0 photon: 3.0 redhat: 2.0 - key: CVE-2020-8165 value: CVSS: nvd: V2Score: 7.5 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P V3Score: 9.8 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 9.8 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-502 Description: A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. LastModifiedDate: 2020-10-17T12:15:00Z PublishedDate: 2020-06-19T18:15:00Z References: - http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html - http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html - https://access.redhat.com/security/cve/CVE-2020-8165 - https://github.com/advisories/GHSA-2p68-f74v-9wc6 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml - "https://groups.google.com/forum/#!msg/rubyonrails-security/bv6fW4S0Y1c/KnkEqM7AAQAJ" - "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" - https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c - https://hackerone.com/reports/413388 - https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html - https://nvd.nist.gov/vuln/detail/CVE-2020-8165 - https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/ - https://www.debian.org/security/2020/dsa-4766 Severity: CRITICAL Title: "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore" VendorSeverity: ghsa: 3.0 nvd: 4.0 redhat: 3.0 - key: CVE-2020-9548 value: CVSS: nvd: V2Score: 6.8 V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P V3Score: 9.8 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 8.1 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-502 Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). LastModifiedDate: 2021-12-02T21:23:00Z PublishedDate: 2020-03-02T04:15:00Z References: - https://access.redhat.com/security/cve/CVE-2020-9548 - https://github.com/FasterXML/jackson-databind/issues/2634 - https://github.com/advisories/GHSA-p43x-xfjf-5jhr - https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E - https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E - https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html - https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 - https://nvd.nist.gov/vuln/detail/CVE-2020-9548 - https://security.netapp.com/advisory/ntap-20200904-0006/ - https://www.oracle.com/security-alerts/cpujan2021.html - https://www.oracle.com/security-alerts/cpujul2020.html - https://www.oracle.com/security-alerts/cpuoct2020.html - https://www.oracle.com/security-alerts/cpuoct2021.html Severity: CRITICAL Title: "jackson-databind: Serialization gadgets in anteros-core" VendorSeverity: ghsa: 4.0 nvd: 4.0 redhat: 3.0 - key: CVE-2021-20190 value: CVSS: nvd: V2Score: 8.3 V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C V3Score: 8.1 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H redhat: V3Score: 8.1 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CweIDs: - CWE-502 Description: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. LastModifiedDate: 2021-07-20T23:15:00Z PublishedDate: 2021-01-19T17:15:00Z References: - https://access.redhat.com/security/cve/CVE-2021-20190 - https://bugzilla.redhat.com/show_bug.cgi?id=1916633 - https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a - https://github.com/FasterXML/jackson-databind/issues/2854 - https://github.com/advisories/GHSA-5949-rw7g-wx7w - https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E - https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html - https://nvd.nist.gov/vuln/detail/CVE-2021-20190 - https://security.netapp.com/advisory/ntap-20210219-0008/ Severity: HIGH Title: "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing" VendorSeverity: ghsa: 3.0 nvd: 3.0 redhat: 3.0 - key: CVE-2023-2431 value: Title: "Bypass of seccomp profile enforcement " Description: "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement..." Severity: LOW VendorSeverity: k8s: 1 CVSS: k8s: V3Vector: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" V3Score: 3.4 References: - https://github.com/kubernetes/kubernetes/issues/118690 - https://www.cve.org/cverecord?id=CVE-2023-2431 - key: CVE-2021-3712 value: CVSS: nvd: V2Score: 5.8 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P V3Score: 7.4 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H redhat: V3Score: 7.4 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CweIDs: - CWE-125 Description: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). LastModifiedDate: 2022-01-06T09:15:00Z PublishedDate: 2021-08-24T15:15:00Z References: - http://www.openwall.com/lists/oss-security/2021/08/26/2 - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json - https://access.redhat.com/security/cve/CVE-2021-3712 - https://crates.io/crates/openssl-src - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 - https://kc.mcafee.com/corporate/index?page=content&id=SB10366 - https://linux.oracle.com/cve/CVE-2021-3712.html - https://linux.oracle.com/errata/ELSA-2022-9023.html - https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E - https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E - https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html - https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html - https://nvd.nist.gov/vuln/detail/CVE-2021-3712 - https://rustsec.org/advisories/RUSTSEC-2021-0098.html - https://security.netapp.com/advisory/ntap-20210827-0010/ - https://ubuntu.com/security/notices/USN-5051-1 - https://ubuntu.com/security/notices/USN-5051-2 - https://ubuntu.com/security/notices/USN-5051-3 - https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm) - https://ubuntu.com/security/notices/USN-5088-1 - https://www.debian.org/security/2021/dsa-4963 - https://www.openssl.org/news/secadv/20210824.txt - https://www.oracle.com/security-alerts/cpuoct2021.html - https://www.tenable.com/security/tns-2021-16 - https://www.tenable.com/security/tns-2022-02 Severity: HIGH Title: "openssl: Read buffer overruns processing ASN.1 strings" VendorSeverity: alma: 2.0 amazon: 2.0 arch-linux: 3.0 cbl-mariner: 3.0 nvd: 3.0 oracle-oval: 2.0 photon: 3.0 redhat: 2.0 rocky: 2.0 ubuntu: 2.0 - key: CVE-2021-38193 value: CVSS: nvd: V2Score: 4.3 V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N V3Score: 6.1 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CweIDs: - CWE-79 Description: An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. LastModifiedDate: 2021-08-16T16:37:00Z PublishedDate: 2021-08-08T06:15:00Z References: - https://crates.io/crates/ammonia - https://github.com/rust-ammonia/ammonia/pull/142 - https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md - https://rustsec.org/advisories/RUSTSEC-2021-0074.html Severity: MEDIUM Title: Incorrect handling of embedded SVG and MathML leads to mutation XSS VendorSeverity: nvd: 2.0 - key: CVE-2022-0158 value: CVSS: nvd: V2Score: 4.3 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N V3Score: 3.3 V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N redhat: V3Score: 3.3 V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CweIDs: - CWE-122 Description: vim is vulnerable to Heap-based Buffer Overflow LastModifiedDate: 2022-01-15T16:15:00Z PublishedDate: 2022-01-10T16:15:00Z References: - http://www.openwall.com/lists/oss-security/2022/01/15/1 - https://access.redhat.com/security/cve/CVE-2022-0158 - https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 - https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b - https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/ - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/ - https://nvd.nist.gov/vuln/detail/CVE-2022-0158 Severity: LOW Title: "vim: heap-based read buffer overflow in compile_get_env()" VendorSeverity: cbl-mariner: 1.0 nvd: 1.0 redhat: 1.0 - key: CVE-2022-0261 value: CweIDs: - CWE-122 Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. LastModifiedDate: 2022-01-18T16:15:00Z PublishedDate: 2022-01-18T16:15:00Z References: - https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc - https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 - https://nvd.nist.gov/vuln/detail/CVE-2022-0261 Severity: HIGH Title: CVE-2022-0261 affecting package vim 8.2.4081 VendorSeverity: cbl-mariner: 3.0 - key: openSUSE-SU-2020:0062-1 value: Description: "This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). \n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101).\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project." References: - https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html - https://www.suse.com/support/security/rating/ Severity: MEDIUM Title: Security update for openssl-1_1 VendorSeverity: suse-cvrf: 2.0 - key: CVE-2022-24765 value: Title: "Git for Windows is a fork of Git containing Windows-specific patches. ..." Description: "Git for Windows is a fork of Git containing Windows-specific patches." CweIDs: - CWE-427 References: - http://www.openwall.com/lists/oss-security/2022/04/12/7 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash - https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode - https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 - https://ubuntu.com/security/notices/USN-5376-1 Severity: MEDIUM VendorSeverity: ubuntu: 2 LastModifiedDate: 2022-04-12T21:15:00Z PublishedDate: 2022-04-12T18:15:00Z - key: GMS-2022-20 value: Title: OCI Manifest Type Confusion Issue Description: "### Impact\n\nSystems that rely on digest equivalence for image attestations may be vulnerable to type confusion." Severity: UNKNOWN References: - https://github.com/advisories/GHSA-qq97-vm5h-rrhg - https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586 - https://github.com/distribution/distribution/security/advisories/GHSA-qq97-vm5h-rrhg - https://github.com/opencontainers/image-spec/pull/411 - key: CVE-2022-23628 value: Title: Incorrect Calculation Description: "OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths. **All of these** three conditions have to be met to create an adverse effect: 1. An AST of Rego had to be **created programmatically** such that it ends up containing terms without a location (such as wildcard variables). 2. The AST had to be **pretty-printed** using the `github.com/open-policy-agent/opa/format` package. 3. The result of the pretty-printing had to be **parsed and evaluated again** via an OPA instance using the bundles, or the Golang packages. If any of these three conditions are not met, you are not affected. Notably, all three would be true if using **optimized bundles**, i.e. bundles created with `opa build -O=1` or higher. In that case, the optimizer would fulfil condition (1.), the result of that would be pretty-printed when writing the bundle to disk, fulfilling (2.). When the bundle was then used, we'd satisfy (3.). As a workaround users may disable optimization when creating bundles." Severity: MEDIUM CweIDs: - CWE-682 VendorSeverity: nvd: 2 CVSS: nvd: V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N V2Score: 4.3 V3Score: 5.3 References: - https://github.com/advisories/GHSA-hcw3-j74m-qc58 - https://github.com/open-policy-agent/opa/commit/932e4ffc37a590ace79e9b75ca4340288c220239 - https://github.com/open-policy-agent/opa/commit/bfd984ddf93ef2c4963a08d4fdadae0bcf1a3717 - https://github.com/open-policy-agent/opa/pull/3851 - https://github.com/open-policy-agent/opa/security/advisories/GHSA-hcw3-j74m-qc58 - https://nvd.nist.gov/vuln/detail/CVE-2022-23628 PublishedDate: '2022-02-09T22:15:00Z' LastModifiedDate: '2022-02-17T02:37:00Z' - key: CVE-2021-38561 value: Description: "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n" Severity: UNKNOWN References: - https://go-review.googlesource.com/c/text/+/340830 - https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f - https://pkg.go.dev/vuln/GO-2021-0113 - key: GHSA-5crp-9r3c-p9vr value: Title: "Improper Handling of Exceptional Conditions in Newtonsoft.Json" Description: "Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage." Severity: HIGH VendorSeverity: ghsa: 3 CweIDs: - CWE-755 CVSS: ghsa: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" V3Score: 7.5 References: - https://alephsecurity.com/2018/10/22/StackOverflowException/ - https://alephsecurity.com/vulns/aleph-2018004 PublishedDate: "2022-06-22T15:08:47Z" LastModifiedDate: "2022-06-27T18:37:23Z" - key: CVE-2022-42975 value: Title: "Phoenix before 1.6.14 mishandles check_origin wildcarding" Description: "socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token." Severity: HIGH VendorSeverity: ghsa: 3 CVSS: ghsa: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" V3Score: 7.5 References: - https://nvd.nist.gov/vuln/detail/CVE-2022-42975 - https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae - https://hexdocs.pm/phoenix/1.6.14/changelog.html#1-6-14-2022-10-10 - https://github.com/advisories/GHSA-p8f7-22gq-m7j9 PublishedDate: "2022-10-17T12:00:27Z" LastModifiedDate: "2022-10-18T18:01:44Z" - key: CVE-2020-35669 value: Title: "http before 0.13.3 vulnerable to header injection" Description: "An issue was discovered in the http package before 0.13.3 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request via HTTP header injection. This issue has been addressed in commit abb2bb182 by validating request methods." Severity: MEDIUM VendorSeverity: ghsa: 2 CweIDs: - CWE-74 CVSS: ghsa: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" V3Score: 6.1 References: - https://nvd.nist.gov/vuln/detail/CVE-2020-35669 - https://github.com/dart-lang/http/issues/511 - https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133 - https://github.com/dart-lang/http/pull/512 - https://github.com/dart-lang/http/commit/abb2bb182fbd7f03aafd1f889b902d7b3bdb8769 - https://pub.dev/packages/http/changelog#0133 - https://github.com/advisories/GHSA-4rgh-jx4f-qfcq PublishedDate: "2022-05-24T17:37:16Z" LastModifiedDate: "2022-10-06T20:26:08Z" - key: CVE-2022-3215 value: Title: "SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" Description: "`NIOHTTP1` and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack..." Severity: MEDIUM VendorSeverity: ghsa: 2 CVSS: ghsa: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" V3Score: 5.3 References: - https://github.com/apple/swift-nio/security/advisories/GHSA-7fj7-39wj-c64f - https://nvd.nist.gov/vuln/detail/CVE-2022-3215 - https://github.com/apple/swift-nio/commit/a16e2f54a25b2af217044e5168997009a505930f - https://github.com/advisories/GHSA-7fj7-39wj-c64f PublishedDate: "2023-06-07T16:01:53Z" LastModifiedDate: "2023-06-19T16:45:07Z" - key: CVE-2022-24775 value: Title: "Improper Input Validation in guzzlehttp/psr7" Description: "### Impact\nIn proper header parsing. An attacker could sneak in a new line character and pass untrusted values. \n\n### Patches\nThe issue is patched in 1.8.4 and 2.1.1.\n\n### Workarounds\nThere are no known workarounds.\n" Severity: HIGH VendorSeverity: ghsa: 3 CweIDs: - CWE-20 CVSS: ghsa: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" V3Score: 7.5 References: - https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96 - https://nvd.nist.gov/vuln/detail/CVE-2022-24775 PublishedDate: "2022-03-25T19:26:33Z" LastModifiedDate: "2022-06-14T20:02:29Z" - key: CVE-2022-22965 value: Title: "spring-framework: RCE via Data Binding on JDK 9+" Description: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it." Severity: CRITICAL CweIDs: - CWE-94 VendorSeverity: nvd: 4 ghsa: 4 redhat: 3 CVSS: ghsa: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" V3Score: 9.8 nvd: V2Vector: "AV:N/AC:L/Au:N/C:P/I:P/A:P" V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" V2Score: 7.5 V3Score: 9.8 redhat: V3Vector: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" V3Score: 8.1 References: - "https://github.com/advisories/GHSA-36p3-wjmg-h94x", PublishedDate: "2022-04-01T23:15:00Z" LastModifiedDate: "2022-05-19T14:21:00Z" - key: CVE-2020-14155 value: Title: "pcre: Integer overflow when parsing callout numeric arguments" Description: "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring." Severity: MEDIUM CweIDs: - CWE-190 VendorSeverity: alma: 1 nvd: 2 CVSS: nvd: V2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P" V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" V2Score: 5 V3Score: 5.3 redhat: V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" V3Score: 5.3 References: - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", - "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" PublishedDate: "2020-06-15T17:15:00Z" LastModifiedDate: "2022-04-28T15:06:00Z"