github.com/devseccon/trivy@v0.47.1-0.20231123133102-bd902a0bd996/integration/testdata/fixtures/db/vulnerability.yaml (about) 1 - bucket: vulnerability 2 pairs: 3 - key: CVE-2022-38177 4 value: 5 Title: "bind: memory leak in ECDSA DNSSEC verification code" 6 Description: "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources." 7 Severity: HIGH 8 CVSS: 9 nvd: 10 V3Score: 7.5 11 V3Vector: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" 12 redhat: 13 V3Score: 7.5 14 V3Vector: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" 15 LastModifiedDate: "2022-09-21T11:15:00Z" 16 PublishedDate: "2022-09-21T11:15:00Z" 17 References: 18 - "http://www.openwall.com/lists/oss-security/2022/09/21/3" 19 - "https://access.redhat.com/errata/RHSA-2022:6763" 20 - "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38177.json" 21 - "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json" 22 - "https://access.redhat.com/security/cve/CVE-2022-38177" 23 VendorSeverity: 24 arch-linux: 2 25 nvd: 2 26 redhat: 2 27 ubuntu: 2 28 - key: CVE-2022-3715 29 value: 30 Title: a heap-buffer-overflow in valid_parameter_transform 31 Severity: LOW 32 Description: A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems. 33 CVSS: 34 nvd: 35 V3Score: 7.8 36 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 37 redhat: 38 V3Score: 6.6 39 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H 40 CweIDs: 41 - CWE-787 42 LastModifiedDate: 2023-02-24T18:38:00Z 43 PublishedDate: 2023-01-05T15:15:00Z 44 References: 45 - https://access.redhat.com/errata/RHSA-2023:0340 46 - https://access.redhat.com/security/cve/CVE-2022-3715 47 - https://bugzilla.redhat.com/2126720 48 - https://bugzilla.redhat.com/show_bug.cgi?id=2126720 49 VendorSeverity: 50 cbl-mariner: 3.0 51 nvd: 3.0 52 photon: 3.0 53 redhat: 1.0 54 ubuntu: 2.0 55 - key: CVE-2016-9401 56 value: 57 CVSS: 58 nvd: 59 V2Score: 2.1 60 V2Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P 61 V3Score: 5.5 62 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 63 redhat: 64 V2Score: 1.9 65 V2Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P 66 V3Score: 3.3 67 V3Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 68 CweIDs: 69 - CWE-416 70 Description: popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. 71 LastModifiedDate: 2020-09-14T18:32:00Z 72 PublishedDate: 2017-01-23T21:59:00Z 73 References: 74 - http://rhn.redhat.com/errata/RHSA-2017-0725.html 75 - http://www.openwall.com/lists/oss-security/2016/11/17/5 76 - http://www.openwall.com/lists/oss-security/2016/11/17/9 77 - http://www.securityfocus.com/bid/94398 78 - https://access.redhat.com/errata/RHSA-2017:1931 79 - https://access.redhat.com/security/cve/CVE-2016-9401 80 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9401 81 - https://linux.oracle.com/cve/CVE-2016-9401.html 82 - https://linux.oracle.com/errata/ELSA-2017-1931.html 83 - https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html 84 - https://security.gentoo.org/glsa/201701-02 85 - https://ubuntu.com/security/notices/USN-3294-1 86 Severity: MEDIUM 87 Title: "bash: popd controlled free" 88 VendorSeverity: 89 amazon: 2.0 90 nvd: 2.0 91 oracle-oval: 2.0 92 photon: 2.0 93 redhat: 1.0 94 ubuntu: 1.0 95 - key: CVE-2018-0734 96 value: 97 CVSS: 98 nvd: 99 V2Score: 4.3 100 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 101 V3Score: 5.9 102 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 103 redhat: 104 V3Score: 5.1 105 V3Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 106 CweIDs: 107 - CWE-327 108 Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). 109 LastModifiedDate: 2020-08-24T17:37:00Z 110 PublishedDate: 2018-10-30T12:29:00Z 111 References: 112 - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html 113 - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html 114 - http://www.securityfocus.com/bid/105758 115 - https://access.redhat.com/errata/RHSA-2019:2304 116 - https://access.redhat.com/errata/RHSA-2019:3700 117 - https://access.redhat.com/errata/RHSA-2019:3932 118 - https://access.redhat.com/errata/RHSA-2019:3933 119 - https://access.redhat.com/errata/RHSA-2019:3935 120 - https://access.redhat.com/security/cve/CVE-2018-0734 121 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 122 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac 123 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f 124 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7 125 - https://linux.oracle.com/cve/CVE-2018-0734.html 126 - https://linux.oracle.com/errata/ELSA-2019-3700.html 127 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ 128 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ 129 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ 130 - https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/ 131 - https://nvd.nist.gov/vuln/detail/CVE-2018-0734 132 - https://security.netapp.com/advisory/ntap-20181105-0002/ 133 - https://security.netapp.com/advisory/ntap-20190118-0002/ 134 - https://security.netapp.com/advisory/ntap-20190423-0002/ 135 - https://ubuntu.com/security/notices/USN-3840-1 136 - https://usn.ubuntu.com/3840-1/ 137 - https://www.debian.org/security/2018/dsa-4348 138 - https://www.debian.org/security/2018/dsa-4355 139 - https://www.openssl.org/news/secadv/20181030.txt 140 - https://www.oracle.com/security-alerts/cpuapr2020.html 141 - https://www.oracle.com/security-alerts/cpujan2020.html 142 - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html 143 - https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html 144 - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html 145 - https://www.tenable.com/security/tns-2018-16 146 - https://www.tenable.com/security/tns-2018-17 147 Severity: MEDIUM 148 Title: "openssl: timing side channel attack in the DSA signature algorithm" 149 VendorSeverity: 150 amazon: 2.0 151 arch-linux: 1.0 152 cbl-mariner: 2.0 153 nvd: 2.0 154 oracle-oval: 1.0 155 photon: 2.0 156 redhat: 1.0 157 ubuntu: 1.0 158 - key: CVE-2019-10744 159 value: 160 CVSS: 161 nvd: 162 V2Score: 6.4 163 V2Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P 164 V3Score: 9.1 165 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 166 redhat: 167 V3Score: 9.1 168 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 169 Description: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. 170 LastModifiedDate: 2021-03-16T13:57:00Z 171 PublishedDate: 2019-07-26T00:15:00Z 172 References: 173 - https://access.redhat.com/errata/RHSA-2019:3024 174 - https://access.redhat.com/security/cve/CVE-2019-10744 175 - https://github.com/advisories/GHSA-jf85-cpcp-j695 176 - https://github.com/lodash/lodash/pull/4336 177 - https://nvd.nist.gov/vuln/detail/CVE-2019-10744 178 - https://security.netapp.com/advisory/ntap-20191004-0005/ 179 - https://snyk.io/vuln/SNYK-JS-LODASH-450202 180 - https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS 181 - https://www.npmjs.com/advisories/1065 182 - https://www.oracle.com/security-alerts/cpujan2021.html 183 - https://www.oracle.com/security-alerts/cpuoct2020.html 184 Severity: CRITICAL 185 Title: "nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties" 186 VendorSeverity: 187 ghsa: 4.0 188 nvd: 4.0 189 redhat: 3.0 190 - key: CVE-2019-11358 191 value: 192 CVSS: 193 nvd: 194 V2Score: 4.3 195 V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 196 V3Score: 6.1 197 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 198 redhat: 199 V3Score: 5.6 200 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 201 CweIDs: 202 - CWE-79 203 Description: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. 204 LastModifiedDate: 2021-10-20T11:15:00Z 205 PublishedDate: 2019-04-20T00:29:00Z 206 References: 207 - http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html 208 - http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html 209 - http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html 210 - http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html 211 - http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html 212 - http://seclists.org/fulldisclosure/2019/May/10 213 - http://seclists.org/fulldisclosure/2019/May/11 214 - http://seclists.org/fulldisclosure/2019/May/13 215 - http://www.openwall.com/lists/oss-security/2019/06/03/2 216 - http://www.securityfocus.com/bid/108023 217 - https://access.redhat.com/errata/RHBA-2019:1570 218 - https://access.redhat.com/errata/RHSA-2019:1456 219 - https://access.redhat.com/errata/RHSA-2019:2587 220 - https://access.redhat.com/errata/RHSA-2019:3023 221 - https://access.redhat.com/errata/RHSA-2019:3024 222 - https://access.redhat.com/security/cve/CVE-2019-11358 223 - https://backdropcms.org/security/backdrop-sa-core-2019-009 224 - https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ 225 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 226 - https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 227 - https://github.com/advisories/GHSA-6c3j-c64m-qhgq 228 - https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b 229 - https://github.com/jquery/jquery/pull/4333 230 - "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#434" 231 - https://hackerone.com/reports/454365 232 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 233 - https://linux.oracle.com/cve/CVE-2019-11358.html 234 - https://linux.oracle.com/errata/ELSA-2020-4847.html 235 - https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E 236 - https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E 237 - https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844@%3Ccommits.airflow.apache.org%3E 238 - https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f@%3Ccommits.airflow.apache.org%3E 239 - https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7@%3Ccommits.airflow.apache.org%3E 240 - https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E 241 - https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205@%3Ccommits.airflow.apache.org%3E 242 - https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E 243 - https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E 244 - https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E 245 - https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9@%3Cissues.flink.apache.org%3E 246 - https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa@%3Cissues.flink.apache.org%3E 247 - https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766@%3Cdev.syncope.apache.org%3E 248 - https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E 249 - https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355@%3Cdev.flink.apache.org%3E 250 - https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734@%3Cdev.storm.apache.org%3E 251 - https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E 252 - https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d@%3Cissues.flink.apache.org%3E 253 - https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E 254 - https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html 255 - https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html 256 - https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html 257 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/ 258 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/ 259 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/ 260 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/ 261 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/ 262 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/ 263 - https://nvd.nist.gov/vuln/detail/CVE-2019-11358 264 - https://seclists.org/bugtraq/2019/Apr/32 265 - https://seclists.org/bugtraq/2019/Jun/12 266 - https://seclists.org/bugtraq/2019/May/18 267 - https://security.netapp.com/advisory/ntap-20190919-0001/ 268 - https://snyk.io/vuln/SNYK-JS-JQUERY-174006 269 - https://www.debian.org/security/2019/dsa-4434 270 - https://www.debian.org/security/2019/dsa-4460 271 - https://www.drupal.org/sa-core-2019-006 272 - https://www.oracle.com//security-alerts/cpujul2021.html 273 - https://www.oracle.com/security-alerts/cpuApr2021.html 274 - https://www.oracle.com/security-alerts/cpuapr2020.html 275 - https://www.oracle.com/security-alerts/cpujan2020.html 276 - https://www.oracle.com/security-alerts/cpujan2021.html 277 - https://www.oracle.com/security-alerts/cpujul2020.html 278 - https://www.oracle.com/security-alerts/cpuoct2020.html 279 - https://www.oracle.com/security-alerts/cpuoct2021.html 280 - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html 281 - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html 282 - https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/ 283 - https://www.synology.com/security/advisory/Synology_SA_19_19 284 - https://www.tenable.com/security/tns-2019-08 285 - https://www.tenable.com/security/tns-2020-02 286 Severity: MEDIUM 287 Title: "jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection" 288 VendorSeverity: 289 alma: 2.0 290 amazon: 2.0 291 arch-linux: 2.0 292 ghsa: 2.0 293 nodejs-security-wg: 2.0 294 nvd: 2.0 295 oracle-oval: 2.0 296 redhat: 2.0 297 ruby-advisory-db: 2.0 298 ubuntu: 1.0 299 - key: CVE-2019-14697 300 value: 301 CVSS: 302 nvd: 303 V2Score: 7.5 304 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 305 V3Score: 9.8 306 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 307 CweIDs: 308 - CWE-787 309 Description: musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. 310 LastModifiedDate: 2020-03-14T19:15:00Z 311 PublishedDate: 2019-08-06T16:15:00Z 312 References: 313 - http://www.openwall.com/lists/oss-security/2019/08/06/4 314 - https://security.gentoo.org/glsa/202003-13 315 - https://www.openwall.com/lists/musl/2019/08/06/1 316 Severity: CRITICAL 317 VendorSeverity: 318 nvd: 4.0 319 - key: CVE-2019-14806 320 value: 321 CVSS: 322 nvd: 323 V2Score: 5.0 324 V2Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 325 V3Score: 7.5 326 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 327 redhat: 328 V3Score: 7.5 329 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 330 CweIDs: 331 - CWE-331 332 Description: Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. 333 LastModifiedDate: 2019-09-11T00:15:00Z 334 PublishedDate: 2019-08-09T15:15:00Z 335 References: 336 - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00034.html 337 - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00047.html 338 - https://access.redhat.com/security/cve/CVE-2019-14806 339 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14806 340 - https://github.com/advisories/GHSA-gq9m-qvpx-68hc 341 - "https://github.com/pallets/werkzeug/blob/7fef41b120327d3912fbe12fb64f1951496fcf3e/src/werkzeug/debug/__init__.py#L168" 342 - https://github.com/pallets/werkzeug/commit/00bc43b1672e662e5e3b8cecd79e67fc968fa246 343 - https://nvd.nist.gov/vuln/detail/CVE-2019-14806 344 - https://palletsprojects.com/blog/werkzeug-0-15-3-released/ 345 - https://ubuntu.com/security/notices/USN-4655-1 346 Severity: HIGH 347 Title: "python-werkzeug: insufficient debugger PIN randomness vulnerability" 348 VendorSeverity: 349 ghsa: 3.0 350 nvd: 3.0 351 redhat: 2.0 352 ubuntu: 1.0 353 - key: CVE-2019-1549 354 value: 355 CVSS: 356 nvd: 357 V2Score: 5.0 358 V2Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 359 V3Score: 5.3 360 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 361 redhat: 362 V3Score: 4.8 363 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 364 CweIDs: 365 - CWE-330 366 Description: OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). 367 LastModifiedDate: 2020-10-20T22:15:00Z 368 PublishedDate: 2019-09-10T17:15:00Z 369 References: 370 - https://access.redhat.com/security/cve/CVE-2019-1549 371 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549 372 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be 373 - https://linux.oracle.com/cve/CVE-2019-1549.html 374 - https://linux.oracle.com/errata/ELSA-2020-1840.html 375 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ 376 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ 377 - https://seclists.org/bugtraq/2019/Oct/1 378 - https://security.netapp.com/advisory/ntap-20190919-0002/ 379 - https://support.f5.com/csp/article/K44070243 380 - https://support.f5.com/csp/article/K44070243?utm_source=f5support&utm_medium=RSS 381 - https://ubuntu.com/security/notices/USN-4376-1 382 - https://usn.ubuntu.com/4376-1/ 383 - https://www.debian.org/security/2019/dsa-4539 384 - https://www.openssl.org/news/secadv/20190910.txt 385 - https://www.oracle.com/security-alerts/cpuapr2020.html 386 - https://www.oracle.com/security-alerts/cpujan2020.html 387 - https://www.oracle.com/security-alerts/cpujul2020.html 388 - https://www.oracle.com/security-alerts/cpuoct2020.html 389 - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html 390 Severity: MEDIUM 391 Title: "openssl: information disclosure in fork()" 392 VendorSeverity: 393 amazon: 2.0 394 nvd: 2.0 395 oracle-oval: 2.0 396 photon: 2.0 397 redhat: 1.0 398 ubuntu: 1.0 399 - key: CVE-2019-1551 400 value: 401 CVSS: 402 nvd: 403 V2Score: 5.0 404 V2Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 405 V3Score: 5.3 406 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 407 redhat: 408 V3Score: 4.8 409 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N 410 CweIDs: 411 - CWE-200 412 Description: There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). 413 LastModifiedDate: 2021-07-21T11:39:00Z 414 PublishedDate: 2019-12-06T18:15:00Z 415 References: 416 - http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html 417 - http://packetstormsecurity.com/files/155754/Slackware-Security-Advisory-openssl-Updates.html 418 - https://access.redhat.com/security/cve/CVE-2019-1551 419 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551 420 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f 421 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f1c5eea8a817075d31e43f5876993c6710238c98 422 - https://github.com/openssl/openssl/pull/10575 423 - https://linux.oracle.com/cve/CVE-2019-1551.html 424 - https://linux.oracle.com/errata/ELSA-2020-4514.html 425 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ 426 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ 427 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ 428 - https://seclists.org/bugtraq/2019/Dec/39 429 - https://seclists.org/bugtraq/2019/Dec/46 430 - https://security.gentoo.org/glsa/202004-10 431 - https://security.netapp.com/advisory/ntap-20191210-0001/ 432 - https://ubuntu.com/security/notices/USN-4376-1 433 - https://ubuntu.com/security/notices/USN-4504-1 434 - https://usn.ubuntu.com/4376-1/ 435 - https://usn.ubuntu.com/4504-1/ 436 - https://www.debian.org/security/2019/dsa-4594 437 - https://www.debian.org/security/2021/dsa-4855 438 - https://www.openssl.org/news/secadv/20191206.txt 439 - https://www.oracle.com/security-alerts/cpuApr2021.html 440 - https://www.oracle.com/security-alerts/cpujan2021.html 441 - https://www.oracle.com/security-alerts/cpujul2020.html 442 - https://www.tenable.com/security/tns-2019-09 443 - https://www.tenable.com/security/tns-2020-03 444 - https://www.tenable.com/security/tns-2020-11 445 - https://www.tenable.com/security/tns-2021-10 446 Severity: MEDIUM 447 Title: "openssl: Integer overflow in RSAZ modular exponentiation on x86_64" 448 VendorSeverity: 449 amazon: 1.0 450 nvd: 2.0 451 oracle-oval: 1.0 452 photon: 2.0 453 redhat: 1.0 454 ubuntu: 1.0 455 - key: CVE-2019-15542 456 value: 457 CVSS: 458 nvd: 459 V2Score: 5.0 460 V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 461 V3Score: 7.5 462 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 463 CweIDs: 464 - CWE-674 465 Description: An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization. 466 LastModifiedDate: 2020-08-24T17:37:00Z 467 PublishedDate: 2019-08-26T18:15:00Z 468 References: 469 - https://crates.io/crates/ammonia 470 - "https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md#210" 471 - https://rustsec.org/advisories/RUSTSEC-2019-0001.html 472 Severity: HIGH 473 Title: Uncontrolled recursion leads to abort in HTML serialization 474 VendorSeverity: 475 nvd: 3.0 476 - key: CVE-2019-1559 477 value: 478 CVSS: 479 nvd: 480 V2Score: 4.3 481 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 482 V3Score: 5.9 483 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 484 redhat: 485 V3Score: 5.9 486 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 487 CweIDs: 488 - CWE-203 489 Description: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q). 490 LastModifiedDate: 2021-01-20T15:15:00Z 491 PublishedDate: 2019-02-27T23:29:00Z 492 References: 493 - http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html 494 - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html 495 - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html 496 - http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html 497 - http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html 498 - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html 499 - http://www.securityfocus.com/bid/107174 500 - https://access.redhat.com/errata/RHSA-2019:2304 501 - https://access.redhat.com/errata/RHSA-2019:2437 502 - https://access.redhat.com/errata/RHSA-2019:2439 503 - https://access.redhat.com/errata/RHSA-2019:2471 504 - https://access.redhat.com/errata/RHSA-2019:3929 505 - https://access.redhat.com/errata/RHSA-2019:3931 506 - https://access.redhat.com/security/cve/CVE-2019-1559 507 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559 508 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e 509 - https://github.com/RUB-NDS/TLS-Padding-Oracles 510 - https://kc.mcafee.com/corporate/index?page=content&id=SB10282 511 - https://linux.oracle.com/cve/CVE-2019-1559.html 512 - https://linux.oracle.com/errata/ELSA-2019-2471.html 513 - https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html 514 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/ 515 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/ 516 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/ 517 - https://security.gentoo.org/glsa/201903-10 518 - https://security.netapp.com/advisory/ntap-20190301-0001/ 519 - https://security.netapp.com/advisory/ntap-20190301-0002/ 520 - https://security.netapp.com/advisory/ntap-20190423-0002/ 521 - https://support.f5.com/csp/article/K18549143 522 - https://support.f5.com/csp/article/K18549143?utm_source=f5support&utm_medium=RSS 523 - https://ubuntu.com/security/notices/USN-3899-1 524 - https://ubuntu.com/security/notices/USN-4376-2 525 - https://usn.ubuntu.com/3899-1/ 526 - https://usn.ubuntu.com/4376-2/ 527 - https://www.debian.org/security/2019/dsa-4400 528 - https://www.openssl.org/news/secadv/20190226.txt 529 - https://www.oracle.com/security-alerts/cpujan2020.html 530 - https://www.oracle.com/security-alerts/cpujan2021.html 531 - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html 532 - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html 533 - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html 534 - https://www.tenable.com/security/tns-2019-02 535 - https://www.tenable.com/security/tns-2019-03 536 Severity: MEDIUM 537 Title: "openssl: 0-byte record padding oracle" 538 VendorSeverity: 539 amazon: 2.0 540 arch-linux: 2.0 541 nvd: 2.0 542 oracle-oval: 2.0 543 redhat: 2.0 544 ubuntu: 2.0 545 - key: CVE-2019-1563 546 value: 547 CVSS: 548 nvd: 549 V2Score: 4.3 550 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 551 V3Score: 3.7 552 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 553 redhat: 554 V3Score: 3.7 555 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N 556 CweIDs: 557 - CWE-327 558 - CWE-203 559 Description: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s). 560 LastModifiedDate: 2021-07-31T08:15:00Z 561 PublishedDate: 2019-09-10T17:15:00Z 562 References: 563 - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html 564 - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html 565 - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html 566 - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html 567 - http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html 568 - https://access.redhat.com/security/cve/CVE-2019-1563 569 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563 570 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=08229ad838c50f644d7e928e2eef147b4308ad64 571 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=631f94db0065c78181ca9ba5546ebc8bb3884b97 572 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e21f8cf78a125cd3c8c0d1a1a6c8bb0b901f893f 573 - https://kc.mcafee.com/corporate/index?page=content&id=SB10365 574 - https://linux.oracle.com/cve/CVE-2019-1563.html 575 - https://linux.oracle.com/errata/ELSA-2020-1840.html 576 - https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html 577 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/ 578 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/ 579 - https://seclists.org/bugtraq/2019/Oct/0 580 - https://seclists.org/bugtraq/2019/Oct/1 581 - https://seclists.org/bugtraq/2019/Sep/25 582 - https://security.gentoo.org/glsa/201911-04 583 - https://security.netapp.com/advisory/ntap-20190919-0002/ 584 - https://support.f5.com/csp/article/K97324400?utm_source=f5support&utm_medium=RSS 585 - https://ubuntu.com/security/notices/USN-4376-1 586 - https://ubuntu.com/security/notices/USN-4376-2 587 - https://ubuntu.com/security/notices/USN-4504-1 588 - https://usn.ubuntu.com/4376-1/ 589 - https://usn.ubuntu.com/4376-2/ 590 - https://usn.ubuntu.com/4504-1/ 591 - https://www.debian.org/security/2019/dsa-4539 592 - https://www.debian.org/security/2019/dsa-4540 593 - https://www.openssl.org/news/secadv/20190910.txt 594 - https://www.oracle.com/security-alerts/cpuapr2020.html 595 - https://www.oracle.com/security-alerts/cpujan2020.html 596 - https://www.oracle.com/security-alerts/cpujul2020.html 597 - https://www.oracle.com/security-alerts/cpuoct2020.html 598 - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html 599 - https://www.tenable.com/security/tns-2019-09 600 Severity: LOW 601 Title: "openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey" 602 VendorSeverity: 603 amazon: 2.0 604 nvd: 1.0 605 oracle-oval: 2.0 606 photon: 1.0 607 redhat: 1.0 608 ubuntu: 1.0 609 - key: CVE-2019-18224 610 value: 611 CVSS: 612 nvd: 613 V2Score: 7.5 614 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 615 V3Score: 9.8 616 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 617 redhat: 618 V3Score: 5.6 619 V3Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L 620 CweIDs: 621 - CWE-787 622 Description: idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string. 623 LastModifiedDate: 2019-10-29T19:15:00Z 624 PublishedDate: 2019-10-21T17:15:00Z 625 References: 626 - http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html 627 - http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html 628 - https://access.redhat.com/security/cve/CVE-2019-18224 629 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12420 630 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224 631 - https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c 632 - https://github.com/libidn/libidn2/compare/libidn2-2.1.0...libidn2-2.1.1 633 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDQVQ2XPV5BTZUFINT7AFJSKNNBVURNJ/ 634 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MINU5RKDFE6TKAFY5DRFN3WSFDS4DYVS/ 635 - https://seclists.org/bugtraq/2020/Feb/4 636 - https://security.gentoo.org/glsa/202003-63 637 - https://ubuntu.com/security/notices/USN-4168-1 638 - https://usn.ubuntu.com/4168-1/ 639 - https://www.debian.org/security/2020/dsa-4613 640 Severity: CRITICAL 641 Title: "libidn2: heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c" 642 VendorSeverity: 643 amazon: 2.0 644 nvd: 4.0 645 redhat: 2.0 646 ubuntu: 2.0 647 - key: CVE-2019-18276 648 value: 649 CVSS: 650 nvd: 651 V2Score: 7.2 652 V2Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C 653 V3Score: 7.8 654 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 655 redhat: 656 V3Score: 7.8 657 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 658 CweIDs: 659 - CWE-273 660 Description: An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. 661 LastModifiedDate: 2021-05-26T12:15:00Z 662 PublishedDate: 2019-11-28T01:15:00Z 663 References: 664 - http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html 665 - https://access.redhat.com/security/cve/CVE-2019-18276 666 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276 667 - https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff 668 - https://linux.oracle.com/cve/CVE-2019-18276.html 669 - https://linux.oracle.com/errata/ELSA-2021-1679.html 670 - https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E 671 - https://nvd.nist.gov/vuln/detail/CVE-2019-18276 672 - https://security.gentoo.org/glsa/202105-34 673 - https://security.netapp.com/advisory/ntap-20200430-0003/ 674 - https://www.youtube.com/watch?v=-wGtxJ8opa8 675 Severity: HIGH 676 Title: "bash: when effective UID is not equal to its real UID the saved UID is not dropped" 677 VendorSeverity: 678 cbl-mariner: 3.0 679 nvd: 3.0 680 oracle-oval: 1.0 681 photon: 3.0 682 redhat: 1.0 683 ubuntu: 1.0 684 - key: CVE-2019-3823 685 value: 686 CVSS: 687 nvd: 688 V2Score: 5.0 689 V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 690 V3Score: 7.5 691 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 692 redhat: 693 V3Score: 4.3 694 V3Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L 695 CweIDs: 696 - CWE-125 697 Description: libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. 698 LastModifiedDate: 2021-03-09T15:15:00Z 699 PublishedDate: 2019-02-06T20:29:00Z 700 References: 701 - http://www.securityfocus.com/bid/106950 702 - https://access.redhat.com/errata/RHSA-2019:3701 703 - https://access.redhat.com/security/cve/CVE-2019-3823 704 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823 705 - https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf 706 - https://curl.haxx.se/docs/CVE-2019-3823.html 707 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 708 - https://linux.oracle.com/cve/CVE-2019-3823.html 709 - https://linux.oracle.com/errata/ELSA-2019-3701.html 710 - https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E 711 - https://security.gentoo.org/glsa/201903-03 712 - https://security.netapp.com/advisory/ntap-20190315-0001/ 713 - https://ubuntu.com/security/notices/USN-3882-1 714 - https://usn.ubuntu.com/3882-1/ 715 - https://www.debian.org/security/2019/dsa-4386 716 - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html 717 - https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html 718 Severity: HIGH 719 Title: "curl: SMTP end-of-response out-of-bounds read" 720 VendorSeverity: 721 amazon: 2.0 722 arch-linux: 3.0 723 nvd: 3.0 724 oracle-oval: 2.0 725 photon: 3.0 726 redhat: 1.0 727 ubuntu: 1.0 728 - key: CVE-2019-5094 729 value: 730 CVSS: 731 nvd: 732 V2Score: 4.6 733 V2Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P 734 V3Score: 6.7 735 V3Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 736 redhat: 737 V3Score: 6.4 738 V3Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 739 CweIDs: 740 - CWE-787 741 Description: An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. 742 LastModifiedDate: 2021-01-11T19:21:00Z 743 PublishedDate: 2019-09-24T22:15:00Z 744 References: 745 - https://access.redhat.com/security/cve/CVE-2019-5094 746 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5094 747 - https://linux.oracle.com/cve/CVE-2019-5094.html 748 - https://linux.oracle.com/errata/ELSA-2020-4011.html 749 - https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html 750 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/ 751 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/ 752 - https://nvd.nist.gov/vuln/detail/CVE-2019-5094 753 - https://seclists.org/bugtraq/2019/Sep/58 754 - https://security.gentoo.org/glsa/202003-05 755 - https://security.netapp.com/advisory/ntap-20200115-0002/ 756 - https://talosintelligence.com/vulnerability_reports/TALOS-2019-0887 757 - https://ubuntu.com/security/notices/USN-4142-1 758 - https://ubuntu.com/security/notices/USN-4142-2 759 - https://usn.ubuntu.com/4142-1/ 760 - https://usn.ubuntu.com/4142-2/ 761 - https://www.debian.org/security/2019/dsa-4535 762 Severity: MEDIUM 763 Title: "e2fsprogs: Crafted ext4 partition leads to out-of-bounds write" 764 VendorSeverity: 765 amazon: 2.0 766 cbl-mariner: 2.0 767 nvd: 2.0 768 oracle-oval: 2.0 769 photon: 2.0 770 redhat: 2.0 771 ubuntu: 2.0 772 - key: CVE-2019-5436 773 value: 774 CVSS: 775 nvd: 776 V2Score: 4.6 777 V2Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P 778 V3Score: 7.8 779 V3Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 780 redhat: 781 V3Score: 7.0 782 V3Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 783 CweIDs: 784 - CWE-787 785 Description: A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. 786 LastModifiedDate: 2020-10-20T22:15:00Z 787 PublishedDate: 2019-05-28T19:29:00Z 788 References: 789 - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html 790 - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html 791 - http://www.openwall.com/lists/oss-security/2019/09/11/6 792 - https://access.redhat.com/security/cve/CVE-2019-5436 793 - https://curl.haxx.se/docs/CVE-2019-5436.html 794 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 795 - https://linux.oracle.com/cve/CVE-2019-5436.html 796 - https://linux.oracle.com/errata/ELSA-2020-1792.html 797 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/ 798 - https://seclists.org/bugtraq/2020/Feb/36 799 - https://security.gentoo.org/glsa/202003-29 800 - https://security.netapp.com/advisory/ntap-20190606-0004/ 801 - https://support.f5.com/csp/article/K55133295 802 - https://support.f5.com/csp/article/K55133295?utm_source=f5support&utm_medium=RSS 803 - https://ubuntu.com/security/notices/USN-3993-1 804 - https://ubuntu.com/security/notices/USN-3993-2 805 - https://www.debian.org/security/2020/dsa-4633 806 - https://www.oracle.com/security-alerts/cpuapr2020.html 807 - https://www.oracle.com/security-alerts/cpuoct2020.html 808 - https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html 809 Severity: HIGH 810 Title: "curl: TFTP receive heap buffer overflow in tftp_receive_packet() function" 811 VendorSeverity: 812 amazon: 1.0 813 arch-linux: 3.0 814 nvd: 3.0 815 oracle-oval: 2.0 816 photon: 3.0 817 redhat: 1.0 818 ubuntu: 2.0 819 - key: CVE-2019-5481 820 value: 821 CVSS: 822 nvd: 823 V2Score: 7.5 824 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 825 V3Score: 9.8 826 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 827 redhat: 828 V3Score: 5.7 829 V3Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 830 CweIDs: 831 - CWE-415 832 Description: Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. 833 LastModifiedDate: 2020-10-20T22:15:00Z 834 PublishedDate: 2019-09-16T19:15:00Z 835 References: 836 - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html 837 - http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html 838 - https://access.redhat.com/security/cve/CVE-2019-5481 839 - https://curl.haxx.se/docs/CVE-2019-5481.html 840 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481 841 - https://linux.oracle.com/cve/CVE-2019-5481.html 842 - https://linux.oracle.com/errata/ELSA-2020-1792.html 843 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/ 844 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/ 845 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/ 846 - https://seclists.org/bugtraq/2020/Feb/36 847 - https://security.gentoo.org/glsa/202003-29 848 - https://security.netapp.com/advisory/ntap-20191004-0003/ 849 - https://ubuntu.com/security/notices/USN-4129-1 850 - https://www.debian.org/security/2020/dsa-4633 851 - https://www.oracle.com/security-alerts/cpuapr2020.html 852 - https://www.oracle.com/security-alerts/cpujan2020.html 853 - https://www.oracle.com/security-alerts/cpuoct2020.html 854 Severity: CRITICAL 855 Title: "curl: double free due to subsequent call of realloc()" 856 VendorSeverity: 857 amazon: 2.0 858 arch-linux: 2.0 859 nvd: 4.0 860 oracle-oval: 2.0 861 photon: 4.0 862 redhat: 2.0 863 ubuntu: 2.0 864 - key: CVE-2020-28724 865 value: 866 CVSS: 867 nvd: 868 V2Score: 5.8 869 V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N 870 V3Score: 6.1 871 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 872 redhat: 873 V3Score: 5.4 874 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 875 CweIDs: 876 - CWE-601 877 Description: Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. 878 LastModifiedDate: 2020-12-01T16:05:00Z 879 PublishedDate: 2020-11-18T15:15:00Z 880 References: 881 - https://access.redhat.com/security/cve/CVE-2020-28724 882 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28724 883 - https://github.com/advisories/GHSA-3p3h-qghp-hvh2 884 - https://github.com/pallets/flask/issues/1639 885 - https://github.com/pallets/werkzeug/issues/822 886 - https://github.com/pallets/werkzeug/pull/890/files 887 - https://nvd.nist.gov/vuln/detail/CVE-2020-28724 888 - https://ubuntu.com/security/notices/USN-4655-1 889 Severity: MEDIUM 890 Title: "python-werkzeug: open redirect via double slash in the URL" 891 VendorSeverity: 892 ghsa: 2.0 893 nvd: 2.0 894 redhat: 2.0 895 ubuntu: 2.0 896 - key: CVE-2020-29573 897 value: 898 CVSS: 899 nvd: 900 V2Score: 5.0 901 V2Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 902 V3Score: 7.5 903 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 904 redhat: 905 V3Score: 7.5 906 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 907 CweIDs: 908 - CWE-787 909 Description: "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference." 910 LastModifiedDate: 2021-01-26T18:15:00Z 911 PublishedDate: 2020-12-06T00:15:00Z 912 References: 913 - https://access.redhat.com/security/cve/CVE-2020-29573 914 - https://linux.oracle.com/cve/CVE-2020-29573.html 915 - https://linux.oracle.com/errata/ELSA-2021-0348.html 916 - https://security.gentoo.org/glsa/202101-20 917 - https://security.netapp.com/advisory/ntap-20210122-0004/ 918 - https://sourceware.org/bugzilla/show_bug.cgi?id=26649 919 - https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html 920 Severity: HIGH 921 Title: "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern" 922 VendorSeverity: 923 amazon: 2.0 924 arch-linux: 2.0 925 nvd: 3.0 926 oracle-oval: 2.0 927 photon: 3.0 928 redhat: 2.0 929 - key: CVE-2020-8165 930 value: 931 CVSS: 932 nvd: 933 V2Score: 7.5 934 V2Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P 935 V3Score: 9.8 936 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 937 redhat: 938 V3Score: 9.8 939 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 940 CweIDs: 941 - CWE-502 942 Description: A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE. 943 LastModifiedDate: 2020-10-17T12:15:00Z 944 PublishedDate: 2020-06-19T18:15:00Z 945 References: 946 - http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html 947 - http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html 948 - https://access.redhat.com/security/cve/CVE-2020-8165 949 - https://github.com/advisories/GHSA-2p68-f74v-9wc6 950 - https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml 951 - "https://groups.google.com/forum/#!msg/rubyonrails-security/bv6fW4S0Y1c/KnkEqM7AAQAJ" 952 - "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" 953 - https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c 954 - https://hackerone.com/reports/413388 955 - https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html 956 - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html 957 - https://nvd.nist.gov/vuln/detail/CVE-2020-8165 958 - https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/ 959 - https://www.debian.org/security/2020/dsa-4766 960 Severity: CRITICAL 961 Title: "rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore" 962 VendorSeverity: 963 ghsa: 3.0 964 nvd: 4.0 965 redhat: 3.0 966 - key: CVE-2020-9548 967 value: 968 CVSS: 969 nvd: 970 V2Score: 6.8 971 V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P 972 V3Score: 9.8 973 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 974 redhat: 975 V3Score: 8.1 976 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 977 CweIDs: 978 - CWE-502 979 Description: FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). 980 LastModifiedDate: 2021-12-02T21:23:00Z 981 PublishedDate: 2020-03-02T04:15:00Z 982 References: 983 - https://access.redhat.com/security/cve/CVE-2020-9548 984 - https://github.com/FasterXML/jackson-databind/issues/2634 985 - https://github.com/advisories/GHSA-p43x-xfjf-5jhr 986 - https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E 987 - https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E 988 - https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E 989 - https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E 990 - https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E 991 - https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E 992 - https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E 993 - https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E 994 - https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html 995 - https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 996 - https://nvd.nist.gov/vuln/detail/CVE-2020-9548 997 - https://security.netapp.com/advisory/ntap-20200904-0006/ 998 - https://www.oracle.com/security-alerts/cpujan2021.html 999 - https://www.oracle.com/security-alerts/cpujul2020.html 1000 - https://www.oracle.com/security-alerts/cpuoct2020.html 1001 - https://www.oracle.com/security-alerts/cpuoct2021.html 1002 Severity: CRITICAL 1003 Title: "jackson-databind: Serialization gadgets in anteros-core" 1004 VendorSeverity: 1005 ghsa: 4.0 1006 nvd: 4.0 1007 redhat: 3.0 1008 - key: CVE-2021-20190 1009 value: 1010 CVSS: 1011 nvd: 1012 V2Score: 8.3 1013 V2Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C 1014 V3Score: 8.1 1015 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1016 redhat: 1017 V3Score: 8.1 1018 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 1019 CweIDs: 1020 - CWE-502 1021 Description: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 1022 LastModifiedDate: 2021-07-20T23:15:00Z 1023 PublishedDate: 2021-01-19T17:15:00Z 1024 References: 1025 - https://access.redhat.com/security/cve/CVE-2021-20190 1026 - https://bugzilla.redhat.com/show_bug.cgi?id=1916633 1027 - https://github.com/FasterXML/jackson-databind/commit/7dbf51bf78d157098074a20bd9da39bd48c18e4a 1028 - https://github.com/FasterXML/jackson-databind/issues/2854 1029 - https://github.com/advisories/GHSA-5949-rw7g-wx7w 1030 - https://lists.apache.org/thread.html/r380e9257bacb8551ee6fcf2c59890ae9477b2c78e553fa9ea08e9d9a@%3Ccommits.nifi.apache.org%3E 1031 - https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html 1032 - https://nvd.nist.gov/vuln/detail/CVE-2021-20190 1033 - https://security.netapp.com/advisory/ntap-20210219-0008/ 1034 Severity: HIGH 1035 Title: "jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing" 1036 VendorSeverity: 1037 ghsa: 3.0 1038 nvd: 3.0 1039 redhat: 3.0 1040 - key: CVE-2023-2431 1041 value: 1042 Title: "Bypass of seccomp profile enforcement " 1043 Description: "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement..." 1044 Severity: LOW 1045 VendorSeverity: 1046 k8s: 1 1047 CVSS: 1048 k8s: 1049 V3Vector: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" 1050 V3Score: 3.4 1051 References: 1052 - https://github.com/kubernetes/kubernetes/issues/118690 1053 - https://www.cve.org/cverecord?id=CVE-2023-2431 1054 - key: CVE-2021-3712 1055 value: 1056 CVSS: 1057 nvd: 1058 V2Score: 5.8 1059 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P 1060 V3Score: 7.4 1061 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 1062 redhat: 1063 V3Score: 7.4 1064 V3Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H 1065 CweIDs: 1066 - CWE-125 1067 Description: ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are represented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y). 1068 LastModifiedDate: 2022-01-06T09:15:00Z 1069 PublishedDate: 2021-08-24T15:15:00Z 1070 References: 1071 - http://www.openwall.com/lists/oss-security/2021/08/26/2 1072 - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json 1073 - https://access.redhat.com/security/cve/CVE-2021-3712 1074 - https://crates.io/crates/openssl-src 1075 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712 1076 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 1077 - https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12 1078 - https://kc.mcafee.com/corporate/index?page=content&id=SB10366 1079 - https://linux.oracle.com/cve/CVE-2021-3712.html 1080 - https://linux.oracle.com/errata/ELSA-2022-9023.html 1081 - https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E 1082 - https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E 1083 - https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html 1084 - https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html 1085 - https://nvd.nist.gov/vuln/detail/CVE-2021-3712 1086 - https://rustsec.org/advisories/RUSTSEC-2021-0098.html 1087 - https://security.netapp.com/advisory/ntap-20210827-0010/ 1088 - https://ubuntu.com/security/notices/USN-5051-1 1089 - https://ubuntu.com/security/notices/USN-5051-2 1090 - https://ubuntu.com/security/notices/USN-5051-3 1091 - https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm) 1092 - https://ubuntu.com/security/notices/USN-5088-1 1093 - https://www.debian.org/security/2021/dsa-4963 1094 - https://www.openssl.org/news/secadv/20210824.txt 1095 - https://www.oracle.com/security-alerts/cpuoct2021.html 1096 - https://www.tenable.com/security/tns-2021-16 1097 - https://www.tenable.com/security/tns-2022-02 1098 Severity: HIGH 1099 Title: "openssl: Read buffer overruns processing ASN.1 strings" 1100 VendorSeverity: 1101 alma: 2.0 1102 amazon: 2.0 1103 arch-linux: 3.0 1104 cbl-mariner: 3.0 1105 nvd: 3.0 1106 oracle-oval: 2.0 1107 photon: 3.0 1108 redhat: 2.0 1109 rocky: 2.0 1110 ubuntu: 2.0 1111 - key: CVE-2021-38193 1112 value: 1113 CVSS: 1114 nvd: 1115 V2Score: 4.3 1116 V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 1117 V3Score: 6.1 1118 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 1119 CweIDs: 1120 - CWE-79 1121 Description: An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. 1122 LastModifiedDate: 2021-08-16T16:37:00Z 1123 PublishedDate: 2021-08-08T06:15:00Z 1124 References: 1125 - https://crates.io/crates/ammonia 1126 - https://github.com/rust-ammonia/ammonia/pull/142 1127 - https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ammonia/RUSTSEC-2021-0074.md 1128 - https://rustsec.org/advisories/RUSTSEC-2021-0074.html 1129 Severity: MEDIUM 1130 Title: Incorrect handling of embedded SVG and MathML leads to mutation XSS 1131 VendorSeverity: 1132 nvd: 2.0 1133 - key: CVE-2022-0158 1134 value: 1135 CVSS: 1136 nvd: 1137 V2Score: 4.3 1138 V2Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N 1139 V3Score: 3.3 1140 V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1141 redhat: 1142 V3Score: 3.3 1143 V3Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 1144 CweIDs: 1145 - CWE-122 1146 Description: vim is vulnerable to Heap-based Buffer Overflow 1147 LastModifiedDate: 2022-01-15T16:15:00Z 1148 PublishedDate: 2022-01-10T16:15:00Z 1149 References: 1150 - http://www.openwall.com/lists/oss-security/2022/01/15/1 1151 - https://access.redhat.com/security/cve/CVE-2022-0158 1152 - https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 1153 - https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b 1154 - https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/ 1155 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD5S2FC2HF22A7XQXK2XXIR46EARVWIM/ 1156 - https://nvd.nist.gov/vuln/detail/CVE-2022-0158 1157 Severity: LOW 1158 Title: "vim: heap-based read buffer overflow in compile_get_env()" 1159 VendorSeverity: 1160 cbl-mariner: 1.0 1161 nvd: 1.0 1162 redhat: 1.0 1163 - key: CVE-2022-0261 1164 value: 1165 CweIDs: 1166 - CWE-122 1167 Description: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 1168 LastModifiedDate: 2022-01-18T16:15:00Z 1169 PublishedDate: 2022-01-18T16:15:00Z 1170 References: 1171 - https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc 1172 - https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 1173 - https://nvd.nist.gov/vuln/detail/CVE-2022-0261 1174 Severity: HIGH 1175 Title: CVE-2022-0261 affecting package vim 8.2.4081 1176 VendorSeverity: 1177 cbl-mariner: 3.0 1178 - key: openSUSE-SU-2020:0062-1 1179 value: 1180 Description: "This update for openssl-1_1 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). \n\nVarious FIPS related improvements were done:\n\n- FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775).\n- Port FIPS patches from SLE-12 (bsc#1158101).\n- Use SHA-2 in the RSA pairwise consistency check (bsc#1155346).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project." 1181 References: 1182 - https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html 1183 - https://www.suse.com/support/security/rating/ 1184 Severity: MEDIUM 1185 Title: Security update for openssl-1_1 1186 VendorSeverity: 1187 suse-cvrf: 2.0 1188 - key: CVE-2022-24765 1189 value: 1190 Title: "Git for Windows is a fork of Git containing Windows-specific patches. ..." 1191 Description: "Git for Windows is a fork of Git containing Windows-specific patches." 1192 CweIDs: 1193 - CWE-427 1194 References: 1195 - http://www.openwall.com/lists/oss-security/2022/04/12/7 1196 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24765 1197 - https://git-scm.com/book/en/v2/Appendix-A%3A-Git-in-Other-Environments-Git-in-Bash 1198 - https://git-scm.com/docs/git#Documentation/git.txt-codeGITCEILINGDIRECTORIEScode 1199 - https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 1200 - https://ubuntu.com/security/notices/USN-5376-1 1201 Severity: MEDIUM 1202 VendorSeverity: 1203 ubuntu: 2 1204 LastModifiedDate: 2022-04-12T21:15:00Z 1205 PublishedDate: 2022-04-12T18:15:00Z 1206 - key: GMS-2022-20 1207 value: 1208 Title: OCI Manifest Type Confusion Issue 1209 Description: "### Impact\n\nSystems that rely on digest equivalence for image attestations may be vulnerable to type confusion." 1210 Severity: UNKNOWN 1211 References: 1212 - https://github.com/advisories/GHSA-qq97-vm5h-rrhg 1213 - https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586 1214 - https://github.com/distribution/distribution/security/advisories/GHSA-qq97-vm5h-rrhg 1215 - https://github.com/opencontainers/image-spec/pull/411 1216 - key: CVE-2022-23628 1217 value: 1218 Title: Incorrect Calculation 1219 Description: "OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths. **All of these** three conditions have to be met to create an adverse effect: 1. An AST of Rego had to be **created programmatically** such that it ends up containing terms without a location (such as wildcard variables). 2. The AST had to be **pretty-printed** using the `github.com/open-policy-agent/opa/format` package. 3. The result of the pretty-printing had to be **parsed and evaluated again** via an OPA instance using the bundles, or the Golang packages. If any of these three conditions are not met, you are not affected. Notably, all three would be true if using **optimized bundles**, i.e. bundles created with `opa build -O=1` or higher. In that case, the optimizer would fulfil condition (1.), the result of that would be pretty-printed when writing the bundle to disk, fulfilling (2.). When the bundle was then used, we'd satisfy (3.). As a workaround users may disable optimization when creating bundles." 1220 Severity: MEDIUM 1221 CweIDs: 1222 - CWE-682 1223 VendorSeverity: 1224 nvd: 2 1225 CVSS: 1226 nvd: 1227 V2Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 1228 V3Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 1229 V2Score: 4.3 1230 V3Score: 5.3 1231 References: 1232 - https://github.com/advisories/GHSA-hcw3-j74m-qc58 1233 - https://github.com/open-policy-agent/opa/commit/932e4ffc37a590ace79e9b75ca4340288c220239 1234 - https://github.com/open-policy-agent/opa/commit/bfd984ddf93ef2c4963a08d4fdadae0bcf1a3717 1235 - https://github.com/open-policy-agent/opa/pull/3851 1236 - https://github.com/open-policy-agent/opa/security/advisories/GHSA-hcw3-j74m-qc58 1237 - https://nvd.nist.gov/vuln/detail/CVE-2022-23628 1238 PublishedDate: '2022-02-09T22:15:00Z' 1239 LastModifiedDate: '2022-02-17T02:37:00Z' 1240 - key: CVE-2021-38561 1241 value: 1242 Description: "Due to improper index calculation, an incorrectly formatted language tag can cause Parse\nto panic via an out of bounds read. If Parse is used to process untrusted user inputs,\nthis may be used as a vector for a denial of service attack.\n" 1243 Severity: UNKNOWN 1244 References: 1245 - https://go-review.googlesource.com/c/text/+/340830 1246 - https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f 1247 - https://pkg.go.dev/vuln/GO-2021-0113 1248 - key: GHSA-5crp-9r3c-p9vr 1249 value: 1250 Title: "Improper Handling of Exceptional Conditions in Newtonsoft.Json" 1251 Description: "Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage." 1252 Severity: HIGH 1253 VendorSeverity: 1254 ghsa: 3 1255 CweIDs: 1256 - CWE-755 1257 CVSS: 1258 ghsa: 1259 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" 1260 V3Score: 7.5 1261 References: 1262 - https://alephsecurity.com/2018/10/22/StackOverflowException/ 1263 - https://alephsecurity.com/vulns/aleph-2018004 1264 PublishedDate: "2022-06-22T15:08:47Z" 1265 LastModifiedDate: "2022-06-27T18:37:23Z" 1266 - key: CVE-2022-42975 1267 value: 1268 Title: "Phoenix before 1.6.14 mishandles check_origin wildcarding" 1269 Description: "socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token." 1270 Severity: HIGH 1271 VendorSeverity: 1272 ghsa: 3 1273 CVSS: 1274 ghsa: 1275 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" 1276 V3Score: 7.5 1277 References: 1278 - https://nvd.nist.gov/vuln/detail/CVE-2022-42975 1279 - https://github.com/phoenixframework/phoenix/commit/6e7185b33a59e0b1d1c0b4223adf340a73e963ae 1280 - https://hexdocs.pm/phoenix/1.6.14/changelog.html#1-6-14-2022-10-10 1281 - https://github.com/advisories/GHSA-p8f7-22gq-m7j9 1282 PublishedDate: "2022-10-17T12:00:27Z" 1283 LastModifiedDate: "2022-10-18T18:01:44Z" 1284 - key: CVE-2020-35669 1285 value: 1286 Title: "http before 0.13.3 vulnerable to header injection" 1287 Description: "An issue was discovered in the http package before 0.13.3 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request via HTTP header injection. This issue has been addressed in commit abb2bb182 by validating request methods." 1288 Severity: MEDIUM 1289 VendorSeverity: 1290 ghsa: 2 1291 CweIDs: 1292 - CWE-74 1293 CVSS: 1294 ghsa: 1295 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" 1296 V3Score: 6.1 1297 References: 1298 - https://nvd.nist.gov/vuln/detail/CVE-2020-35669 1299 - https://github.com/dart-lang/http/issues/511 1300 - https://github.com/dart-lang/http/blob/master/CHANGELOG.md#0133 1301 - https://github.com/dart-lang/http/pull/512 1302 - https://github.com/dart-lang/http/commit/abb2bb182fbd7f03aafd1f889b902d7b3bdb8769 1303 - https://pub.dev/packages/http/changelog#0133 1304 - https://github.com/advisories/GHSA-4rgh-jx4f-qfcq 1305 PublishedDate: "2022-05-24T17:37:16Z" 1306 LastModifiedDate: "2022-10-06T20:26:08Z" 1307 - key: CVE-2022-3215 1308 value: 1309 Title: "SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" 1310 Description: "`NIOHTTP1` and projects using it for generating HTTP responses, including SwiftNIO, can be subject to a HTTP Response Injection attack..." 1311 Severity: MEDIUM 1312 VendorSeverity: 1313 ghsa: 2 1314 CVSS: 1315 ghsa: 1316 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" 1317 V3Score: 5.3 1318 References: 1319 - https://github.com/apple/swift-nio/security/advisories/GHSA-7fj7-39wj-c64f 1320 - https://nvd.nist.gov/vuln/detail/CVE-2022-3215 1321 - https://github.com/apple/swift-nio/commit/a16e2f54a25b2af217044e5168997009a505930f 1322 - https://github.com/advisories/GHSA-7fj7-39wj-c64f 1323 PublishedDate: "2023-06-07T16:01:53Z" 1324 LastModifiedDate: "2023-06-19T16:45:07Z" 1325 - key: CVE-2022-24775 1326 value: 1327 Title: "Improper Input Validation in guzzlehttp/psr7" 1328 Description: "### Impact\nIn proper header parsing. An attacker could sneak in a new line character and pass untrusted values. \n\n### Patches\nThe issue is patched in 1.8.4 and 2.1.1.\n\n### Workarounds\nThere are no known workarounds.\n" 1329 Severity: HIGH 1330 VendorSeverity: 1331 ghsa: 3 1332 CweIDs: 1333 - CWE-20 1334 CVSS: 1335 ghsa: 1336 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" 1337 V3Score: 7.5 1338 References: 1339 - https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96 1340 - https://nvd.nist.gov/vuln/detail/CVE-2022-24775 1341 PublishedDate: "2022-03-25T19:26:33Z" 1342 LastModifiedDate: "2022-06-14T20:02:29Z" 1343 - key: CVE-2022-22965 1344 value: 1345 Title: "spring-framework: RCE via Data Binding on JDK 9+" 1346 Description: "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it." 1347 Severity: CRITICAL 1348 CweIDs: 1349 - CWE-94 1350 VendorSeverity: 1351 nvd: 4 1352 ghsa: 4 1353 redhat: 3 1354 CVSS: 1355 ghsa: 1356 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" 1357 V3Score: 9.8 1358 nvd: 1359 V2Vector: "AV:N/AC:L/Au:N/C:P/I:P/A:P" 1360 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" 1361 V2Score: 7.5 1362 V3Score: 9.8 1363 redhat: 1364 V3Vector: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" 1365 V3Score: 8.1 1366 References: 1367 - "https://github.com/advisories/GHSA-36p3-wjmg-h94x", 1368 PublishedDate: "2022-04-01T23:15:00Z" 1369 LastModifiedDate: "2022-05-19T14:21:00Z" 1370 - key: CVE-2020-14155 1371 value: 1372 Title: "pcre: Integer overflow when parsing callout numeric arguments" 1373 Description: "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring." 1374 Severity: MEDIUM 1375 CweIDs: 1376 - CWE-190 1377 VendorSeverity: 1378 alma: 1 1379 nvd: 2 1380 CVSS: 1381 nvd: 1382 V2Vector: "AV:N/AC:L/Au:N/C:N/I:N/A:P" 1383 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" 1384 V2Score: 5 1385 V3Score: 5.3 1386 redhat: 1387 V3Vector: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" 1388 V3Score: 5.3 1389 References: 1390 - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", 1391 - "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" 1392 PublishedDate: "2020-06-15T17:15:00Z" 1393 LastModifiedDate: "2022-04-28T15:06:00Z"