SB2023062315 - Multiple vulnerabilities in Red Hat OpenShift Data Foundation 4.13
Published: June 23, 2023 Updated: October 25, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 93 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2022-4415)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.
The vulnerability affects systems with libacl support.
2) NULL pointer dereference (CVE-ID: CVE-2022-36227)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.
3) Improper Validation of Array Index (CVE-ID: CVE-2022-35737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling an overly large input passed as argument to a C API. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-34903)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
5) Heap-based buffer overflow (CVE-ID: CVE-2022-33099)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The
vulnerability exists due to a boundary error in the luaG_runerror component. A remote attacker can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
6) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.
7) Path traversal (CVE-ID: CVE-2022-29154)
The vulnerability allows a remote server to perform directory traversal attacks.
The vulnerability exists due to input validation error within the rsync client when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.
8) Heap-based buffer overflow (CVE-ID: CVE-2022-28805)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the singlevar function in lparser.c. A remote attacker can use a specially crafted luaK_exp2anyregup call, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Out-of-bounds read (CVE-ID: CVE-2022-26280)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing ZIP files in zipx_lzma_alone_init. A remote attacker can create a specially crafted .zip archive, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
10) Heap-based buffer overflow (CVE-ID: CVE-2022-24903)
The vulnerability allows a remote attacker to perform a denial of service or potentially execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing data in imtcp, imptcp, imgssapi, and imhttp modules used for TCP syslog reception. A remote attacker can pass specially crafted data to the application, trigger heap-based buffer overflow and cause a denial of service or potentially execute arbitrary code on the target system.
Successful exploitation of this vulnerability is possible if the attacker is able to directly send specially crafted messages to the rsyslog daemon or by injecting specially crafted data into log files. Vulnerability exploitation in the second scenario requires that the rsyslog client supports octet-counted framing, which is not a default configuration.
11) Reachable Assertion (CVE-ID: CVE-2022-3924)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion. A remote attacker can send specially crafted queries to the resolver and perform a denial of service (DoS) attack.
12) Incorrect Regular Expression (CVE-ID: CVE-2022-40023)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions within the Lexer class. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
13) Off-by-one (CVE-ID: CVE-2022-3821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
14) Input validation error (CVE-ID: CVE-2022-3736)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted RRSIG query to the DNS server and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.
15) Heap-based buffer overflow (CVE-ID: CVE-2022-3715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in valid_parameter_transform() function in GNU bash. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
16) Integer overflow (CVE-ID: CVE-2022-3515)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the CRL parser in libksba. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Inadequate Encryption Strength (CVE-ID: CVE-2022-3358)
The vulnerability allows a remote attacker to decrypt traffic.
The vulnerability exists due to an error in openssl implementation when handling legacy custom ciphers with NID_undef passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions. Under certain conditions openssl can fail to select a proper cipher and use NULL instead, which corresponds to sending data in plain text.
Note, applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function.
18) Resource exhaustion (CVE-ID: CVE-2022-3094)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling DNS updates. A remote attacker can trigger resource exhaustion by sending a flood of dynamic DNS updates.
19) Resource management error (CVE-ID: CVE-2022-2795)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing large delegations. A remote attacker can flood the target resolver with queries and perform a denial of service (DoS) attack.
20) Double Free (CVE-ID: CVE-2022-2509)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) NULL pointer dereference (CVE-ID: CVE-2022-2309)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the iterwalk() function. A remote attacker can pass specially crafted XML data to the application and perform a denial of service (DoS) attack.
22) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
23) Integer overflow (CVE-ID: CVE-2022-40303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Out-of-bounds read (CVE-ID: CVE-2022-1586)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.
25) Integer overflow (CVE-ID: CVE-2022-47629)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the CRL signature parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Double Free (CVE-ID: CVE-2023-25136)
The vulnerability allows a remote attacker to potentially execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the sshd(8) daemon. A remote non-authenticated attacker can send specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
The vendor believes exploitation of this vulnerability has limitations as double free occurs "in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms". Nevertheless we assign a high risk to this vulnerability.
27) Input validation error (CVE-ID: CVE-2023-24329)
The vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
28) Input validation error (CVE-ID: CVE-2023-22809)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the sudoedit (aka -e) feature due to insufficient validation of user-supplied input passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR). The problem exists because a user-specified editor may contain a "--"
argument that defeats a protection mechanism, e.g., an EDITOR='vim --
/path/to/extra/file' value. A local user can append arbitrary entries to the list of files to process and escalate privileges on the system.
29) OS Command Injection (CVE-ID: CVE-2023-2491)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to a missing fix for #VU74578 (CVE-2023-28617). A remote attacker can trick the victim to open a specially crafted file and execute arbitrary OS commands on the target system via a file name or directory name that contains shell metacharacters.
30) Inadequate Encryption Strength (CVE-ID: CVE-2023-0361)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in the TLS RSA key exchange. A remote attacker can perform Bleichenbacher oracle attack and decrypt information.
31) OS Command Injection (CVE-ID: CVE-2022-48339)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the hfy-istext-command() function when parsing the "file" and "srcdir" parameters, if a file name or directory name contains shell metacharacter. A remote attacker can execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) OS Command Injection (CVE-ID: CVE-2022-48338)
The vulnerability allows a malicious gem to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the ruby-find-library-file() function. A malicious Ruby source file can execute arbitrary OS commands on the target system.
33) OS Command Injection (CVE-ID: CVE-2022-48337)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when parsing name of a source-code file in lib-src/etags.c. A remote attacker can trick the victim use the "etags -u *" command on the directory with attacker controlled content and execute arbitrary OS commands on the target system.
34) Heap-based buffer overflow (CVE-ID: CVE-2022-48303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the from_header() function in list.c when handling V7 archives. A remote attacker can trick the victim to open a specially crafted V7 archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) NULL pointer dereference (CVE-ID: CVE-2022-47024)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the gui_x11_create_blank_mouse(0 function in gui_x11.c. A remote attacker can perform a denial of service (DoS) attack.
36) Resource management error (CVE-ID: CVE-2022-40304)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in entities.c due to the way libxml2 handles reference cycles. The library does not anticipate that entity content can be allocated from a dict and clears it upon reference cycle detection by setting its first byte to zero. This can lead to memory corruption issues, such as double free errors and result in a denial of service.
37) Resource exhaustion (CVE-ID: CVE-2022-45873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock within the parse_elf_object() function in shared/elf-util.c. A local user can perform a denial of service (DoS) attack.
38) Resource exhaustion (CVE-ID: CVE-2022-45061)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.
39) Use-after-free (CVE-ID: CVE-2022-43680)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
40) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42919)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Python multiprocessing library, when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine.A local user can execute arbitrary code with privileges of the user running the any forkserver process.
41) Integer overflow (CVE-ID: CVE-2022-42898)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Use-after-free (CVE-ID: CVE-2022-42012)
The vulnerability allows a local user to escalate privileges on the system.
43) Out-of-bounds read (CVE-ID: CVE-2022-42011)
The vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error caused by an invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element. A local user can trigger an out-of-bounds read and gain access to sensitive information.
44) Reachable Assertion (CVE-ID: CVE-2022-42010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in debug builds caused by a syntactically invalid type signature with incorrectly nested parentheses and curly brackets. A local user can perform a denial of service (DoS) attack.
45) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
46) Out-of-bounds read (CVE-ID: CVE-2022-1587)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the get_recurse_data_length() function in pcre2_jit_compile.c when handling recursions in JIT-compiled regular expressions. A remote attacker can pass specially crafted input to the affected application, trigger an out-of-bounds read error and read contents of memory on the system.
47) Incorrect default permissions (CVE-ID: CVE-2022-1348)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the way logrotate uses the state file. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation.
48) Improper Authentication (CVE-ID: CVE-2020-16250)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1..
49) Input validation error (CVE-ID: CVE-2022-2880)
The vulnerability allows a remote attacker to perform parameter smuggling attacks.
The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.
50) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2022-38149)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A remote attacker can read the log files and gain access to sensitive data.
51) Path traversal (CVE-ID: CVE-2022-32190)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within JoinPath and URL.JoinPath. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
52) Input validation error (CVE-ID: CVE-2022-32189)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in
Float.GobDecode. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
53) Resource exhaustion (CVE-ID: CVE-2022-30635)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when calling Decoder.Decode on a message which contains deeply nested structures. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
54) Input validation error (CVE-ID: CVE-2022-27664)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
55) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-23541)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insecure implementation of key retrieval function. A remote user attacker can cause successful validation of forged tokens.
56) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-23540)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to insecure default algorithm in jwt.verify(). A remote attacker can cause signature validation bypass.
57) Prototype pollution (CVE-ID: CVE-2022-21824)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to the formatting logic of the console.table() function. A remote attacker can send a specially crafted request and assign an empty string to numerical keys of the object prototype.
58) Incorrect Regular Expression (CVE-ID: CVE-2022-3517)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
59) Resource management error (CVE-ID: CVE-2022-2879)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
60) Improper Authentication (CVE-ID: CVE-2022-41316)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the Certificate Revocation Lists (CRLs) implementation, which prevented Vault from denying access to users with revoked certificates without application reboot. As a result, when using TLS certificate authentication, Vault did not
correctly perform CRL revocation checks if login occurred between Vault
startup (or invalidation) and a manual retrieval of the CRL, allowing users to continue using the application with revoked certificates.
61) Improper Certificate Validation (CVE-ID: CVE-2021-44533)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper validation of certificate subject and issuer fields. A remote attacker can create a certificate with specially crafted multi-value Relative Distinguished Names and perform spoofing attack.
62) Improper validation of certificate with host mismatch (CVE-ID: CVE-2021-44532)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper validation of certificates, when converting SANs (Subject Alternative Names) to a string format. A remote attacker can inject special characters into the string and perform spoofing attack.
63) Improper Certificate Validation (CVE-ID: CVE-2021-44531)
The vulnerability allows a remote attacker to perform spoofing attack.
The
vulnerability exists due to insufficient validation of URI Subject
Alternative Names. Node.js accepts arbitrary Subject Alternative Name
(SAN) types, unless a PKI
is specifically defined to use a particular SAN type. A remote attacker
can bypass name-constrained intermediates and perform spoofing attack.
64) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-43998)
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to templated ACL policies always match the first-created entity alias
if multiple entity aliases exist for a specified entity and mount
combination. A remote user can trigger incorrect policy enforcement.
65) Insufficient Entropy (CVE-ID: CVE-2021-4238)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient entropy when generating alphanumeric strings within RandomAlphaNumeric and CryptoRandomAlphaNumeric functions, which always return strings containing at least one digit from 0 to 9. A remote attacker can launch brute-force attacks and gain access to sensitive information.
66) Resource exhaustion (CVE-ID: CVE-2021-4235)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
67) Input validation error (CVE-ID: CVE-2021-3807)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
68) Incorrect Regular Expression (CVE-ID: CVE-2021-3765)
The vulnerability allows a remote attacker to perform a regular expression denial of service (ReDoS) attack.
The vulnerability exists due to improper input validation when handling user-supplied input. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDoS) attack.
69) Improper Authentication (CVE-ID: CVE-2020-16251)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
70) Input validation error (CVE-ID: CVE-2022-38900)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
71) Resource exhaustion (CVE-ID: CVE-2022-41715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
72) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
73) Type conversion (CVE-ID: CVE-2020-10735)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion in algorithms with quadratic time complexity when using non-binary bases within the int() call. A remote attacker can pass specially crafted data to the affected application and perform a denial of service (DoS) attack.
74) Input validation error (CVE-ID: CVE-2022-1271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
75) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-0670)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error within the "volumes" plugin in Ceph Manager. The Openstack manilla owning a Ceph File system "share" enables the owner to read/write any manilla share or entire file system.
76) Off-by-one (CVE-ID: CVE-2021-46848)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.
77) Resource exhaustion (CVE-ID: CVE-2021-46828)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to library improperly handles idle TCP connections. A remote attacker can exhaust the file descriptors of a process that uses libtirpc and perform a denial of service (DoS) attack.
78) Use-after-free (CVE-ID: CVE-2021-44964)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in garbage collector and finalizer of lgc.c. A remote attacker can pass specially crafted script file to the application, trigger a use-after-free error and perform a denial of service (DoS) attack.
79) Stack-based buffer overflow (CVE-ID: CVE-2021-43519)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the lua_resume() function of ldo.c. A remote attacker can pass a specially crafted script file to he application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
80) Open redirect (CVE-ID: CVE-2021-28861)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data in lib/http/server.py due to missing protection against multiple (/) at the beginning of URI path. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
81) Cross-site scripting (CVE-ID: CVE-2021-4231)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
82) Security Features (CVE-ID: CVE-2020-17049)
The vulnerability allows a remote user to bypass authentication process.
The vulnerability exists due to security feature bypass issue in Kerberos. A remote administrator can bypass authentication process and gain unauthorized access to the application.
83) Buffer overflow (CVE-ID: CVE-2018-25032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when compressing data. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
84) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
85) OS Command Injection (CVE-ID: CVE-2015-20107)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.
86) Information disclosure (CVE-ID: CVE-2023-25000)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Shamir implementation uses precomputed table lookups. A remote user can perform a cache-timing attack and recover the Shamir shares.
87) Improper access control (CVE-ID: CVE-2023-24999)
The vulnerability allows a remote user to perform a denial of service attack.
The vulnerability exists due to the way the application handles authentication based on Approle SecretID. A remote user with access to the "/auth/approle/role/:role_name/secret-id-accessor/destroy" endpoint can destroy the secret ID of any other role by providing the secret ID accessor and disable access to Vault for other users.88) Input validation error (CVE-ID: CVE-2023-0665)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the PKI mount issuer endpoints do not correctly authorize access to remove an issuer or modify issuer metadata. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
89) SQL injection (CVE-ID: CVE-2023-0620)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when using Vault’s community-supported Microsoft SQL (MSSQL) database storage backend. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
90) Prototype pollution (CVE-ID: CVE-2022-46175)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the JSON5.parse() function. A remote attacker can inject and execute arbitrary script code.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
91) Resource exhaustion (CVE-ID: CVE-2022-41725)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper control over internal resources in net/http and mime/multipart. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
92) Resource management error (CVE-ID: CVE-2022-41724)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in crypto/tls when handling large TLS handshake records. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
The vulnerability affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
93) Resource exhaustion (CVE-ID: CVE-2022-41723)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.