Open dpericaxon opened 1 year ago
Continued: | Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
---|---|---|---|---|---|---|---|---|---|---|---|
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-36227 | low | libarchive | 3.3.3-4.el8 | BSD | affected | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\" | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-1127 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-47024 | moderate | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0286 | moderate | openssl-libs | 1.1.1k-7.el8_6 | OpenSSL and ASL 2.0 | affected | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0215 | moderate | openssl-libs | 1.1.1k-7.el8_6 | OpenSSL and ASL 2.0 | affected | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_newPKCS7, i2d | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24056 | moderate | libpkgconf | 1.4.2-1.el8 | ISC | affected | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24056 | moderate | pkgconf-m4 | 1.4.2-1.el8 | GPLv2+ with exceptions | affected | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3826 | low | libgcc | 8.5.0-16.el8_7 | GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD | affected | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-35252 | low | libcurl | 7.61.1-25.el8_7.2 | MIT | affected | When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-43552 | low | curl | 7.61.1-25.el8_7.2 | MIT | affected | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0512 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-27320 | moderate | sudo | 1.8.29-8.el8_7.1 | ISC | under investigation | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35939 | moderate | rpm | 4.14.3-24.el8_7 | GPLv2+ | affected | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3826 | low | libstdc++ | 8.5.0-16.el8_7 | GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD | affected | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-2175 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | affected | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-0433 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-35937 | moderate | rpm-libs | 4.14.3-24.el8_7 | GPLv2+ and LGPLv2+ with exceptions | affected | A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-23916 | moderate | curl | 7.61.1-25.el8_7.2 | MIT | affected | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-2208 | low | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | affected | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2017-14166 | low | libarchive | 3.3.3-4.el8 | BSD | affected | libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3826 | low | libgomp | 8.5.0-16.el8_7 | GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD | affected | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42381 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-1000517 | critical | busybox | 1.28.1 | fixed in 1.29.0 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42374 | medium | busybox | 1.28.1 | fixed in 1.33.2 | An out-of-bounds heap read in Busybox\'s unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42379 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-1000500 | high | busybox | 1.28.1 | fixed in 1.32.0 | Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\". | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42378 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42385 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
Continued: | Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
---|---|---|---|---|---|---|---|---|---|---|---|
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42386 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-20679 | high | busybox | 1.28.1 | fixed in 1.30.0 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42376 | medium | busybox | 1.28.1 | fixed in 1.34.0 | A NULL pointer dereference in Busybox\'s hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42384 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2019-5747 | high | busybox | 1.28.1 | fixed in 1.30.1 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42382 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-28391 | high | busybox | 1.28.1 | BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\'s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\'s colors. | ||||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-42380 | high | busybox | 1.28.1 | fixed in 1.33.2 | A use-after-free in Busybox\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3737 | high | python | 3.7.10 | fixed in 3.9.6, 3.8.11, 3.7.11,... | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-0391 | high | python | 3.7.10 | fixed in 3.9.5, 3.8.11, 3.7.11,... | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like \'\r\' and \'\n\' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2016-3189 | medium | python | 3.7.10 | fixed in 3.10.3, 3.9.11, 3.8.13,... | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2018-25032 | high | python | 3.7.10 | fixed in 1.2.12 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-3733 | medium | python | 3.7.10 | fixed in 3.9.5, 3.8.10, 3.7.11,... | There\'s a flaw in urllib\'s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2019-12900 | critical | python | 3.7.10 | fixed in 3.10.3, 3.9.11, 3.8.13,... | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2015-20107 | high | python | 3.7.10 | fixed in 3.10.8 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-42919 | high | python | 3.7.10 | fixed in 3.10.9, 3.9.16 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-24329 | high | python | 3.7.10 | fixed in 3.11 | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2020-10735 | high | python | 3.7.10 | fixed in 3.10.7, 3.9.14, 3.8.14,... | A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2021-4189 | medium | python | 3.7.10 | fixed in 3.9.3, 3.8.9, 3.7.11,... | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-45061 | high | python | 3.7.10 | fixed in 3.10.9, 3.9.16, 3.8.16,... | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | |||
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | Private keys stored in image | high | Private keys stored in image |
Repository | Tag | Distro | CVE ID | Severity | Packages | Source Package | Package Version | Package License | Fix Status | Description |
---|---|---|---|---|---|---|---|---|---|---|
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2023-26604 | OS | systemd-libs | 239-68.el8_7.4 | LGPLv2+ and MIT | affected | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the \"systemctl status\" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | |
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-3491 | OS | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | |
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-3234 | OS | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | |
splunk/universalforwarder | 8.2.10 | redhat-RHEL8 | CVE-2022-47024 | OS | vim-minimal | 8.0.1763-19.el8_6.4 | Vim and MIT | under investigation | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. |
Cipher.update_into
would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such asbytes
) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present sinceupdate_into
was originally introduced in cryptography 1.8.