CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Se encontró una falla de desbordamiento aritmético en Satellite al crear un nuevo token de acceso personal. Esta falla permite a un atacante que utiliza este desbordamiento aritmético crear tokens de acceso personal que son válidos indefinidamente, lo que daña la integridad del sistema. • https://access.redhat.com/errata/RHSA-2024:2010 https://access.redhat.com/security/cve/CVE-2023-4320 https://bugzilla.redhat.com/show_bug.cgi?id=2231814 • CWE-613: Insufficient Session Expiration •
CVE-2020-10693 – hibernate-validator: Improper input validation in the interpolation of constraint error messages
https://notcve.org/view.php?id=CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. Se encontró un fallo en Hibernate Validator versión 6.1.2.Final. Un error en el procesador de interpolación de mensajes permite evaluar expresiones EL no válidas como si fueran válidas. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10693 https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E https://www.oracle.com/security-alerts/cpuapr2022.html https://access.redhat.com/security/cve/CVE-202 • CWE-20: Improper Input Validation •