CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2022-32209 – rubygem-rails-html-sanitizer: possible xss with certain configurations
https://notcve.org/view.php?id=CVE-2022-32209
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). # Una Posible vulnerabilidad XSS en Rails::Html::Sanitizer Se presenta una posible vulnerabilidad XSS con determinadas configuraciones de Rails::Html::Sanitizer. Esta vulnerabilidad le ha sido asignada el identificador CVE CVE-2022-32209. Versiones afectadas: TODAS No se han visto afectadas: NONE Versiones Corregidas: v1.4.3## Impacto Una posible vulnerabilidad de tipo XSS con determinadas configuraciones de Rails::Html::Sanitizer puede permitir a un atacante inyectar contenido si el desarrollador de la aplicación ha anulado las etiquetas permitidas del saneador para permitir tanto los elementos "select" como "style". • https://hackerone.com/reports/1530898 https://lists.debian.org/debian-lts-announce/2022/12/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGRLWBEB3S5AU3D4TTROIS7O6QPHDTRH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHDACMCLWE32BZZTSNWQPIFUAD5I6Q47 https://access.redhat.com/security/cve/CVE-2022-32209 https://bugzilla.redhat.com/show_bug.cgi?id=2101882 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2021-46784 – squid: DoS when processing gopher server responses
https://notcve.org/view.php?id=CVE-2021-46784
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. En Squid versiones 3.x hasta 3.5.28, versiones 4.x hasta 4.17 y versiones 5.x anteriores a 5.6, debido a una administración inapropiada del búfer, puede producirse una denegación de servicio cuando son procesadas respuestas largas del servidor Gopher A vulnerability was found in squid (Web proxy cache server). This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious actor. • http://www.openwall.com/lists/oss-security/2023/10/13/1 http://www.openwall.com/lists/oss-security/2023/10/13/10 http://www.openwall.com/lists/oss-security/2023/10/21/1 http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9 https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w https:/&# • CWE-617: Reachable Assertion •
CVSS: 10.0EPSS: 12%CPEs: 50EXPL: 0CVE-2022-2068 – The c_rehash script allows command injection
https://notcve.org/view.php?id=CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5 https://lists.fedoraproject.org/archives/list • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-2129 – Out-of-bounds Write in vim/vim
https://notcve.org/view.php?id=CVE-2022-2129
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. Una Escritura fuera de Límites en el repositorio de GitHub vim/vim versiones anteriores a 8.2 • https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 https://lists.debian.org/debian-lts-announce/2022/11/msg00032.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM https://security.gentoo.org/glsa/202208-32 https://security.gentoo.org/glsa/2023 • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-33981
https://notcve.org/view.php?id=CVE-2022-33981
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. El archivo drivers/block/floppy.c en el kernel de Linux versiones anteriores a 5.17.6, es vulnerable a una denegación de servicio, debido a un fallo de uso de concurrencia después de la asignación de raw_cmd en la función raw_cmd_ioctl • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.6 https://exchange.xforce.ibmcloud.com/vulnerabilities/225362 https://github.com/torvalds/linux/commit/233087ca063686964a53c829d547c7571e3f67bf https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://seclists.org/oss-sec/2022/q2/66 https://www.debian.org/security/2022/dsa-5173 • CWE-416: Use After Free •