CVE-2023-27534 – curl: SFTP path ~ resolving discrepancy
https://notcve.org/view.php?id=CVE-2023-27534
A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. • https://hackerone.com/reports/1892351 https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230420-0012 https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2023-28487 – sudo: Sudo does not escape control characters in sudoreplay output
https://notcve.org/view.php?id=CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28487 https://bugzilla.redhat.com/show_bug.cgi?id=2179273 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVE-2023-28486 – sudo: Sudo does not escape control characters in log messages
https://notcve.org/view.php?id=CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28486 https://bugzilla.redhat.com/show_bug.cgi?id=2179272 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVE-2022-23239
https://notcve.org/view.php?id=CVE-2022-23239
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack. • https://security.netapp.com/advisory/ntap-20220901-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23240
https://notcve.org/view.php?id=CVE-2022-23240
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors. • https://security.netapp.com/advisory/ntap-20220901-0002 •