CVE-2022-25647 – Deserialization of Untrusted Data
https://notcve.org/view.php?id=CVE-2022-25647
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. El paquete com.google.code.gson:gson versiones anteriores a 2.8.9, son vulnerables a una Deserialización de Datos No Confiables por medio del método writeReplace() en clases internas, lo cual puede conllevar a ataques DoS A flaw was found in gson, which is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes. This issue may lead to availability attacks. • https://github.com/google/gson/pull/1991 https://github.com/google/gson/pull/1991/commits https://lists.debian.org/debian-lts-announce/2022/05/msg00015.html https://lists.debian.org/debian-lts-announce/2022/09/msg00009.html https://security.netapp.com/advisory/ntap-20220901-0009 https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 https://www.debian.org/security/2022/dsa-5227 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE& • CWE-502: Deserialization of Untrusted Data •
CVE-2020-36518 – jackson-databind: denial of service via a large depth of nested objects
https://notcve.org/view.php?id=CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. jackson-databind versiones anteriores a 2.13.0, permite una excepción Java StackOverflow y una denegación de servicio por medio de una gran profundidad de objetos anidados A flaw was found in the Jackson Databind package. This cause of the issue is due to a Java StackOverflow exception and a denial of service via a significant depth of nested objects. • https://github.com/FasterXML/jackson-databind/issues/2816 https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html https://security.netapp.com/advisory/ntap-20220506-0004 https://www.debian.org/security/2022/dsa-5283 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-36518 https://bugzilla.redhat.com/ • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVE-2021-38296 – Apache Spark Key Negotiation Vulnerability
https://notcve.org/view.php?id=CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or later Apache Spark soporta el cifrado de extremo a extremo de las conexiones RPC por medio de "spark.authenticate" y "spark.network.crypto.enabled". • https://lists.apache.org/thread/70x8fw2gx3g9ty7yk0f2f1dlpqml2smd https://www.oracle.com/security-alerts/cpujul2022.html • CWE-294: Authentication Bypass by Capture-replay •
CVE-2022-23181 – Local privilege escalation with FileStore
https://notcve.org/view.php?id=CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. Una corrección del bug CVE-2020-9484 introdujo una vulnerabilidad de tiempo de comprobación, tiempo de uso en Apache Tomcat versiones 10.1.0-M1 a 10.1.0-M8, versiones 10.0.0-M5 a 10.0.14, versiones 9.0.35 a 9.0.56 y versiones 8.5.55 a 8.5.73, que permitía a un atacante local llevar a cabo acciones con los privilegios del usuario que está usando el proceso Tomcat. Este problema sólo es explotable cuando Tomcat está configurado para persistir sesiones usando el FileStore • https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html https://security.netapp.com/advisory/ntap-20220217-0010 https://www.debian.org/security/2022/dsa-5265 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23181 https://bugzilla.redhat.com/show_bug.cgi?id=2047417 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-23437 – Infinite loop within Apache XercesJ xml parser
https://notcve.org/view.php?id=CVE-2022-23437
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Se presenta una vulnerabilidad en el analizador XML de Apache Xerces Java (XercesJ) cuando maneja cargas útiles de documentos XML especialmente diseñados. Esto causa que el analizador XML de XercesJ espere en un bucle infinito, lo que a veces puede consumir recursos del sistema durante un tiempo prolongado. • http://www.openwall.com/lists/oss-security/2022/01/24/3 https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl https://security.netapp.com/advisory/ntap-20221028-0005 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23437 https://bugzilla.redhat.com/show_bug.cgi?id=2047200 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •