CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 1CVE-2022-24302 – python-paramiko: Race condition in the write_private_key_file function
https://notcve.org/view.php?id=CVE-2022-24302
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. En Paramiko versiones anteriores a 2.10.1, una condición de carrera (entre creation y chmod) en la función write_private_key_file podría permitir una divulgación de información no autorizada A race condition was found in Paramiko. This flaw allows unauthorized information disclosure from an attacker with access to the write_private_key_file. • https://github.com/paramiko/paramiko/blob/363a28d94cada17f012c1604a3c99c71a2bda003/paramiko/pkey.py#L546 https://lists.debian.org/debian-lts-announce/2022/03/msg00032.html https://lists.debian.org/debian-lts-announce/2022/09/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LUEUEGILZ7MQXRSUF5VMMO4SWJQVPTQL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TPMKRUS4HO3P7NR7P4Y6CLHB4MBEE3AI https://lists.fedoraproject.org/archives/list/package& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0CVE-2022-0396 – DoS from specifically crafted TCP packets
https://notcve.org/view.php?id=CVE-2022-0396
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. BIND versiones 9.16.11 posteriores a 9.16.26, versiones 9.17.0 posteriores a 9.18.0 y versiones 9.16.11-S1 posteriores a 9.16.26-S1 de BIND Supported Preview Edition. Los flujos TCP específicamente diseñados pueden causar que las conexiones a BIND permanezcan en estado CLOSE_WAIT durante un período de tiempo indefinido, incluso después de que el cliente haya terminado la conexión A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://kb.isc.org/v1/docs/cve-2022-0396 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY https://security.gentoo.org/glsa/202210-25 https://security.netapp.com/advisory/ntap-20220408-0001 https://access.redhat.com/security/cve/CVE-2022-0396 https://bugzilla.redhat.com/show_bug.cgi?id=2064513 • CWE-404: Improper Resource Shutdown or Release CWE-459: Incomplete Cleanup •
CVSS: 6.8EPSS: 0%CPEs: 166EXPL: 0CVE-2021-25220 – DNS forwarders - cache poisoning vulnerability
https://notcve.org/view.php?id=CVE-2021-25220
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. BIND versiones 9.11.0 posteriores a 9.11.36, versiones 9.12.0 posteriores a 9.16.26, versiones 9.17.0 posteriores a 9.18.0, Ediciones Preliminares Soportadas con BIND: versiones .11.4-S1 posteriores a 9.11.36-S1, versiones 9.16.8-S1 posteriores a 9.16.26-S1, también creemos que las versiones de BIND 9 anteriores a las mostradas - hasta la versión 9.1.0, incluyendo las ediciones preliminares soportadas - también están afectadas pero no han sido probadas ya que son EOL. La caché podría envenenarse con registros incorrectos, conllevando a una realización de consultas a servidores erróneos, lo que también podría resultar en que se devolviera información falsa a clientes A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://kb.isc.org/v1/docs/cve-2021-25220 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV https://lists.fedoraproject.org/archives/list/package-announc • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 1CVE-2021-23648 – Cross-site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23648
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. El paquete @braintree/sanitize-url versiones anteriores a 6.0.0 es vulnerable a un ataque de tipo Cross-site Scripting (XSS) debido a un saneo inapropiado en la función sanitizeUrl A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url. • https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11 https://github.com/braintree/sanitize-url/pull/40 https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH https://lists.fedoraproject.org/archives/list/package-announce%40lists. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 32EXPL: 4CVE-2022-0778 – Infinite loop in BN_mod_sqrt() reachable when parsing certificates
https://notcve.org/view.php?id=CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. • https://github.com/drago-96/CVE-2022-0778 https://github.com/jkakavas/CVE-2022-0778-POC https://github.com/0xUhaw/CVE-2022-0778 https://github.com/jeongjunsoo/CVE-2022-0778 http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/38 https://cert-portal.siemens.com/productcert/pdf/ssa-712 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •