CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 1CVE-2021-33621 – ruby/cgi-gem: HTTP response splitting in CGI
https://notcve.org/view.php?id=CVE-2021-33621
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. La gema cgi anterior a 0.1.0.2, 0.2.x anterior a 0.2.2 y 0.3.x anterior a 0.3.5 para Ruby permite la división de respuestas HTTP. Esto es relevante para aplicaciones que utilizan entradas de usuarios que no son de confianza, ya sea para generar una respuesta HTTP o para crear un objeto CGI::Cookie. A vulnerability was found in Ruby that allows HTTP header injection. • https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQR7LWED6VAPD5ATYOBZIGJQPCUBRJBX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THVTYHHEOVLQFCFHWURZYO7PVUPBHRZD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YACE6ORF2QBXXBK2V2CM36D7TZMEJVAS https://security.gentoo.org/glsa/202401-27 https://security.netapp.com/advisory/ntap-20221228-0004 h • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-3500 – keylime: exception handling and impedance match in tornado_requests
https://notcve.org/view.php?id=CVE-2022-3500
A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore. Se encontró una vulnerabilidad en keylime. Este problema de seguridad ocurre en algunas circunstancias, debido a algunas excepciones manejadas incorrectamente, existe la posibilidad de que un agente deshonesto pueda crear errores en el verificador que detuviera los intentos de atestación para ese host dejándolo en un estado atestado pero sin verificarlo más. A vulnerability was found in keylime. • https://access.redhat.com/security/cve/CVE-2022-3500 https://github.com/keylime/keylime/pull/1128 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUTHMDVFNGGVPCNPOGULMJAAFEP7MEXP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QX4XVCAUFGJ2I2NCTOKONTJGRJB2NBBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQH5CJRX65QYMQN5WGUKKKE3IRJBWG5Z https://bugzilla.redhat.com/show_bug.cgi?id=2135343 • CWE-248: Uncaught Exception •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2022-41877 – Missing input length validation in `drive` channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-41877
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`. • https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39318 – Division by zero in urbdrc channel in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39318
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-20: Improper Input Validation CWE-369: Divide By Zero •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39316 – Out of bound read in FreeRDP
https://notcve.org/view.php?id=CVE-2022-39316
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. • https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B https://security.gentoo.org/glsa/202401-16 https://access.redhat • CWE-125: Out-of-bounds Read •