CVE-2021-44531 – nodejs: Improper handling of URI Subject Alternative Names
https://notcve.org/view.php?id=CVE-2021-44531
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. Aceptar tipos de nombres alternativos de sujeto (SAN) arbitrarios, a menos que una PKI esté definida específicamente para usar un tipo de SAN concreto, puede resultar en una omisión de los intermediarios con restricción de nombre. • https://hackerone.com/reports/1429694 https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases https://security.netapp.com/advisory/ntap-20220325-0007 https://www.debian.org/security/2022/dsa-5170 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-44531 https://bugzilla.redhat.com/show_bug.cgi?id=2040839 • CWE-295: Improper Certificate Validation •
CVE-2022-21824 – nodejs: Prototype pollution via console.table properties
https://notcve.org/view.php?id=CVE-2022-21824
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. Debido a la lógica de formato de la función "console.table()" no era seguro permitir que pasara la entrada controlada por el usuario al parámetro "properties" mientras pasaba simultáneamente un objeto plano con al menos una propiedad como primer parámetro, que podía ser "__proto__". La contaminación del prototipo presenta un control muy limitado, ya que sólo permite asignar una cadena vacía a las claves numéricas del prototipo del objeto.Node.js versiones posteriores a 12.22.9 incluyéndola, versiones posteriores a 14.18.3 incluyéndola, versiones posteriores a 16.13.2 incluyéndola, y versiones posteriores a 17.3.1 incluyéndola, usan un prototipo nulo para el objeto al que es asignada estas propiedades. • https://hackerone.com/reports/1431042 https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases https://security.netapp.com/advisory/ntap-20220325-0007 https://security.netapp.com/advisory/ntap-20220729-0004 https://www.debian.org/security/2022/dsa-5170 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-2 • CWE-471: Modification of Assumed-Immutable Data (MAID) CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2021-4160 – BN_mod_exp may produce incorrect results on MIPS
https://notcve.org/view.php?id=CVE-2021-4160
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3bf7b73ea7123045b8f972badc67ed6878e6c37f https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6fc1aaaf303185aa5e483e06bdfae16daa9193a7 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb https://security.gentoo.org/glsa/202210-02 https://security.netapp.com/advisory/ntap-20240621-0006 https://www.debian.org/security/2022/dsa-5103 •
CVE-2022-23437 – Infinite loop within Apache XercesJ xml parser
https://notcve.org/view.php?id=CVE-2022-23437
There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions. Se presenta una vulnerabilidad en el analizador XML de Apache Xerces Java (XercesJ) cuando maneja cargas útiles de documentos XML especialmente diseñados. Esto causa que el analizador XML de XercesJ espere en un bucle infinito, lo que a veces puede consumir recursos del sistema durante un tiempo prolongado. • http://www.openwall.com/lists/oss-security/2022/01/24/3 https://lists.apache.org/thread/6pjwm10bb69kq955fzr1n0nflnjd27dl https://security.netapp.com/advisory/ntap-20221028-0005 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-23437 https://bugzilla.redhat.com/show_bug.cgi?id=2047200 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2022-21369
https://notcve.org/view.php?id=CVE-2022-21369
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57, 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. • https://www.oracle.com/security-alerts/cpujan2022.html •