CVE-2022-22772 – TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22772
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. Los componentes cfsend, cfrecv y CyberResp de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772 •
CVE-2022-25255 – qt: QProcess could execute a binary from the current working directory when not found in the PATH
https://notcve.org/view.php?id=CVE-2022-25255
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. En Qt versiones 5.9.x hasta 5.15.x anteriores a 5.15.9 y versiones 6.x anteriores a 6.2.4 en Linux y UNIX, QProcess podía ejecutar un binario del directorio de trabajo actual cuando no era encontrado en el PATH A flaw was found in qt. The vulnerability occurs due to executing binaries from the current directory when the loading path failed, leading to an uncontrolled path element vulnerability. This flaw allows an attacker to execute malicious executables. • https://codereview.qt-project.org/c/qt/qtbase/+/393113 https://codereview.qt-project.org/c/qt/qtbase/+/394914 https://codereview.qt-project.org/c/qt/qtbase/+/396020 https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff https://access.redhat.com/security/cve/CVE-2022-25255 https://bugzilla.redhat.com/show_bug.cgi?id=2055505 • CWE-427: Uncontrolled Search Path Element •
CVE-2021-44717 – golang: syscall: don't close fd 0 on ForkExec error
https://notcve.org/view.php?id=CVE-2021-44717
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. Go versiones anteriores a 1.16.12 y versiones 1.17.x anteriores a 1.17.5 en UNIX, permite operaciones de escritura en un archivo no deseado o en una conexión de red no deseada como consecuencia de un cierre erróneo del descriptor de archivo 0 tras el agotamiento del descriptor de archivo. There's a flaw in golang's syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall.ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall.ForkExec(). • https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf https://groups.google.com/g/golang-announce/c/hcmEScgc00k https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html https://security.gentoo.org/glsa/202208-02 https://access.redhat.com/security/cve/CVE-2021-44717 https://bugzilla.redhat.com/show_bug.cgi?id=2030806 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVE-2021-40830 – Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems
https://notcve.org/view.php?id=CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. • https://github.com/aws/aws-iot-device-sdk-cpp-v2 https://github.com/aws/aws-iot-device-sdk-java-v2 https://github.com/aws/aws-iot-device-sdk-js-v2 https://github.com/aws/aws-iot-device-sdk-python-v2 https://github.com/awslabs/aws-c-io • CWE-295: Improper Certificate Validation •
CVE-2021-29825
https://notcve.org/view.php?id=CVE-2021-29825
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) podría divulgar información confidencial cuando se usa ADMIN_CMD con LOAD o BACKUP. IBM X-Force ID: 204470 • https://exchange.xforce.ibmcloud.com/vulnerabilities/204470 https://security.netapp.com/advisory/ntap-20211029-0005 https://www.ibm.com/support/pages/node/6489499 •