CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2022-25235 – expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. El archivo xmltok_impl.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, carece de determinada comprobación de codificación, como comprueba si un carácter UTF-8 es válido en un determinado contexto A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor. • http://www.openwall.com/lists/oss-security/2022/02/19/1 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/562 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM https://security.gentoo.org/glsa&# • CWE-116: Improper Encoding or Escaping of Output CWE-838: Inappropriate Encoding for Output Context •
CVSS: 9.8EPSS: 4%CPEs: 7EXPL: 0CVE-2022-25236 – expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. El archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, permite a atacantes insertar caracteres separadores de espacios de nombres en URIs de espacios de nombres A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns[:prefix]" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor. • http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html http://www.openwall.com/lists/oss-security/2022/02/19/1 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/561 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU https://lists.fedoraproject.org/archives/list/package- • CWE-179: Incorrect Behavior Order: Early Validation CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2022-23102 – SIEMENS-SINEMA Remote Connect 1.0 SP3 HF1 Open Redirection
https://notcve.org/view.php?id=CVE-2022-23102
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (Todas las versiones anteriores a la versión V2.0). Los productos afectados contienen una vulnerabilidad de redirección abierta. • http://packetstormsecurity.com/files/165966/SIEMENS-SINEMA-Remote-Connect-1.0-SP3-HF1-Open-Redirection.html http://seclists.org/fulldisclosure/2022/Feb/20 https://cert-portal.siemens.com/productcert/pdf/ssa-654775.pdf • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-23990 – expat: integer overflow in the doProlog function
https://notcve.org/view.php?id=CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros en la función doProlog A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service. • https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/551 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH https://security.gentoo.org/glsa/202209-24 https://www.debian.org/security/2022/dsa-5073 https://www.oracle.com/security-alerts/cpuapr2022.html https://www. • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2022-23852 – expat: Integer overflow in function XML_GetBuffer
https://notcve.org/view.php?id=CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Expat (también se conoce como libexpat) versiones anteriores a 2.4.4, presenta un desbordamiento de enteros con signo en la función XML_GetBuffer, para configuraciones con un XML_CONTEXT_BYTES no nulo expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/pull/550 https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220217-0001 https://www.debian.org/security/2022/dsa-5073 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2022-23852 https& • CWE-190: Integer Overflow or Wraparound •