CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2022-43551 – curl: HSTS bypass via IDN
https://notcve.org/view.php?id=CVE-2022-43551
A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. • https://hackerone.com/reports/1755083 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA https://security.gentoo.org/glsa/202310-12 https://security.netapp.com/advisory/ntap-20230427-0007 https://access.redhat.com/security/cve/CVE-2022-43551 https://bugzilla.redhat.com/show_bug.cgi?id=2152639 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38732
https://notcve.org/view.php?id=CVE-2022-38732
SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented. SnapCenter versiones anteriores a 4.7, eran enviadas sin la política de seguridad de contenidos (CSP) implementada, lo que podía permitir determinados tipos de ataques que de otro modo serían prevenidos • https://security.netapp.com/advisory/NTAP-20220926-0001 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21569 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
https://notcve.org/view.php?id=CVE-2022-21569
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-21569 https://bugzilla.redhat.com/show_bug.cgi?id=2115301 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21556 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
https://notcve.org/view.php?id=CVE-2022-21556
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). • https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-21556 https://bugzilla.redhat.com/show_bug.cgi?id=2115300 •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2022-21553 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022)
https://notcve.org/view.php?id=CVE-2022-21553
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). • https://security.netapp.com/advisory/ntap-20220729-0004 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-21553 https://bugzilla.redhat.com/show_bug.cgi?id=2115299 •