CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 1CVE-2022-32213 – nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
https://notcve.org/view.php?id=CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). El analizador llhttp anteriores a la versión v14.20.1, anteriores a la versión v16.17.1 y anteriores a la versión v18.9.1 del módulo http en Node.js no analiza y valida correctamente las cabeceras Transfer-Encoding y puede dar lugar a HTTP Request Smuggling (HRS) A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS), causing web cache poisoning, and conducting XSS attacks. • https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf https://hackerone.com/reports/1524555 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2ICG6CSIB3GUWH5DUSQEVX53MOJW7LYK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCNN3YG2BCLS4ZEKJ3CLSUT6AS7AXTH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VMQK5L5SBYD47QQZ67LEMHNQ662GH3OY https://nodejs.org/en/blog/vulnerability/july-2022-security-releases • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 250EXPL: 0CVE-2022-29900 – hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
https://notcve.org/view.php?id=CVE-2022-29900
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las predicciones de bifurcación mal entrenadas para las instrucciones de retorno pueden permitir la ejecución arbitraria de código especulativo bajo ciertas condiciones dependientes de la microarquitectura A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM https://security.gentoo.org/glsa/202402-07 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 https://www.debian.org/security/2022/dsa-5207 https://www.secpod.com/blog/retbleed-intel-and-amd-processor-information-disclosure-vulnerability https://access.redhat.com/security/cve/CVE-2022-29900 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 288EXPL: 0CVE-2022-29901 – Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)
https://notcve.org/view.php?id=CVE-2022-29901
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las generaciones de microprocesadores Intel 6 a 8 están afectadas por una nueva variante de Spectre que es capaz de omitir su mitigación de retpoline en el kernel para filtrar datos arbitrarios. Un atacante con acceso de usuario no privilegiado puede secuestrar las instrucciones de retorno para lograr una ejecución arbitraria de código especulativo bajo determinadas condiciones dependientes de la microarquitectura A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/07/12/2 http://www.openwall.com/lists/oss-security/2022/07/12/4 http://www.openwall.com/lists/oss-security/2022/07/12/5 http://www.openwall.com/lists/oss-security/2022/07/13/1 https://comsec.ethz.ch/retbleed https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fed • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-29187 – Bypass of safe.directory protections in Git
https://notcve.org/view.php?id=CVE-2022-29187
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. • http://seclists.org/fulldisclosure/2022/Nov/1 http://www.openwall.com/lists/oss-security/2022/07/14/1 https://github.blog/2022-04-12-git-security-vulnerability-announced https://github.com/git/git/security/advisories/GHSA-j342-m5hw-rr3v https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro • CWE-282: Improper Ownership Management CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 2CVE-2022-31129 – Inefficient Regular Expression Complexity in moment
https://notcve.org/view.php?id=CVE-2022-31129
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. • https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 https://github.com/moment/moment/pull/6015#issuecomment-1152961973 https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633 https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q https://lists.fedoraproject.org/archives/list/package- • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •