CVE-2022-22965 – Spring Framework JDK 9+ Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. Una aplicación Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecución de código remota (RCE) por medio de una vinculación de datos. • https://github.com/0zvxr/CVE-2022-22965 https://github.com/alt3kx/CVE-2022-22965 https://github.com/zangcc/CVE-2022-22965-rexbb https://github.com/Kirill89/CVE-2022-22965-PoC https://github.com/tangxiaofeng7/CVE-2022-22965-Spring-Core-Rce https://github.com/p1ckzi/CVE-2022-22965 https://github.com/me2nuk/CVE-2022-22965 https://github.com/light-Life/CVE-2022-22965-GUItools https://github.com/viniciuspereiras/CVE-2022-22965-poc https://github.com/itsecurityco/CVE-2022-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2021-37714 – Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
https://notcve.org/view.php?id=CVE-2021-37714
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. • https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c https://jsoup.org/news/release-1.14.1 https://jsoup.org/news/release-1.14.2 https://lists.apache.org/thread.html/r215009dbf7467a9f6506d0c0024cb36cad30071010e62c9352cfaaf0%40%3Cissues.maven.apache.org%3E https://lists.apache.org/thread.html/r377b93d79817ce649e9e68b3456e6f499747ef1643fa987b342e082e%40%3Cissues.maven.apache.org%3E https://lists.apache.org/thread.html/r3d71f18adb78e50f626dde689161ca63d3b7491bd9718fcddfaecba7%40%3Cissues.maven.apache.org%3E https://lists.apa • CWE-248: Uncaught Exception CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-30129 – DoS/OOM leak vulnerability in Apache Mina SSHD Server
https://notcve.org/view.php?id=CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 Una vulnerabilidad en sshd-core de Apache Mina SSHD, permite a un atacante desbordar el servidor causando un error de tipo OutOfMemory. Este problema afecta a las funcionalidades SFTP y port forwarding de Apache Mina SSHD versión 2.0.0 y posteriores. Se ha solucionado en Apache Mina SSHD versión 2.7.0 • http://www.openwall.com/lists/oss-security/2021/07/12/1 https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-30129 https://bugzilla.redhat.com/show_bug.cgi?id=1981527 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2021-22118 – spring-web: (re)creating the temporary storage directory could result in a privilege escalation within WebFlux application
https://notcve.org/view.php?id=CVE-2021-22118
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. En Spring Framework, versiones 5.2.x anteriores a 5.2.15 y versiones 5.3.x anteriores a 5.3.7, una aplicación WebFlux es vulnerable a una escalada de privilegios: al (re)crear el directorio de almacenamiento temporal, un usuario malicioso autenticado localmente puede leer o modificar archivos que han sido subidos a la aplicación WebFlux, o sobrescribir archivos arbitrarios con petición de datos de múltiples partes • https://security.netapp.com/advisory/ntap-20210713-0005 https://tanzu.vmware.com/security/cve-2021-22118 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://www.oracle.com/security-alerts/cpuoct2021.html https://access.redhat.com/security/cve/CVE-2021-22118 https://bugzilla.redhat.com/show_bug.cgi?id=1974854 • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-27906 – A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file
https://notcve.org/view.php?id=CVE-2021-27906
A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions. Un archivo PDF cuidadosamente diseñado puede desencadenar una excepción OutOfMemory-Exception mientras se carga el archivo. Este problema afecta a Apache PDFBox versión 2.0.22 y versiones anteriores 2.0.x • http://www.openwall.com/lists/oss-security/2021/03/19/10 https://lists.apache.org/thread.html/r1218e60c32829f76943ecaca79237120c2ec1ab266459d711a578b50%40%3Cdev.pdfbox.apache.org%3E https://lists.apache.org/thread.html/r1d268642f8b52456ee8f876b888b8ed7a9e9568c7770789f3ded7f9e%40%3Ccommits.ofbiz.apache.org%3E https://lists.apache.org/thread.html/r4cbc3f6981cd0a1a482531df9d44e4c42a7f63342a7ba78b7bff8a1b%40%3Cnotifications.james.apache.org%3E https://lists.apache.org/thread.html/r54594251369e14c185da9662a5340a52afbbdf75d61c9c3a69c8f2e8%40%3Cdev.pdfbox.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption CWE-789: Memory Allocation with Excessive Size Value •