CWE-669
Allowed-with-ReviewIncorrect Resource Transfer Between Spheres
Abstraction: Class · Status: Draft
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
144 vulnerabilities reference this CWE, most recent first.
CVE-2022-30236 (GCVE-0-2022-30236)
Vulnerability from cvelistv5 – Published: 2022-06-02 22:45 – Updated: 2024-09-16 23:00- CWE-669 - Incorrect Resource Transfer Between Spheres
| URL | Tags |
|---|---|
| https://www.se.com/ww/en/download/document/SEVD-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Schneider Electric | Wiser Smart |
Affected:
EER21000 , < 4.5
(custom)
Affected: EER21001 , < 4.5 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:40:47.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-130-03/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wiser Smart",
"vendor": "Schneider Electric",
"versions": [
{
"lessThan": "4.5",
"status": "affected",
"version": "EER21000",
"versionType": "custom"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "EER21001",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 \u0026 EER21001 (V4.5 and prior)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-02T22:45:22.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-130-03/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2022-05-10T07:00:00.000Z",
"ID": "CVE-2022-30236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wiser Smart",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "EER21000",
"version_value": "4.5"
},
{
"version_affected": "\u003c",
"version_name": "EER21001",
"version_value": "4.5"
}
]
}
}
]
},
"vendor_name": "Schneider Electric"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 \u0026 EER21001 (V4.5 and prior)"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.se.com/ww/en/download/document/SEVD-2022-130-03/",
"refsource": "MISC",
"url": "https://www.se.com/ww/en/download/document/SEVD-2022-130-03/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2022-30236",
"datePublished": "2022-06-02T22:45:22.767Z",
"dateReserved": "2022-05-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:00:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34574 (GCVE-0-2021-34574)
Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 18:14- CWE-669 - Incorrect Resource Transfer Between Spheres
| URL | Tags |
|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-039 | x_refsource_CONFIRM |
| https://cert.vde.com/en/advisories/VDE-2021-030 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mymbCONNECT24 |
Affected:
2 , ≤ 2.11.2
(custom)
|
|
| MB connect line | mbCONNECT24 |
Affected:
2 , ≤ 2.11.2
(custom)
|
|
| Helmholz | myREX24 |
Affected:
2 , ≤ 2.11.2
(custom)
|
|
| Helmholz | myREX24.virtual |
Affected:
2 , ≤ 2.11.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line."
}
],
"datePublic": "2022-09-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:29.000Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
},
"title": "Password policy evasion in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2021-34574",
"STATE": "PUBLIC",
"TITLE": "Password policy evasion in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-030",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34574",
"datePublished": "2021-08-02T10:24:31.932Z",
"dateReserved": "2021-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:14:15.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22806 (GCVE-0-2021-22806)
Vulnerability from cvelistv5 – Published: 2022-02-11 17:40 – Updated: 2024-08-03 18:51- CWE-669 - Incorrect Resource Transfer Between Spheres
| URL | Tags |
|---|---|
| https://download.schneider-electric.com/files?p_D… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) |
Affected:
spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669: Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-11T17:40:34.000Z",
"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"shortName": "schneider"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2021-22806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)",
"version": {
"version_data": [
{
"version_value": "spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669: Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01",
"refsource": "MISC",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-285-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
"assignerShortName": "schneider",
"cveId": "CVE-2021-22806",
"datePublished": "2022-02-11T17:40:34.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:51:07.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15257 (GCVE-0-2020-15257)
Vulnerability from cvelistv5 – Published: 2020-12-01 02:30 – Updated: 2024-08-04 13:15- CWE-669 - Incorrect Resource Transfer Between Spheres
| URL | Tags |
|---|---|
| https://github.com/containerd/containerd/security… | x_refsource_CONFIRM |
| https://github.com/containerd/containerd/commit/4… | x_refsource_MISC |
| https://github.com/containerd/containerd/releases… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://www.debian.org/security/2021/dsa-4865 | vendor-advisoryx_refsource_DEBIAN |
| https://security.gentoo.org/glsa/202105-33 | vendor-advisoryx_refsource_GENTOO |
| Vendor | Product | Version | |
|---|---|---|---|
| containerd | containerd |
Affected:
< 1.3.9
Affected: >= 1.4.0, < 1.4.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.3"
},
{
"name": "FEDORA-2020-baeb8dbaea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD/"
},
{
"name": "DSA-4865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4865"
},
{
"name": "GLSA-202105-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.9"
},
{
"status": "affected",
"version": "\u003e= 1.4.0, \u003c 1.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u2019s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container\u0027s privilege, regardless of what container runtime is used for running that container."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T11:08:46.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.3"
},
{
"name": "FEDORA-2020-baeb8dbaea",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD/"
},
{
"name": "DSA-4865",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4865"
},
{
"name": "GLSA-202105-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-33"
}
],
"source": {
"advisory": "GHSA-36xw-fx78-c5r4",
"discovery": "UNKNOWN"
},
"title": "containerd-shim API Exposed to Host Network Containers",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15257",
"STATE": "PUBLIC",
"TITLE": "containerd-shim API Exposed to Host Network Containers"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "containerd",
"version": {
"version_data": [
{
"version_value": "\u003c 1.3.9"
},
{
"version_value": "\u003e= 1.4.0, \u003c 1.4.3"
}
]
}
}
]
},
"vendor_name": "containerd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u2019s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container\u0027s privilege, regardless of what container runtime is used for running that container."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4",
"refsource": "CONFIRM",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4"
},
{
"name": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"
},
{
"name": "https://github.com/containerd/containerd/releases/tag/v1.4.3",
"refsource": "MISC",
"url": "https://github.com/containerd/containerd/releases/tag/v1.4.3"
},
{
"name": "FEDORA-2020-baeb8dbaea",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD/"
},
{
"name": "DSA-4865",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4865"
},
{
"name": "GLSA-202105-33",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-33"
}
]
},
"source": {
"advisory": "GHSA-36xw-fx78-c5r4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15257",
"datePublished": "2020-12-01T02:30:16.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:15:19.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0042 (GCVE-0-2019-0042)
Vulnerability from cvelistv5 – Published: 2019-04-10 20:13 – Updated: 2024-09-16 18:03| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10934 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Juniper Identity Management Service |
Affected:
unspecified , < 1.1.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Juniper Identity Management Service",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "1.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue applicable only when the Windows Domain Controller\u0027s policy is set to audit account logon failures and SRX has any security policies configured with the term \"match source-identity authenticated-user\"."
}
],
"datePublic": "2019-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\nIf the issue is being exploited to bypass SRX firewall policies, suspicious or unusual usernames or IP addresses entries may be present in the SRX auth table."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Improper Resource Shutdown or Release",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:13:51.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10934"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 1.1.4 and all subsequent releases.\n\nIf suspicious or unusual usernames or IP addresses entries are present in the SRX auth table, they need to be removed from the SRX auth table."
}
],
"source": {
"advisory": "JSA10934",
"defect": [
"1409607"
],
"discovery": "INTERNAL"
},
"title": "Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices",
"workarounds": [
{
"lang": "en",
"value": "On the domain controller(s), edit GPO policy for Computer Configuration-\u003ePolicies-\u003eWindows Settings-\u003eSecurity Settings-\u003eLocal Policies-\u003eAudit Policy.\nUncheck \"Failure\" for \"Audit account logon events\". This option is unchecked by default.\nIn the cmd prompt, enter \"gpupdate /force\" to immediately update the policy change."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-04-10T16:00:00.000Z",
"ID": "CVE-2019-0042",
"STATE": "PUBLIC",
"TITLE": "Incorrect messages from Juniper Identity Management Service (JIMS) can trigger Denial of Service or firewall bypass conditions for SRX series devices"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Juniper Identity Management Service",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.1.4"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue applicable only when the Windows Domain Controller\u0027s policy is set to audit account logon failures and SRX has any security policies configured with the term \"match source-identity authenticated-user\"."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\nIf the issue is being exploited to bypass SRX firewall policies, suspicious or unusual usernames or IP addresses entries may be present in the SRX auth table."
}
],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404 Improper Resource Shutdown or Release"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-305 Authentication Bypass by Primary Weakness"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10934",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10934"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 1.1.4 and all subsequent releases.\n\nIf suspicious or unusual usernames or IP addresses entries are present in the SRX auth table, they need to be removed from the SRX auth table."
}
],
"source": {
"advisory": "JSA10934",
"defect": [
"1409607"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "On the domain controller(s), edit GPO policy for Computer Configuration-\u003ePolicies-\u003eWindows Settings-\u003eSecurity Settings-\u003eLocal Policies-\u003eAudit Policy.\nUncheck \"Failure\" for \"Audit account logon events\". This option is unchecked by default.\nIn the cmd prompt, enter \"gpupdate /force\" to immediately update the policy change."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0042",
"datePublished": "2019-04-10T20:13:51.587Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:03:05.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-2274-3HGR-WXV6
Vulnerability from github – Published: 2026-04-22 09:31 – Updated: 2026-07-14 15:31In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of the associated data.
There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
{
"affected": [],
"aliases": [
"CVE-2026-31431"
],
"database_specific": {
"cwe_ids": [
"CWE-1288",
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-22T09:16:21Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.",
"id": "GHSA-2274-3hgr-wxv6",
"modified": "2026-07-14T15:31:52Z",
"published": "2026-04-22T09:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31431"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13565"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16208"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16209"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16210"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19074"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19225"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33486"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-31431"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://copy.fail"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
},
{
"type": "WEB",
"url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json"
},
{
"type": "WEB",
"url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/260001"
},
{
"type": "WEB",
"url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13566"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13577"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13578"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13681"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13690"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13727"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13729"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13734"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13811"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13862"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13885"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13887"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13936"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14097"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14112"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14137"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14165"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14230"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14301"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14339"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14773"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14926"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15087"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15978"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16018"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16063"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16111"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/07/12"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/08/13"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/05/18/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22FP-MF44-F2MQ
Vulnerability from github – Published: 2025-04-18 20:24 – Updated: 2025-05-27 19:56Description
This advisory follows the security advisory GHSA-79w7-vh3h-8g4j published by the yt-dlp/yt-dlp project to aid remediation of the issue in the ytdl-org/youtube-dl project.
Vulnerability
youtube-dl does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows).
Impact
Since youtube-dl also reads config from the working directory (and, on Windows, executables will be executed from the youtube-dl directory by default) the vulnerability could allow the unwanted execution of local code, including downloads masquerading as, eg, subtitles.
Patches
The versions of youtube-dl listed as Patched remediate this vulnerability by disallowing path separators and whitelisting allowed extensions. As a result, some very uncommon extensions might not get downloaded.
Master code d42a222 or later and nightly builds tagged 2024-07-03 or later contain the remediation.
Workarounds
Any/all of the below considerations may limit exposure in case it is necessary to use a vulnerable version
* have .%(ext)s at the end of the output template
* download from websites that you trust
* do not download to a directory within the executable search PATH or other sensitive locations, such as your user directory or system directories
* in Windows versions that support it, set NoDefaultCurrentDirectoryInExePath to prevent the cmd shell's executable search adding the default directory before PATH
* consider that the path traversal vulnerability as a result of resolving non_existent_dir\..\..\target does not exist in Linux or macOS
* ensure the extension of the media to download is a common video/audio/... one (use --get-filename)
* omit any of the subtitle options (--write-subs/--write-srt, --write-auto-subs/--write-automatic-subs, --all-subs).
References
- GHSA-79w7-vh3h-8g4j
- https://github.com/ytdl-org/youtube-dl/pull/32830
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "youtube-dl"
},
"ranges": [
{
"events": [
{
"introduced": "2015.01.25"
},
{
"last_affected": "2021.12.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-434",
"CWE-669"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-18T20:24:07Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "#### Description\nThis advisory follows the security advisory [GHSA-79w7-vh3h-8g4j published by the _yt-dlp/yt-dlp_ project](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j) to aid remediation of the issue in the _ytdl-org/youtube-dl_ project.\n\n### Vulnerability\n_youtube-dl_ does not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). \n\n### Impact\nSince _youtube-dl_ also reads config from the working directory (and, on Windows, executables will be executed from the _youtube-dl_ directory by default) the vulnerability could allow the unwanted execution of local code, including downloads masquerading as, eg, subtitles.\n\n### Patches\nThe versions of _youtube-dl_ listed as _Patched_ remediate this vulnerability by disallowing path separators and whitelisting allowed extensions. As a result, some very uncommon extensions might not get downloaded.\n\n**Master code d42a222 or later and nightly builds tagged 2024-07-03 or later** contain the remediation.\n\n### Workarounds\nAny/all of the below considerations may limit exposure in case it is necessary to use a vulnerable version\n* have `.%(ext)s` at the end of the output template\n* download from websites that you trust\n* do not download to a directory within the executable search `PATH` or other sensitive locations, such as your user directory or system directories\n* in Windows versions that support it, set [`NoDefaultCurrentDirectoryInExePath`](https://stackoverflow.com/a/50118548) to prevent the _cmd_ shell\u0027s executable search adding the default directory before `PATH`\n* consider that the path traversal vulnerability as a result of resolving `non_existent_dir\\..\\..\\target` does not exist in Linux or macOS\n* ensure the extension of the media to download is a common video/audio/... one (use `--get-filename`)\n* omit any of the subtitle options (`--write-subs`/` --write-srt`, `--write-auto-subs`/`--write-automatic-subs`, `--all-subs`).\n\n### References\n* [GHSA-79w7-vh3h-8g4j](https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j)\n* https://github.com/ytdl-org/youtube-dl/pull/32830",
"id": "GHSA-22fp-mf44-f2mq",
"modified": "2025-05-27T19:56:40Z",
"published": "2025-04-18T20:24:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dirkf/youtube-dl/security/advisories/GHSA-22fp-mf44-f2mq"
},
{
"type": "WEB",
"url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-79w7-vh3h-8g4j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38519"
},
{
"type": "WEB",
"url": "https://github.com/ytdl-org/youtube-dl/pull/32830"
},
{
"type": "WEB",
"url": "https://github.com/ytdl-org/youtube-dl/commit/d42a222ed541b96649396ef00e19552aef0f09ec"
},
{
"type": "PACKAGE",
"url": "https://github.com/dirkf/youtube-dl"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization"
}
GHSA-25XG-52C8-P9Q8
Vulnerability from github – Published: 2026-03-24 09:30 – Updated: 2026-03-24 09:30A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
{
"affected": [],
"aliases": [
"CVE-2025-41660"
],
"database_specific": {
"cwe_ids": [
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T08:16:00Z",
"severity": "HIGH"
},
"details": "A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.",
"id": "GHSA-25xg-52c8-p9q8",
"modified": "2026-03-24T09:30:31Z",
"published": "2026-03-24T09:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41660"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2026-011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2P3J-CMC3-J53X
Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2022-10-26 12:00Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.
{
"affected": [],
"aliases": [
"CVE-2021-21544"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-30T21:15:00Z",
"severity": "MODERATE"
},
"details": "Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.",
"id": "GHSA-2p3j-cmc3-j53x",
"modified": "2022-10-26T12:00:40Z",
"published": "2022-05-24T17:49:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21544"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/000185293"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2P4W-VVGF-H24F
Vulnerability from github – Published: 2022-05-24 16:51 – Updated: 2024-04-04 01:24SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.
{
"affected": [],
"aliases": [
"CVE-2019-1020011"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-669"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-07-29T13:15:00Z",
"severity": "HIGH"
},
"details": "SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority.",
"id": "GHSA-2p4w-vvgf-h24f",
"modified": "2024-04-04T01:24:15Z",
"published": "2022-05-24T16:51:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Charcoal-SE/SmokeDetector/security/advisories/GHSA-5w85-7mwr-v44q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1020011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.