Vulnerabilites related to oracle - enterprise_operations_monitor
Vulnerability from fkie_nvd
Published
2021-11-04 20:15
Modified
2024-11-21 06:29
Severity ?
Summary
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:2.34:*:*:*:*:*:*:*", matchCriteriaId: "F7F6C033-0739-43A2-B661-B8C72F3CDD03", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A264E0DE-209D-49B1-8B26-51AB8BBC97F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", matchCriteriaId: "F5453265-3BE1-4AF0-BE50-13C2EF67F49B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", matchCriteriaId: "93E0B297-A319-4961-976C-7DDA5A0B9353", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", matchCriteriaId: "AEFDF7DD-4D5D-410B-840F-99A8D7DEE4A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states \"the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.", }, { lang: "es", value: "** EN DISPUTA ** En el archivo iconvdata/iso-2022-jp-3.c de la Biblioteca C de GNU (también conocida como glibc) 2.34, los atacantes remotos pueden forzar a iconv() a emitir un carácter espurio '\\0' a través de datos ISO-2022-JP-3 manipulados que van acompañados de un reinicio de estado interno. Esto puede afectar a la integridad de los datos en ciertos casos de uso de iconv(). NOTA: el proveedor afirma que \"el fallo no puede ser invocado a través de la entrada del usuario y requiere que iconv sea invocado con un inbuf NULL, lo que debería requerir un fallo de aplicación separado para hacerlo involuntariamente. Por lo tanto, el fallo no tiene impacto en la seguridad\".", }, ], id: "CVE-2021-43396", lastModified: "2024-11-21T06:29:09.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-11-04T20:15:09.223", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28524", }, { source: "cve@mitre.org", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-18 23:29
Modified
2024-11-21 02:40
Severity ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*", matchCriteriaId: "9CD7C3A9-7A77-4553-9893-D16D9FDC84AB", versionEndExcluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*", matchCriteriaId: "900D2344-5160-42A0-8C49-36DBC7FF3D87", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E3DF1971-3FD9-4954-AF2D-DDA0B24B89CD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", matchCriteriaId: "8972497F-6E24-45A9-9A18-EB0E842CB1D4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", matchCriteriaId: "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", matchCriteriaId: "132CE62A-FBFC-4001-81EC-35D81F73AF48", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "013043A2-0765-4AF5-ABFC-6A8960FFBFD2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B887E174-57AB-449D-AEE4-82DD1A3E5C84", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "E869C417-C0E6-4FC3-B406-45598A1D1906", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", matchCriteriaId: "EC361999-AAD8-4CB3-B00E-E3990C3529B4", versionEndExcluding: "7.0.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*", matchCriteriaId: "C510CE66-DD71-45C8-B678-9BD81EC7FFBB", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*", matchCriteriaId: "BF0A211C-7C3D-46AE-B525-890A9194C422", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*", matchCriteriaId: "B1AD7C68-81DF-4332-AEB3-B368E0221F52", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*", matchCriteriaId: "97C1FA4C-5163-420C-A01A-EA36F1039BBB", versionEndExcluding: "6.1.0.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "77120A3C-9A48-45FC-A620-5072AF325ACF", versionEndExcluding: "7.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "BED45FB9-410F-4FC6-ACEB-49476F1C50BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "9D03A8C9-35A5-4B75-9711-7A4A60457307", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*", matchCriteriaId: "BE12B6A4-E128-41EC-8017-558F50B961BE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", matchCriteriaId: "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*", matchCriteriaId: "835BFCBC-848C-4A2C-BDE7-3D94CEC3F5D8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*", matchCriteriaId: "8A1B7A35-B332-476E-A676-C2CD4D72FA50", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA", versionEndIncluding: "7.3.5", versionStartIncluding: "7.3.3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", matchCriteriaId: "47E1F95E-A3A5-4996-B951-0F946CB11210", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "703DA91D-3440-4C67-AA20-78F71B1376DD", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*", matchCriteriaId: "73E05211-8415-42FB-9B93-959EB03B090B", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*", matchCriteriaId: "AC15899F-8528-4D10-8CD5-F67121D7F293", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*", matchCriteriaId: "30657F1B-D1FC-4EE6-9854-18993294A01D", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:*", matchCriteriaId: "E376C9FB-1870-4B4E-8D69-02A70C0A041C", versionEndIncluding: "8.0.6", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*", matchCriteriaId: "DB6C521C-F104-4E26-82F2-6F63F94108BC", versionEndIncluding: "8.0.7", versionStartIncluding: "8.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "402B8642-7ACC-4F42-87A9-AB4D3B581751", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "EF6D5112-4055-4F89-A5B3-0DCB109481B7", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*", matchCriteriaId: "EC3830C0-2B9F-41BD-94C9-E3718467A1AC", versionEndIncluding: "8.0.6", versionStartIncluding: "8.0.4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*", matchCriteriaId: "6D027285-07C1-4B3A-AB54-4426C16E236A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*", matchCriteriaId: "3831F35C-DED2-4E40-AA94-1512E106BFF2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "06E586B3-3434-4B08-8BE3-16C528642CA5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*", matchCriteriaId: "3C36C520-B5F5-45F1-B55F-62859CDA012E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*", matchCriteriaId: "5EAAFF95-000C-4D78-98FF-9EDE9D966A65", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*", matchCriteriaId: "03C46CCD-B49F-405A-A0A0-E0DFBA60F0D5", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1A3DC116-2844-47A1-BEC2-D0675DD97148", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", matchCriteriaId: "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*", matchCriteriaId: "2AC63D10-2326-4542-B345-31D45B9A7408", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*", matchCriteriaId: "0D76453B-95AF-4AC4-8096-7D117F69B45B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*", matchCriteriaId: "EDE3671B-EB36-490A-BA70-575FCA332B94", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*", matchCriteriaId: "E03A631E-253A-4C56-9986-97F86C323482", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", matchCriteriaId: "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", matchCriteriaId: "A7506589-9B3B-49BA-B826-774BFDCC45B8", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "042C243F-EDFE-4A04-AB0B-26E73CC34837", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*", matchCriteriaId: "0A81D092-FC04-4B7D-83FB-58D402B5EF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", matchCriteriaId: "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", matchCriteriaId: "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", matchCriteriaId: "7E1E416B-920B-49A0-9523-382898C2979D", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*", matchCriteriaId: "6CBFA960-D242-43ED-8D4C-A60F01B70740", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*", matchCriteriaId: "0513B305-97EF-4609-A82E-D0CDFF9925BA", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*", matchCriteriaId: "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", matchCriteriaId: "B8249A74-C34A-4F66-8F11-F7F50F8813BF", versionEndIncluding: "17.12", versionStartIncluding: "17.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", matchCriteriaId: "D55A54FD-7DD1-49CD-BE81-0BE73990943C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", matchCriteriaId: "82EB08C0-2D46-4635-88DF-E54F6452D3A3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", matchCriteriaId: "202AD518-2E9B-4062-B063-9858AE1F9CE2", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A108B4EF-768F-4118-86B5-C0D9CDDE6A6C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "686D4323-4B05-4B92-B598-594A31F937C3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*", matchCriteriaId: "AD4AB77A-E829-4603-AF6A-97B9CD0D687F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*", matchCriteriaId: "6DE15D64-6F49-4F43-8079-0C7827384C86", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*", matchCriteriaId: "788F2530-F011-4489-8029-B3468BAF7787", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*", matchCriteriaId: "68B5147A-F6A3-499E-815D-6DAABDA33B03", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*", matchCriteriaId: "26C5CF80-8CFF-44D9-B3ED-C259847E9C46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*", matchCriteriaId: "569644AC-69AD-412D-B399-4052D4DB2928", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "70BEF219-45EC-4A53-A815-42FBE20FC300", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*", matchCriteriaId: "3FFFBA49-F340-4A3D-BE8C-73213A669855", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*", matchCriteriaId: "B491FB70-B6FC-4063-BE00-CAD664B39055", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", matchCriteriaId: "70E13C38-9FC3-46BD-B9A4-1033C98C19D3", versionEndIncluding: "4.3.0.4", versionStartIncluding: "4.3.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*", matchCriteriaId: "AE1E1CA5-D443-4C5D-8F43-550106FFE3DE", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*", matchCriteriaId: "1BB4709C-6373-43CC-918C-876A6569865A", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "F745235C-55A9-4353-A4CB-4B7834BDD63F", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*", matchCriteriaId: "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", }, { lang: "es", value: "jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript.", }, ], id: "CVE-2015-9251", lastModified: "2024-11-21T02:40:09.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-18T23:29:00.307", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "cve@mitre.org", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "cve@mitre.org", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105658", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/issues/2432", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { source: "cve@mitre.org", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "cve@mitre.org", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "cve@mitre.org", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "cve@mitre.org", url: "https://www.tenable.com/security/tns-2019-08", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/105658", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/issues/2432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/May/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.tenable.com/security/tns-2019-08", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-14 07:15
Modified
2024-11-21 06:48
Severity ?
Summary
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202208-24 | Third Party Advisory | |
| cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=22542 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=22542 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "ED46EB04-73DF-41D7-9E54-A50570DF766B", versionEndIncluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A264E0DE-209D-49B1-8B26-51AB8BBC97F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", matchCriteriaId: "F5453265-3BE1-4AF0-BE50-13C2EF67F49B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", matchCriteriaId: "93E0B297-A319-4961-976C-7DDA5A0B9353", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", matchCriteriaId: "AEFDF7DD-4D5D-410B-840F-99A8D7DEE4A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", }, { lang: "es", value: "La función de compatibilidad obsoleta clnt_create en el módulo sunrpc de la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, copia su argumento de nombre de host en la pila sin comprobar su longitud, que puede resultar en un desbordamiento de búfer, resultando potencialmente en una denegación de servicio o (si una aplicación no está construida con un protector de pila habilitado) la ejecución de código arbitrario", }, ], id: "CVE-2022-23219", lastModified: "2024-11-21T06:48:12.863", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-14T07:15:08.867", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-12 16:15
Modified
2024-11-21 06:17
Severity ?
Summary
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "ED46EB04-73DF-41D7-9E54-A50570DF766B", versionEndIncluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", matchCriteriaId: "6EDB6772-7FDB-45FF-8D72-952902A7EE56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", matchCriteriaId: "04E6C8E9-2024-496C-9BFD-4548A5B44E2E", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", matchCriteriaId: "A264E0DE-209D-49B1-8B26-51AB8BBC97F1", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", matchCriteriaId: "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", matchCriteriaId: "F5453265-3BE1-4AF0-BE50-13C2EF67F49B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", matchCriteriaId: "93E0B297-A319-4961-976C-7DDA5A0B9353", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", matchCriteriaId: "AEFDF7DD-4D5D-410B-840F-99A8D7DEE4A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.", }, { lang: "es", value: "En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vulnerabilidad se introdujo como efecto secundario de la corrección de CVE-2021-33574", }, ], id: "CVE-2021-38604", lastModified: "2024-11-21T06:17:40.220", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-12T16:15:10.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210909-0005/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", }, { source: "cve@mitre.org", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641", }, { source: "cve@mitre.org", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210909-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-14 07:15
Modified
2024-11-21 06:48
Severity ?
Summary
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202208-24 | Third Party Advisory | |
| cve@mitre.org | https://sourceware.org/bugzilla/show_bug.cgi?id=28768 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-24 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceware.org/bugzilla/show_bug.cgi?id=28768 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | glibc | * | |
| oracle | communications_cloud_native_core_unified_data_repository | 22.2.0 | |
| oracle | enterprise_operations_monitor | 4.3 | |
| oracle | enterprise_operations_monitor | 4.4 | |
| oracle | enterprise_operations_monitor | 5.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", matchCriteriaId: "ED46EB04-73DF-41D7-9E54-A50570DF766B", versionEndIncluding: "2.34", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", matchCriteriaId: "74810125-09E6-4F27-B541-AFB61112AC56", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:*", matchCriteriaId: "F5453265-3BE1-4AF0-BE50-13C2EF67F49B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:*", matchCriteriaId: "93E0B297-A319-4961-976C-7DDA5A0B9353", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:*", matchCriteriaId: "AEFDF7DD-4D5D-410B-840F-99A8D7DEE4A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", }, { lang: "es", value: "La función de compatibilidad obsoleta svcunix_create en el módulo sunrpc de la Biblioteca C de GNU (también conocida como glibc) hasta la versión 2.34 copia su argumento de ruta en la pila sin comprobar su longitud, lo que puede resultar en un desbordamiento del búfer, resultando potencialmente en una denegación de servicio o (si una aplicación no está construida con un protector de pila habilitado) la ejecución de código arbitrario", }, ], id: "CVE-2022-23218", lastModified: "2024-11-21T06:48:12.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-14T07:15:08.800", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2022-23219
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.178Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-24", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=22542", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-23219", datePublished: "2022-01-14T00:00:00", dateReserved: "2022-01-14T00:00:00", dateUpdated: "2024-08-03T03:36:20.178Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-9251
Vulnerability from cvelistv5
Published
2018-01-18 23:00
Modified
2024-08-06 08:43
Severity ?
EPSS score ?
Summary
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:43:41.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "105658", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/105658", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2020:0481", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { name: "RHSA-2020:0729", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/issues/2432", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/pull/2588", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.tenable.com/security/tns-2019-08", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-01-18T00:00:00", descriptions: [ { lang: "en", value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-01-08T11:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "105658", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/105658", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2020:0481", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { name: "RHSA-2020:0729", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { name: "openSUSE-SU-2020:0395", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/issues/2432", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { tags: [ "x_refsource_MISC", ], url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { tags: [ "x_refsource_MISC", ], url: "https://snyk.io/vuln/npm:jquery:20150627", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/pull/2588", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.tenable.com/security/tns-2019-08", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-9251", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "105658", refsource: "BID", url: "http://www.securityfocus.com/bid/105658", }, { name: "20190509 dotCMS v5.1.1 Vulnerabilities", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/May/18", }, { name: "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/11", }, { name: "20190510 dotCMS v5.1.1 Vulnerabilities", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/10", }, { name: "20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2019/May/13", }, { name: "[flink-user] 20190811 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E", }, { name: "[flink-dev] 20190811 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E", }, { name: "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues", refsource: "MLIST", url: "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E", }, { name: "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E", }, { name: "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", }, { name: "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", }, { name: "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", }, { name: "RHSA-2020:0481", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0481", }, { name: "RHSA-2020:0729", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2020:0729", }, { name: "openSUSE-SU-2020:0395", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html", }, { name: "https://www.oracle.com/security-alerts/cpuapr2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuapr2020.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", }, { name: "https://www.oracle.com/security-alerts/cpujul2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2020.html", }, { name: "https://github.com/jquery/jquery/issues/2432", refsource: "MISC", url: "https://github.com/jquery/jquery/issues/2432", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", refsource: "CONFIRM", url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", }, { name: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", refsource: "MISC", url: "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf", }, { name: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", refsource: "MISC", url: "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2", }, { name: "https://snyk.io/vuln/npm:jquery:20150627", refsource: "MISC", url: "https://snyk.io/vuln/npm:jquery:20150627", }, { name: "https://github.com/jquery/jquery/pull/2588", refsource: "MISC", url: "https://github.com/jquery/jquery/pull/2588", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04", }, { name: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", refsource: "MISC", url: "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", }, { name: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html", }, { name: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", }, { name: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", refsource: "MISC", url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", }, { name: "https://www.tenable.com/security/tns-2019-08", refsource: "CONFIRM", url: "https://www.tenable.com/security/tns-2019-08", }, { name: "https://www.oracle.com/security-alerts/cpujan2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujan2020.html", }, { name: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html", }, { name: "https://www.oracle.com/security-alerts/cpuoct2020.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2020.html", }, { name: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", refsource: "CONFIRM", url: "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601", }, { name: "https://security.netapp.com/advisory/ntap-20210108-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210108-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-9251", datePublished: "2018-01-18T23:00:00", dateReserved: "2018-01-18T00:00:00", dateUpdated: "2024-08-06T08:43:41.697Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38604
Vulnerability from cvelistv5
Published
2021-08-12 15:43
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8 | x_refsource_MISC | |
| https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641 | x_refsource_MISC | |
| https://sourceware.org/bugzilla/show_bug.cgi?id=28213 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC | |
| https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210909-0005/ | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202208-24 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.621Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", }, { name: "FEDORA-2021-16dc1f33af", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210909-0005/", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-24", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-08-14T15:07:13", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", }, { name: "FEDORA-2021-16dc1f33af", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210909-0005/", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202208-24", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-38604", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8", refsource: "MISC", url: "https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8", }, { name: "https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641", refsource: "MISC", url: "https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641", }, { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28213", }, { name: "FEDORA-2021-16dc1f33af", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", refsource: "MISC", url: "https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc", }, { name: "https://security.netapp.com/advisory/ntap-20210909-0005/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210909-0005/", }, { name: "GLSA-202208-24", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202208-24", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-38604", datePublished: "2021-08-12T15:43:34", dateReserved: "2021-08-12T00:00:00", dateUpdated: "2024-08-04T01:44:23.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23218
Vulnerability from cvelistv5
Published
2022-01-14 00:00
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.198Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202208-24", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28768", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { name: "GLSA-202208-24", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202208-24", }, { name: "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-23218", datePublished: "2022-01-14T00:00:00", dateReserved: "2022-01-14T00:00:00", dateUpdated: "2024-08-03T03:36:20.198Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-43396
Vulnerability from cvelistv5
Published
2021-11-04 19:52
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:55:28.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28524", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396", }, { tags: [ "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states \"the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-11-10T16:23:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28524", }, { tags: [ "x_refsource_MISC", ], url: "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ff012870b2c02a62598c04daa1e54632e020fd7d", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-43396", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states \"the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceware.org/bugzilla/show_bug.cgi?id=28524", refsource: "MISC", url: "https://sourceware.org/bugzilla/show_bug.cgi?id=28524", }, { name: "https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d", refsource: "MISC", url: "https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d", }, { name: "https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396", refsource: "MISC", url: "https://blog.tuxcare.com/vulnerability/vulnerability-in-iconv-identified-by-tuxcare-team-cve-2021-43396", }, { url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-43396", datePublished: "2021-11-04T19:52:49", dateReserved: "2021-11-04T00:00:00", dateUpdated: "2024-08-04T03:55:28.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }