logo
DATABASE RESOURCES PRICING ABOUT US

Siemens SCALANCE, RUGGEDCOM Third-Party

2023-03-16T12:00:00

Description

**As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see [Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global)](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>).** ## 1\. EXECUTIVE SUMMARY * **CVSS v3 9.8** * **ATTENTION:** Exploitable remotely/Low attack complexity * **Vendor: **Siemens * **Equipment:** Busybox Applet affecting SCALANCE and RUGGEDCOM products * **Vulnerabilities:** Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Improper Locking, Improper Input Validation, NULL Pointer Dereference, Out-of-bounds Read, Release of Invalid Pointer or Reference, Use After Free, Improper Authentication, OS Command Injection, Improper Certificate Validation, Improper Resource Shutdown or Release, Race Condition, Uncaught Exception, Integer Underflow (Wrap or Wraparound), Classic Buffer Overflow, Double Free, Incorrect Authorization, Allocation of Resources Without Limits or Throttling, Improper Validation of Syntactic Correctness of Input ## 2\. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to inject code or cause a denial-of-service condition. ## 3\. TECHNICAL DETAILS ### 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: * RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2): All versions prior to v7.2 * RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2): All versions prior to v7.2 * SCALANCE M804PB (6GK5804-0AP00-2AA2): All versions prior to v7.2 * SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2): All versions prior to v7.2 * SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2): All versions prior to v7.2 * SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2): All versions prior to v7.2 * SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2): All versions prior to v7.2 * SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2): All versions prior to v7.2 * SCALANCE M874-2 (6GK5874-2AA00-2AA2): All versions prior to v7.2 * SCALANCE M874-3 (6GK5874-3AA00-2AA2): All versions prior to v7.2 * SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2): All versions prior to v7.2 * SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2): All versions prior to v7.2 * SCALANCE M876-4 (6GK5876-4AA10-2BA2): All versions prior to v7.2 * SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2): All versions prior to v7.2 * SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2): All versions prior to v7.2 * SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1): All versions prior to v7.2 * SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1): All versions prior to v7.2 * SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1): All versions prior to v7.2 * SCALANCE S615 (6GK5615-0AA00-2AA2): All versions prior to v7.2 * SCALANCE S615 EEC (6GK5615-0AA01-2AA2): All versions prior to v7.2 ### 3.2 VULNERABILITY OVERVIEW **3.2.1 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) ** zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. [CVE-2018-25032](<https://nvd.nist.gov/vuln/detail/CVE-2018-25032>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). **3.2.2 [EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200](<https://cwe.mitre.org/data/definitions/200.html>)** An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. [CVE-2019-1125](<https://nvd.nist.gov/vuln/detail/CVE-2019-1125>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)). **3.2.3 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) ** A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users run commands as privileged users according to predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker could leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed, the attack could cause a local privilege escalation, giving unprivileged users administrative rights on the target machine. [CVE-2021-4034](<https://nvd.nist.gov/vuln/detail/CVE-2021-4034>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.4 [IMPROPER LOCKING CWE-667](<https://cwe.mitre.org/data/definitions/667.html>) ** A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial-of-service condition due to a deadlock problem. [CVE-2021-4149](<https://nvd.nist.gov/vuln/detail/CVE-2021-4149>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.5 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. [CVE-2021-26401](<https://nvd.nist.gov/vuln/detail/CVE-2021-26401>) has been assigned to this vulnerability. A CVSS v3 base score of 5.6 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N>)). **3.2.6 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>) ** A NULL pointer dereference in Busybox's man applet leads to a denial-of-service condition when a section name is supplied but no page argument is given. [CVE-2021-42373](<https://nvd.nist.gov/vuln/detail/CVE-2021-42373>) has been assigned to this vulnerability. A CVSS v3 base score of 5.1 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H>)). **3.2.7 [OUT-OF-BOUNDS READ CWE-125](<https://cwe.mitre.org/data/definitions/125.html>) ** An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and a denial-of-service condition when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression. [CVE-2021-42374](<https://nvd.nist.gov/vuln/detail/CVE-2021-42374>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H>)). **3.2.8 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** An incorrect handling of a special element in Busybox's ash applet leads to a denial-of-service condition when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This could cause a denial-of-service condition under rare conditions of filtered command input. [CVE-2021-42375](<https://nvd.nist.gov/vuln/detail/CVE-2021-42375>) has been assigned to this vulnerability. A CVSS v3 base score of 4.1 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H>)). **3.2.9 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>) ** A NULL pointer dereference in Busybox's hush applet leads to a denial-of-service condition when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This could cause a denial-of-service condition under very rare conditions of filtered command input. [CVE-2021-42376](<https://nvd.nist.gov/vuln/detail/CVE-2021-42376>) has been assigned to this vulnerability. A CVSS v3 base score of 4.1 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H>)). **3.2.10 [RELEASE OF INVALID POINTER OR REFERENCE CWE-763](<https://cwe.mitre.org/data/definitions/763.html>)** An attacker-controlled pointer free in Busybox's hush applet leads to a denial-of-service condition and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This could be used for remote code execution under rare conditions of filtered command input. [CVE-2021-42377](<https://nvd.nist.gov/vuln/detail/CVE-2021-42377>) has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.11 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in Busybox's awk applet leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the getvar_i function. [CVE-2021-42378](<https://nvd.nist.gov/vuln/detail/CVE-2021-42378>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.12 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in Busybox's awk applet leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the next_input_file function. [CVE-2021-42379](<https://nvd.nist.gov/vuln/detail/CVE-2021-42379>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.13 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in awk leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the clrvar function. [CVE-2021-42380](<https://nvd.nist.gov/vuln/detail/CVE-2021-42380>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.14 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in awk leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the hash_init function. [CVE-2021-42381](<https://nvd.nist.gov/vuln/detail/CVE-2021-42381>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.15 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in awk leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the getvar_s function. [CVE-2021-42382](<https://nvd.nist.gov/vuln/detail/CVE-2021-42382>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.16 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in awk leads to a denial-of-service could and possibly code execution when processing a crafted awk pattern in the evaluate function. [CVE-2021-42383](<https://nvd.nist.gov/vuln/detail/CVE-2021-42383>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.17 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in Busybox's awk applet leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the handle_special function. [CVE-2021-42384](<https://nvd.nist.gov/vuln/detail/CVE-2021-42384>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.18 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in awk leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the evaluate function. [CVE-2021-42385](<https://nvd.nist.gov/vuln/detail/CVE-2021-42385>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.19 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in awk leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the nvalloc function. [CVE-2021-42386](<https://nvd.nist.gov/vuln/detail/CVE-2021-42386>) has been assigned to this vulnerability. A CVSS v3 base score of 6.6 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.20 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors could allow an authorized user to enable information disclosure via local access. [CVE-2022-0001](<https://nvd.nist.gov/vuln/detail/CVE-2022-0001>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). **3.2.21 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** Non-transparent sharing of branch predictor within a context in some Intel(R) Processors could allow an authorized user to enable information disclosure via local access. [CVE-2022-0002](<https://nvd.nist.gov/vuln/detail/CVE-2022-0002>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N>)). **3.2.22 [EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200](<https://cwe.mitre.org/data/definitions/200.html>)** A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. [CVE-2022-0494](<https://nvd.nist.gov/vuln/detail/CVE-2022-0494>) has been assigned to this vulnerability. A CVSS v3 base score of 4.4 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N>)). **3.2.23 [IMPROPER AUTHENTICATION CWE-287](<https://cwe.mitre.org/data/definitions/287.html>) ** OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. [CVE-2022-0547](<https://nvd.nist.gov/vuln/detail/CVE-2022-0547>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). **3.2.24 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. [CVE-2022-1011](<https://nvd.nist.gov/vuln/detail/CVE-2022-1011>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.25 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which could cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it could lead to a kernel information leak problem caused by a local, unprivileged attacker. [CVE-2022-1016](<https://nvd.nist.gov/vuln/detail/CVE-2022-1016>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N>)). **3.2.26 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free vulnerability was discovered in drivers/net/hamradio/6pack.c of Linux that could allow an attacker to crash the Linux kernel by simulating ax25 device using 6pack driver from user space. [CVE-2022-1198](<https://nvd.nist.gov/vuln/detail/CVE-2022-1198>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.27 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. [CVE-2022-1199](<https://nvd.nist.gov/vuln/detail/CVE-2022-1199>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). **3.2.28 [IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78](<https://cwe.mitre.org/data/definitions/78.html>) ** The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. [CVE-2022-1292](<https://nvd.nist.gov/vuln/detail/CVE-2022-1292>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). **3.2.29 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) ** An out-of-bounds write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. [CVE-2022-1304](<https://nvd.nist.gov/vuln/detail/CVE-2022-1304>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)). **3.2.30 [IMPROPER CERTIFICATE VALIDATION CWE-295](<https://cwe.mitre.org/data/definitions/295.html>) ** Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case, the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. [CVE-2022-1343](<https://nvd.nist.gov/vuln/detail/CVE-2022-1343>) has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N>)). **3.2.31 [EXPOSURE OF SENSITIVE INFORMATION TO AN UNAUTHORIZED ACTOR CWE-200](<https://cwe.mitre.org/data/definitions/200.html>)** A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. [CVE-2022-1353](<https://nvd.nist.gov/vuln/detail/CVE-2022-1353>) has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H>)). **3.2.32 [IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404](<https://cwe.mitre.org/data/definitions/404.html>) ** The used OpenSSL version improperly reuses memory when decoding certificates or keys. This could lead to a process termination and denial-of-service condition for long lived processes. [CVE-2022-1473](<https://nvd.nist.gov/vuln/detail/CVE-2022-1473>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). **3.2.33 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. [CVE-2022-1516](<https://nvd.nist.gov/vuln/detail/CVE-2022-1516>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.34 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A vulnerability in the Linux kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial-of-service condition on the system. [CVE-2022-1652](<https://nvd.nist.gov/vuln/detail/CVE-2022-1652>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.35 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. [CVE-2022-1729](<https://nvd.nist.gov/vuln/detail/CVE-2022-1729>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.36 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A flaw in the Linux kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use-after-free for both read or write when non-synchronized between cleanup routine and firmware download routine. [CVE-2022-1734](<https://nvd.nist.gov/vuln/detail/CVE-2022-1734>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.37 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free flaw was found in the Linux kernel's near-field communication (NFC) core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. [CVE-2022-1974](<https://nvd.nist.gov/vuln/detail/CVE-2022-1974>) has been assigned to this vulnerability. A CVSS v3 base score of 4.1 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N>)). **3.2.38 [UNCAUGHT EXCEPTION CWE-248](<https://cwe.mitre.org/data/definitions/248.html>) ** There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a NFC device from user-space. [CVE-2022-1975](<https://nvd.nist.gov/vuln/detail/CVE-2022-1975>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.39 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) ** The Linux kernel is vulnerable to an out-of-bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in a local attacker crashing the kernel. [CVE-2022-2380](<https://nvd.nist.gov/vuln/detail/CVE-2022-2380>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.40 [IMPROPER INPUT VALIDATION CWE-20 ](<https://cwe.mitre.org/data/definitions/20.html>)** Zhenpeng Lin discovered the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial-of-service condition (system crash) or execute arbitrary code. [CVE-2022-2588](<https://nvd.nist.gov/vuln/detail/CVE-2022-2588>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.41 [INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191](<https://cwe.mitre.org/data/definitions/191.html>) ** An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, which could lead to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. [CVE-2022-2639](<https://nvd.nist.gov/vuln/detail/CVE-2022-2639>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.42 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use-after-free vulnerability. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. [CVE-2022-20158](<https://nvd.nist.gov/vuln/detail/CVE-2022-20158>) has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H>)). **3.2.43 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways subject to race conditions. This could result, data leaks, data corruption by malicious backends, and denial-of-service conditions triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23036](<https://nvd.nist.gov/vuln/detail/CVE-2022-23036>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.44 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways being subject to race conditions. This could result in data leaks, data corruption by malicious backends, and denial-of-service triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23037](<https://nvd.nist.gov/vuln/detail/CVE-2022-23037>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.45 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>)** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways being subject to race conditions. This could result in data leaks, data corruption by malicious backends, and denial-of-service triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23038](<https://nvd.nist.gov/vuln/detail/CVE-2022-23038>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.46 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways being subject to race conditions. This could result in data leaks, data corruption by malicious backends, and denial-of-service triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23039](<https://nvd.nist.gov/vuln/detail/CVE-2022-23039>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.47 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways being subject to race conditions. This could result in data leaks, data corruption by malicious backends, and denial-of-service triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23040](<https://nvd.nist.gov/vuln/detail/CVE-2022-23040>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.48 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways being subject to race conditions. This could result in data leaks, data corruption by malicious backends, and denial-of-service triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23041](<https://nvd.nist.gov/vuln/detail/CVE-2022-23041>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.49 [CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362](<https://cwe.mitre.org/data/definitions/362.html>) ** Linux PV device frontends are vulnerable to attacks by backends. Several Linux PV device frontends use the grant table interfaces for removing access rights of the backends in ways being subject to race conditions. This could result in data leaks, data corruption by malicious backends, and denial-of-service triggered by malicious backends. The blkfront, netfront, scsifront and the gntalloc driver test whether a grant reference is still in use. If this is not the case, they assume a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result, the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. [CVE-2022-23042](<https://nvd.nist.gov/vuln/detail/CVE-2022-23042>) has been assigned to this vulnerability. A CVSS v3 base score of 7.0 has been assigned; the CVSS vector string is ([AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.50 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. [CVE-2022-23308](<https://nvd.nist.gov/vuln/detail/CVE-2022-23308>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). **3.2.51 [BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120](<https://cwe.mitre.org/data/definitions/120.html>) ** st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows due to untrusted length parameters. [CVE-2022-26490](<https://nvd.nist.gov/vuln/detail/CVE-2022-26490>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.52 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. [CVE-2022-28356](<https://nvd.nist.gov/vuln/detail/CVE-2022-28356>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.53 [DOUBLE FREE CWE-415](<https://cwe.mitre.org/data/definitions/415.html>) ** ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. [CVE-2022-28390](<https://nvd.nist.gov/vuln/detail/CVE-2022-28390>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.54 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** A use-after-free in Busybox 1.35-x's awk applet leads to a denial-of-service condition and possibly code execution when processing a crafted awk pattern in the copyvar function. [CVE-2022-30065](<https://nvd.nist.gov/vuln/detail/CVE-2022-30065>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H>)). **3.2.55 [INCORRECT AUTHORIZATION CWE-863](<https://cwe.mitre.org/data/definitions/863.html>) ** The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. [CVE-2022-30594](<https://nvd.nist.gov/vuln/detail/CVE-2022-30594>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.56 [ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770](<https://cwe.mitre.org/data/definitions/770.html>) ** A malicious server can serve excessive amounts of "Set-Cookie:" headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold curl uses internally to avoid sending enormous requests (1048576 bytes) and instead returns an error. This denial state might remain for as long as the same cookies are kept, match, and haven't expired. Due to cookie matching rules, a server on "foo.example.com" can set cookies that also would match for "bar.example.com", making it possible for a "sister server" to effectively cause a denial-of-service condition for a sibling site on the same second-level domain using this method. [CVE-2022-32205](<https://nvd.nist.gov/vuln/detail/CVE-2022-32205>) has been assigned to this vulnerability. A CVSS v3 base score of 4.3 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L>)). **3.2.57 [ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770](<https://cwe.mitre.org/data/definitions/770.html>) ** curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps. The use of such a decompression chain could result in a "malloc bomb", forcing curl to spend enormous amounts of allocated heap memory, or trying to, and returning out of memory errors. [CVE-2022-32206](<https://nvd.nist.gov/vuln/detail/CVE-2022-32206>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H>)). **3.2.58 [INCORRECT DEFAULT PERMISSIONS CWE-276](<https://cwe.mitre.org/data/definitions/276.html>) ** When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name. In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended. [CVE-2022-32207](<https://nvd.nist.gov/vuln/detail/CVE-2022-32207>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)). **3.2.59 [OUT-OF-BOUNDS WRITE CWE-787](<https://cwe.mitre.org/data/definitions/787.html>) ** When curl < 7.84.0 does file transfer protocol (FTP) transfers secured by krb5, it mishandles message verification failures. This flaw makes it possible for a machine-in-the-middle attack to go unnoticed and or allow data to be injected into the client. [CVE-2022-32208](<https://nvd.nist.gov/vuln/detail/CVE-2022-32208>) has been assigned to this vulnerability. A CVSS v3 base score of 5.9 has been assigned; the CVSS vector string is ([AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N>)). **3.2.60 [OBSERVABLE DISCREPANCY CWE-203](<https://cwe.mitre.org/data/definitions/203.html>) ** The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. [CVE-2022-32296](<https://nvd.nist.gov/vuln/detail/CVE-2022-32296>) has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N>)). **3.2.61 [BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120](<https://cwe.mitre.org/data/definitions/120.html>)** An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. [CVE-2022-32981](<https://nvd.nist.gov/vuln/detail/CVE-2022-32981>) has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H>)). **3.2.62 [USE AFTER FREE CWE-416](<https://cwe.mitre.org/data/definitions/416.html>) ** drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial-of-service condition, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. [CVE-2022-33981](<https://nvd.nist.gov/vuln/detail/CVE-2022-33981>) has been assigned to this vulnerability. A CVSS v3 base score of 3.3 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L>)). **3.2.63 [IMPROPER VALIDATION OF SYNTACTIC CORRECTNESS OF INPUT CWE-1286](<https://cwe.mitre.org/data/definitions/1286.html>) ** When curl is used to retrieve and parse cookies from a HTTP(S) server, it accepts cookies using control codes that, when later are sent back to a HTTP server, could return 400 responses. As a result, a “sister site” could deny service to all siblings. [CVE-2022-35252](<https://nvd.nist.gov/vuln/detail/CVE-2022-35252>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). **3.2.64 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. [CVE-2022-36879](<https://nvd.nist.gov/vuln/detail/CVE-2022-36879>) has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been assigned; the CVSS vector string is ([AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)). **3.2.65 [IMPROPER INPUT VALIDATION CWE-20](<https://cwe.mitre.org/data/definitions/20.html>) ** nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial-of-service condition (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. [CVE-2022-36946](<https://nvd.nist.gov/vuln/detail/CVE-2022-36946>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>)). ### 3.3 BACKGROUND * **CRITICAL INFRASTRUCTURE SECTORS:** Multiple Sectors * **COUNTRIES/AREAS DEPLOYED:** Worldwide * **COMPANY HEADQUARTERS LOCATION: **Germany ### 3.4 RESEARCHER Siemens reported these vulnerabilities to CISA. ## 4\. MITIGATIONS Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk: * Update all of the affected products to [v7.2](<https://support.industry.siemens.com/cs/document/109817007/>) or later version or the software. As a general security measure, Siemens strongly recommends users protect network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends users configure the environment according to Siemens' [operational guidelines for Industrial Security](<https://www.siemens.com/cert/operational-guidelines-industrial-security>), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found on the [Siemens page for Industrial Security](<https://www.siemens.com/industrialsecurity>). For further inquiries on security vulnerabilities in Siemens products and solutions, contact the [Siemens ProductCERT](<https://www.siemens.com/cert/advisories>). For more information, see the associated Siemens security advisory SSA-419740 in [HTML](<https://cert-portal.siemens.com/productcert/html/ssa-419740.html>) and [CSAF](<https://cert-portal.siemens.com/productcert/csaf/ssa-419740.json>). CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: * Minimize network exposure for all control system devices and/or systems, and ensure they are [not accessible from the Internet](<https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01>). * Locate control system networks and remote devices behind firewalls and isolate them from business networks. * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for [control systems security recommended practices](<https://us-cert.cisa.gov/ics/Recommended-Practices>) on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>). Several CISA products detailing cyber defense best practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>). Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at [cisa.gov/ics](<https://cisa.gov/ics>) in the technical information paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B>). Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: * Do not click web links or open attachments in unsolicited email messages. * Refer to [Recognizing and Avoiding Email Scams](<https://www.cisa.gov/uscert/sites/default/files/publications/emailscams_0905.pdf>) for more information on avoiding email scams. * Refer to [Avoiding Social Engineering and Phishing Attacks](<https://www.cisa.gov/uscert/ncas/tips/ST04-014>) for more information on social engineering attacks. No known public exploits specifically target these vulnerabilities. These vulnerabilities are not exploitable remotely.


Related


thn
info

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

2021-11-10T08:08:00
fedora
unix

[SECURITY] Fedora 34 Update: busybox-1.34.1-1.fc34

2021-11-25T00:59:07
fedora
unix

[SECURITY] Fedora 33 Update: busybox-1.34.1-1.fc33

2021-11-25T01:05:24
fedora
unix

[SECURITY] Fedora 36 Update: curl-7.82.0-6.fc36

2022-07-01T01:09:59
fedora
unix

[SECURITY] Fedora 35 Update: curl-7.79.1-5.fc35

2022-07-15T01:36:25
nessus
scanner

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1472)

2022-04-20T00:00:00
nessus
scanner

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)

2022-04-20T00:00:00
nessus
scanner

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1303)

2022-03-02T00:00:00
nessus
scanner

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1287)

2022-03-02T00:00:00
nessus
scanner

Ubuntu 18.04 LTS / 20.04 LTS / 21.04 / 21.10 : BusyBox vulnerabilities (USN-5179-1)

2021-12-08T00:00:00
nessus
scanner

Amazon Linux AMI : busybox (ALAS-2022-1558)

2022-01-19T00:00:00
nessus
scanner

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9479)

2022-06-14T00:00:00
nessus
scanner

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9480)

2022-06-14T00:00:00
nessus
scanner

Debian DLA-3065-1 : linux - LTS security update

2022-07-02T00:00:00
nessus
scanner

EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1999)

2022-07-08T00:00:00
nessus
scanner

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9477)

2022-06-14T00:00:00
nessus
scanner

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9478)

2022-06-14T00:00:00
nessus
scanner

Amazon Linux 2022 : (ALAS2022-2022-145)

2022-10-14T00:00:00
nessus
scanner

Amazon Linux 2 : curl (ALAS-2022-1875)

2022-11-09T00:00:00
nessus
scanner

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5418-1)

2022-05-12T00:00:00
nessus
scanner

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1283-1)

2022-04-21T00:00:00
nessus
scanner

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1270-1)

2022-04-21T00:00:00
nessus
scanner

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5467-1)

2022-06-08T00:00:00
nessus
scanner

FreeBSD : cURL -- Multiple vulnerabilities (ae5722a6-f5f0-11ec-856e-d4c9ef517024)

2022-06-27T00:00:00
nessus
scanner

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2413)

2022-10-08T00:00:00
nessus
scanner

EulerOS 2.0 SP10 : curl (EulerOS-SA-2022-2426)

2022-10-08T00:00:00
nessus
scanner

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2022:2305-1)

2022-07-08T00:00:00
nessus
scanner

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-179-01)

2022-06-28T00:00:00
nessus
scanner

Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS : curl vulnerabilities (USN-5495-1)

2022-06-27T00:00:00
nessus
scanner

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2022:0135-1)

2022-01-21T00:00:00
nessus
scanner

SUSE SLES15 Security Update : busybox (SUSE-SU-2022:0135-2)

2022-02-15T00:00:00
nessus
scanner

openSUSE 15 Security Update : busybox (openSUSE-SU-2022:0135-1)

2022-01-21T00:00:00
nessus
scanner

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2022:3959-1)

2022-11-13T00:00:00
nessus
scanner

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:1256-1)

2022-04-20T00:00:00
nessus
scanner

SUSE SLES12 Security Update : busybox (SUSE-SU-2022:4253-1)

2022-11-29T00:00:00
nessus
scanner

SUSE SLES12 Security Update : xen (SUSE-SU-2022:0939-1)

2022-03-24T00:00:00
nessus
scanner

SUSE SLES15 Security Update : xen (SUSE-SU-2022:0931-1)

2022-03-23T00:00:00
nessus
scanner

openSUSE 15 Security Update : xen (openSUSE-SU-2022:0940-1)

2022-03-24T00:00:00
nessus
scanner

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2022:0940-1)

2022-03-24T00:00:00
nessus
scanner

Amazon Linux AMI : kernel (ALAS-2022-1591)

2022-06-10T00:00:00
nessus
scanner

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:1196-1)

2022-04-15T00:00:00
nessus
scanner

Slackware Linux 15.0 kernel-generic Multiple Vulnerabilities (SSA:2022-129-01)

2022-05-10T00:00:00
nessus
scanner

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1267-1)

2022-04-20T00:00:00
nessus
scanner

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1266-1)

2022-04-20T00:00:00
nessus
scanner

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1255-1)

2022-04-20T00:00:00
nessus
scanner

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:1402-1)

2022-04-27T00:00:00
nessus
scanner

Oracle Linux 9 : curl (ELSA-2022-6157)

2022-08-25T00:00:00
nessus
scanner

AlmaLinux 9 : curl (ALSA-2022:6157)

2022-11-16T00:00:00
nessus
scanner

RHEL 9 : curl (RHSA-2022:6157)

2022-08-24T00:00:00
nessus
scanner

Amazon Linux 2 : kernel (ALAS-2022-1793)

2022-05-05T00:00:00
nessus
scanner

SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1197-1)

2022-04-15T00:00:00
nessus
scanner

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:1163-1)

2022-04-13T00:00:00
nessus
scanner

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4775)

2019-09-09T00:00:00
nessus
scanner

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4735)

2019-08-12T00:00:00
nessus
scanner

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4777)

2019-09-09T00:00:00
nessus
scanner

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5560-1)

2022-08-10T00:00:00
nessus
scanner

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5560-2)

2022-08-10T00:00:00
nessus
scanner

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5515-1)

2022-07-14T00:00:00
nessus
scanner

Debian DSA-5173-1 : linux - security update

2022-07-04T00:00:00
nessus
scanner

EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2022-2872)

2022-12-27T00:00:00
nessus
scanner

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2022-2890)

2022-12-27T00:00:00
nessus
scanner

Ubuntu 22.04 LTS : Linux kernel vulnerabilities (USN-5518-1)

2022-07-14T00:00:00
nessus
scanner

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2022-1896)

2022-06-17T00:00:00
nessus
scanner

Amazon Linux 2 : kernel (ALAS-2022-1798)

2022-06-07T00:00:00
nessus
scanner

Ubuntu 16.04 ESM : Linux kernel (Azure) vulnerabilities (USN-5541-1)

2022-07-29T00:00:00
nessus
scanner

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2022-1934)

2022-06-22T00:00:00
nessus
scanner

FreeBSD : OpenSSL -- Multiple vulnerabilities (fceb2b08-cb76-11ec-a06f-d4c9ef517024)

2022-05-04T00:00:00
nessus
scanner

Amazon Linux 2022 : openssl (ALAS2022-2022-104)

2022-09-07T00:00:00
nessus
scanner

OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities

2022-05-03T00:00:00
nessus
scanner

Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS : OpenSSL vulnerabilities (USN-5402-1)

2022-05-04T00:00:00
nessus
scanner

F5 Networks BIG-IP : Spectre SWAPGS gadget vulnerability (K31085564)

2020-07-14T00:00:00
nessus
scanner

Oracle Linux 8 : kernel (ELSA-2019-2411)

2019-08-20T00:00:00
nessus
scanner

NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0189)

2019-10-15T00:00:00
nessus
scanner

AlmaLinux 8 : curl (ALSA-2022:6159)

2022-08-31T00:00:00
nessus
scanner

SUSE SLES12 Security Update : curl (SUSE-SU-2022:2288-1)

2022-07-08T00:00:00
nessus
scanner

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : curl (SUSE-SU-2022:2327-1)

2022-07-08T00:00:00
nessus
scanner

Oracle Linux 8 : curl (ELSA-2022-6159)

2022-08-24T00:00:00
nessus
scanner

Rocky Linux 8 : curl (RLSA-2022:6159)

2022-08-29T00:00:00
nessus
scanner

RHEL 8 : curl (RHSA-2022:6159)

2022-08-24T00:00:00
nessus
scanner

RHEL 6 : kernel (RHSA-2023:0187)

2023-01-17T00:00:00
nessus
scanner

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5562-1)

2022-08-10T00:00:00
nessus
scanner

Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5582-1)

2022-08-25T00:00:00
nessus
scanner

EulerOS 2.0 SP9 : curl (EulerOS-SA-2022-2310)

2022-09-14T00:00:00
nessus
scanner

Ubuntu 16.04 ESM : OpenSSL vulnerabilities (USN-5402-2)

2022-05-27T00:00:00
nessus
scanner

Debian DSA-5127-1 : linux - security update

2022-05-03T00:00:00
mageia
unix

Updated busybox packages fix security vulnerability

2021-12-02T16:49:28
mageia
unix

Updated kernel-linus packages fix security vulnerabilities

2022-03-14T16:51:52
mageia
unix

Updated kernel packages fix security vulnerabilities

2022-03-14T16:51:52
mageia
unix

Updated curl packages fix security vulnerability

2022-07-05T19:11:26
ics
info

Siemens SCALANCE Third-Party

2023-03-21T12:00:00
ics
info

Siemens SCALANCE XCM332

2023-04-13T12:00:00
ics
info

Siemens SCALANCE SC-600 Family

2022-12-15T12:00:00
ics
info

Siemens Brownfield Connectivity Client

2023-02-16T12:00:00
redos
unix

ROS-20211223-07

2021-12-23T00:00:00
redos
unix

ROS-20220524-01

2022-05-24T00:00:00
cloudfoundry
software

USN-5179-1: BusyBox vulnerabilities | Cloud Foundry

2022-01-20T00:00:00
cloudfoundry
software

USN-5495-1: curl vulnerabilities | Cloud Foundry

2022-12-07T00:00:00
cloudfoundry
software

USN-5402-1: OpenSSL vulnerabilities | Cloud Foundry

2022-07-29T00:00:00
ubuntu
unix

BusyBox vulnerabilities

2021-12-07T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-06-08T00:00:00
ubuntu
unix

curl vulnerabilities

2022-06-27T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-05-12T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-08-10T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-08-10T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-07-13T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-07-14T00:00:00
ubuntu
unix

Linux kernel (Azure) vulnerabilities

2022-07-28T00:00:00
ubuntu
unix

OpenSSL vulnerabilities

2022-05-04T00:00:00
ubuntu
unix

Linux kernel (Azure CVM) vulnerabilities

2022-08-25T00:00:00
ubuntu
unix

Linux kernel vulnerabilities

2022-08-10T00:00:00
ubuntu
unix

OpenSSL vulnerabilities

2022-05-26T00:00:00
amazon
unix

Medium: busybox

2022-01-18T20:13:00
amazon
unix

Medium: curl

2022-10-31T19:40:00
amazon
unix

Important: kernel

2022-05-31T23:47:00
amazon
unix

Medium: kernel

2022-05-04T01:01:00
amazon
unix

Important: kernel

2022-05-31T23:50:00
amazon
unix

Important: kernel

2022-05-31T23:50:00
redhatcve
info

CVE-2022-23040

2022-05-20T23:02:28
redhatcve
info

CVE-2022-23036

2022-05-20T23:40:38
redhatcve
info

CVE-2022-23038

2022-05-21T00:09:08
redhatcve
info

CVE-2021-26401

2022-03-09T10:23:54
debiancve
info

CVE-2022-23041

2022-03-10T20:15:00
debiancve
info

CVE-2022-23042

2022-03-10T20:15:00
debiancve
info

CVE-2022-23036

2022-03-10T20:15:00
debiancve
info

CVE-2022-23037

2022-03-10T20:15:00
debiancve
info

CVE-2022-23039

2022-03-10T20:15:00
debiancve
info

CVE-2022-23040

2022-03-10T20:15:00
debiancve
info

CVE-2022-23038

2022-03-10T20:15:00
debiancve
info

CVE-2019-1125

2019-09-03T18:15:00
debiancve
info

CVE-2021-26401

2022-03-11T18:15:00
cve
NVD

CVE-2022-23037

2022-03-10T20:15:00
cve
NVD

CVE-2022-23040

2022-03-10T20:15:00
cve
NVD

CVE-2022-23036

2022-03-10T20:15:00
cve
NVD

CVE-2022-23041

2022-03-10T20:15:00
cve
NVD

CVE-2022-23039

2022-03-10T20:15:00
cve
NVD

CVE-2022-23042

2022-03-10T20:15:00
cve
NVD

CVE-2022-23038

2022-03-10T20:15:00
cve
NVD

CVE-2019-1125

2019-09-03T18:15:00
cve
NVD

CVE-2021-26401

2022-03-11T18:15:00
cve
NVD

CVE-2019-1071

2019-07-15T19:15:00
cve
NVD

CVE-2019-1073

2019-07-15T19:15:00
ubuntucve
info

CVE-2022-23037

2022-03-10T00:00:00
ubuntucve
info

CVE-2022-23040

2022-03-10T00:00:00
ubuntucve
info

CVE-2022-23042

2022-03-10T00:00:00
ubuntucve
info

CVE-2022-23039

2022-03-10T00:00:00
ubuntucve
info

CVE-2022-23041

2022-03-10T00:00:00
ubuntucve
info

CVE-2022-23038

2022-03-10T00:00:00
ubuntucve
info

CVE-2022-23036

2022-03-10T00:00:00
ubuntucve
info

CVE-2019-1125

2019-08-06T00:00:00
ubuntucve
info

CVE-2021-26401

2022-03-11T00:00:00
xen
software

Linux PV device frontends vulnerable to attacks by backends

2022-03-10T10:54:00
oraclelinux
unix

Unbreakable Enterprise kernel-container security update

2022-06-14T00:00:00
oraclelinux
unix

Unbreakable Enterprise kernel security update

2022-06-14T00:00:00
oraclelinux
unix

Unbreakable Enterprise kernel security update

2022-06-14T00:00:00
oraclelinux
unix

Unbreakable Enterprise kernel-container security update

2022-06-15T00:00:00
oraclelinux
unix

curl security update

2022-08-25T00:00:00
oraclelinux
unix

curl security update

2022-08-24T00:00:00
osv
software

linux - security update

2022-07-01T00:00:00
osv
software

linux - security update

2022-07-03T00:00:00
osv
software

linux - security update

2022-05-02T00:00:00
debian
unix

[SECURITY] [DLA 3065-1] linux security update

2022-07-01T11:40:50
debian
unix

[SECURITY] [DSA 5173-1] linux security update

2022-07-03T15:49:12
ibm
software

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

2023-01-19T20:14:45
ibm
software

Security Bulletin: IBM MaaS360 Cloud Extender Agent and Base Module uses libcurl with multiple known vulnerabilities (CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208)

2022-10-06T04:10:57
ibm
software

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to issues in OpenSSL (CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473 )

2023-02-01T15:37:39
ibm
software

Security Bulletin: IBM QRadar Wincollect agent is vulnerable to using components with know vulnerabilities

2022-12-05T19:19:10
ibm
software

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase ( CVE-2022-42915, CVE-2022-42916, CVE-2022-32221, CVE-2022-35252, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207 )

2023-01-31T14:06:26
ibm
software

Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)

2022-10-07T18:12:33
threatpost
info

Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

2021-11-09T14:00:36
photon
unix

Moderate Photon OS Security Update - PHSA-2022-0412

2022-06-30T00:00:00
photon
unix

Moderate Photon OS Security Update - PHSA-2022-0491

2022-06-30T00:00:00
photon
unix

Critical Photon OS Security Update - PHSA-2022-3.0-0412

2022-06-30T00:00:00
photon
unix

Important Photon OS Security Update - PHSA-2022-0393

2022-05-14T00:00:00
photon
unix

Important Photon OS Security Update - PHSA-2022-3.0-0393

2022-05-14T00:00:00
photon
unix

Important Photon OS Security Update - PHSA-2022-0183

2022-05-14T00:00:00
photon
unix

Important Photon OS Security Update - PHSA-2022-0207

2022-07-06T00:00:00
photon
unix

Critical Photon OS Security Update - PHSA-2022-4.0-0207

2022-07-06T00:00:00
photon
unix

Critical Photon OS Security Update - PHSA-2022-4.0-0183

2022-05-14T00:00:00
suse
unix

Security update for curl (important)

2022-07-06T00:00:00
suse
unix

Security update for the Linux Kernel (important)

2022-04-19T00:00:00
suse
unix

Security update for xen (important)

2022-03-23T00:00:00
suse
unix

Security update for busybox (important)

2022-05-18T00:00:00
suse
unix

Security update for the Linux Kernel (important)

2022-04-12T00:00:00
suse
unix

Security update for curl (important)

2022-09-01T00:00:00
suse
unix

Security update for curl (important)

2022-07-07T00:00:00
slackware
unix

[slackware-security] curl

2022-06-28T19:27:52
slackware
unix

[slackware-security] Slackware 15.0 kernel

2022-05-09T21:58:04
freebsd
unix

cURL -- Multiple vulnerabilities

2022-06-27T00:00:00
freebsd
unix

OpenSSL -- Multiple vulnerabilities

2022-05-03T00:00:00
rocky
unix

curl security update

2022-08-24T14:56:48
rocky
unix

curl security update

2022-08-24T15:12:40
redhat
unix

(RHSA-2022:6157) Moderate: curl security update

2022-08-24T14:56:48
redhat
unix

(RHSA-2022:6159) Moderate: curl security update

2022-08-24T15:12:40
redhat
unix

(RHSA-2023:0187) Moderate: kernel security update

2023-01-17T08:48:58
almalinux
unix

Moderate: curl security update

2022-08-24T00:00:00
almalinux
unix

Moderate: curl security update

2022-08-24T00:00:00
nodejsblog
software

OpenSSL update assessment, and Node.js project plans

2022-05-05T00:00:00
f5
software

Spectre SWAPGS gadget vulnerability CVE-2019-1125

2019-08-23T03:16:00
amd
info

LFENCE/JMP Mitigation Update for CVE-2017-5715

2022-03-08T00:00:00