/
vuln-2022.xml
2816 lines (2750 loc) · 109 KB
/
vuln-2022.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<vuln vid="79ea6066-b40e-11ec-8b93-080027b24e86">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mediawiki135</name>
<range><lt>1.35.6</lt></range>
</package>
<package>
<name>mediawiki136</name>
<range><lt>1.36.4</lt></range>
</package>
<package>
<name>mediawiki137</name>
<range><lt>1.37.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mediawiki reports:</p>
<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/">
<p>(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not
escaped when used in galleries or Special:RevisionDelete.</p>
<p>(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite
recursion loop if it points to a local interwiki.</p>
<p>(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many
file uploads with actor as a condition can result in a DoS.</p>
<p>(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when
a page is used on a extremely large number of other pages.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-28201</cvename>
<cvename>CVE-2022-28202</cvename>
<cvename>CVE-2022-28203</cvename>
<cvename>CVE-2022-28204</cvename>
<url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/</url>
</references>
<dates>
<discovery>2021-12-12</discovery>
<entry>2022-04-04</entry>
</dates>
</vuln>
<vuln vid="3f321a5a-b33b-11ec-80c2-1bb2c6a00592">
<topic>dnsmasq -- heap use-after-free in dhcp6_no_relay</topic>
<affects>
<package>
<name>dnsmasq</name>
<range><lt>2.86_4,1</lt></range>
</package>
<package>
<name>dnsmasq-devel</name>
<range><lt>2.86_4,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Petr Menšík reports:</p>
<blockquote cite="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html">
<p>Possible vulnerability [...] found in latest dnsmasq. It [was] found
with help of oss-fuzz Google project by me and short after that
independently also by Richard Johnson of Trellix Threat Labs.</p>
<p>It is affected only by DHCPv6 requests, which could be crafted to
modify already freed memory. [...] We think it might be triggered
remotely, but we do not think it could be used to execute remote
code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0934</cvename>
<url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html</url>
</references>
<dates>
<discovery>2022-03-31</discovery>
<entry>2022-04-03</entry>
</dates>
</vuln>
<vuln vid="83466f76-aefe-11ec-b4b6-d05099c0c059">
<topic>gitea -- Open Redirect on login</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.16.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Andrew Thornton reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1058">
<p>
When a location containing backslashes is presented, the existing
protections against open redirect are bypassed, because browsers
will convert adjacent forward and backslashes within the location
to double forward slashes.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1058</cvename>
<url>https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/</url>
</references>
<dates>
<discovery>2022-03-23</discovery>
<entry>2022-03-29</entry>
</dates>
</vuln>
<vuln vid="0ff80f41-aefe-11ec-b4b6-d05099c0c059">
<topic>gitea -- Improper/incorrect authorization</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.16.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Youssef Rebahi-Gilbert reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0905">
<p>
When Gitea is built and configured for PAM authentication
it skips checking authorization completely. Therefore expired
accounts and accounts with expired passwords can still login.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0905</cvename>
<url>https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb</url>
</references>
<dates>
<discovery>2022-03-06</discovery>
<entry>2022-03-29</entry>
</dates>
</vuln>
<vuln vid="ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>100.0.4896.60</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html">
<p>This release contains 28 security fixes, including:</p>
<ul>
<li>[1292261] High CVE-2022-1125: Use after free in Portals.
Reported by Khalil Zhani on 2022-01-29</li>
<li>[1291891] High CVE-2022-1127: Use after free in QR Code
Generator. Reported by anonymous on 2022-01-28</li>
<li>[1301920] High CVE-2022-1128: Inappropriate implementation in
Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of
Shielder on 2022-03-01</li>
<li>[1300253] High CVE-2022-1129: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2022-02-24</li>
<li>[1142269] High CVE-2022-1130: Insufficient validation of
untrusted input in WebOTP. Reported by Sergey Toshin of
Oversecurity Inc. on 2020-10-25</li>
<li>[1297404] High CVE-2022-1131: Use after free in Cast UI.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2022-02-15</li>
<li>[1303410] High CVE-2022-1132: Inappropriate implementation in
Virtual Keyboard. Reported by Andr.Ess on 2022-03-07</li>
<li>[1305776] High CVE-2022-1133: Use after free in WebRTC.
Reported by Anonymous on 2022-03-13</li>
<li>[1308360] High CVE-2022-1134: Type Confusion in V8. Reported by
Man Yue Mo of GitHub Security Lab on 2022-03-21</li>
<li>[1285601] Medium CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab on 2022-01-09</li>
<li>[1280205] Medium CVE-2022-1136: Use after free in Tab Strip.
Reported by Krace on 2021-12-15</li>
<li>[1289846] Medium CVE-2022-1137: Inappropriate implementation in
Extensions. Reported by Thomas Orlita on 2022-01-22</li>
<li>[1246188] Medium CVE-2022-1138: Inappropriate implementation in
Web Cursor. Reported by Alesandro Ortiz on 2021-09-03</li>
<li>[1268541] Medium CVE-2022-1139: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-11-10</li>
<li>[1303253] Medium CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab on 2022-03-05</li>
<li>[1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07</li>
<li>[1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07</li>
<li>[1304145] Medium CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-08</li>
<li>[1304545] Medium CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security on 2022-03-09</li>
<li>[1290150] Low CVE-2022-1146: Inappropriate implementation in
Resource Timing. Reported by Sohom Datta on 2022-01-23</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1125</cvename>
<cvename>CVE-2022-1127</cvename>
<cvename>CVE-2022-1128</cvename>
<cvename>CVE-2022-1129</cvename>
<cvename>CVE-2022-1130</cvename>
<cvename>CVE-2022-1131</cvename>
<cvename>CVE-2022-1132</cvename>
<cvename>CVE-2022-1133</cvename>
<cvename>CVE-2022-1134</cvename>
<cvename>CVE-2022-1135</cvename>
<cvename>CVE-2022-1136</cvename>
<cvename>CVE-2022-1137</cvename>
<cvename>CVE-2022-1138</cvename>
<cvename>CVE-2022-1139</cvename>
<cvename>CVE-2022-1141</cvename>
<cvename>CVE-2022-1142</cvename>
<cvename>CVE-2022-1143</cvename>
<cvename>CVE-2022-1144</cvename>
<cvename>CVE-2022-1145</cvename>
<cvename>CVE-2022-1146</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html</url>
</references>
<dates>
<discovery>2022-03-29</discovery>
<entry>2022-03-29</entry>
</dates>
</vuln>
<vuln vid="323f900d-ac6d-11ec-a0b8-3065ec8fd3ec">
<topic>chromium -- V8 type confusion</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>99.0.4844.84</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html">
<p>This release contains 1 security fix:</p>
<ul>
<li>[1309225] High CVE-2022-1096: Type Confusion in V8. Reported by
anonymous on 2022-03-23</li>
</ul>
<p>Google is aware that an exploit for CVE-2022-1096 exists in the wild.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1096</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html</url>
</references>
<dates>
<discovery>2022-03-25</discovery>
<entry>2022-03-25</entry>
</dates>
</vuln>
<vuln vid="955f377e-7bc3-11ec-a51c-7533f219d428">
<topic>Security Vulnerability found in ExifTool</topic>
<affects>
<package>
<name>p5-Image-ExifTool</name>
<range><ge>7.44</ge><lt>12.24</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Debian Security Advisory reports:</p>
<blockquote cite="https://www.debian.org/security/2021/dsa-4910">
<p>A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-22204</cvename>
<url>https://www.cvedetails.com/cve/CVE-2021-22204/</url>
</references>
<dates>
<discovery>2021-01-04</discovery>
<entry>2022-03-25</entry>
</dates>
</vuln>
<vuln vid="61f416ff-aa00-11ec-b439-000d3a450398">
<topic>tcpslice -- heap-based use-after-free in extract_slice()</topic>
<affects>
<package>
<name>tcpslice</name>
<range><lt>1.5,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Tcpdump Group reports:</p>
<blockquote cite="https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a">
<p>heap-based use-after-free in extract_slice()</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-41043</cvename>
<url>https://github.com/the-tcpdump-group/tcpslice/issues/11</url>
</references>
<dates>
<discovery>2021-09-13</discovery>
<entry>2022-03-22</entry>
</dates>
</vuln>
<vuln vid="e2af876f-a7c8-11ec-9a2a-002324b2fba8">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go</name>
<range><lt>1.17.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://github.com/golang/go/issues/51112">
<p>regexp: stack exhaustion compiling deeply nested expressions</p>
<p>On 64-bit platforms, an extremely deeply nested expression can
cause regexp.Compile to cause goroutine stack exhaustion, forcing
the program to exit. Note this applies to very large expressions, on
the order of 2MB.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24921</cvename>
<url>https://github.com/golang/go/issues/51112</url>
</references>
<dates>
<discovery>2022-02-09</discovery>
<entry>2022-03-19</entry>
</dates>
</vuln>
<vuln vid="45a72180-a640-11ec-a08b-85298243e224">
<topic>openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins</topic>
<affects>
<package>
<name>openvpn</name>
<range><lt>2.5.6</lt></range>
</package>
<package>
<name>openvpn-mbedtls</name>
<range><lt>2.5.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>David Sommerseth reports:</p>
<blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2022-0547">
<p>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0547</cvename>
<url>https://community.openvpn.net/openvpn/wiki/CVE-2022-0547</url>
<url>https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256</url>
</references>
<dates>
<discovery>2022-03-10</discovery>
<entry>2022-03-17</entry>
</dates>
</vuln>
<vuln vid="5df757ef-a564-11ec-85fa-a0369f7f7be0">
<topic>wordpress -- multiple issues</topic>
<affects>
<package>
<name>wordpress</name>
<name>fr-wordpress</name>
<range><lt>5.9.2,1</lt></range>
</package>
<package>
<name>de-wordpress</name>
<name>zh_CN-wordpress</name>
<name>th_TW-wordpress</name>
<name>ja-wordpress</name>
<name>ru-wordpress</name>
<range><lt>5.9.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>wordpress developers reports:</p>
<blockquote cite="https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/">
<p>This security and maintenance release features 1 bug fix in addition to 3 security fixes.
Because this is a security release, it is recommended that you update your sites immediately.
All versions since WordPress 3.7 have also been updated.
The security team would like to thank the following people for responsively reporting
vulnerabilities, allowing them to be fixed in this release:
-Melar Dev, for finding a Prototype Pollution Vulnerability in a jQuery dependency
-Ben Bidner of the WordPress security team, for finding a Stored Cross Site Scripting Vulnerability
-Researchers from Johns Hopkins University, for finding a Prototype Pollution Vulnerability in the block editor</p>
</blockquote>
</body>
</description>
<references>
<url>https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/</url>
</references>
<dates>
<discovery>2022-03-11</discovery>
<entry>2022-03-16</entry>
</dates>
</vuln>
<vuln vid="3ba1ca94-a563-11ec-8be6-d4c9ef517024">
<topic>Weechat -- Possible man-in-the-middle attack in TLS connection to servers</topic>
<affects>
<package>
<name>weechat</name>
<range><lt>3.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Weechat project reports:</p>
<blockquote cite="https://weechat.org/doc/security/WSA-2022-1/">
<p>After changing the options weechat.network.gnutls_ca_system or
weechat.network.gnutls_ca_user, the TLS verification function is lost.
Consequently, any connection to a server with TLS is made without
verifying the certificate, which could lead to a man-in-the-middle
attack. Connection to IRC servers with TLS is affected, as well as any
connection a server made by a plugin or a script using the function
hook_connect.</p>
</blockquote>
</body>
</description>
<references>
<url>https://weechat.org/doc/security/WSA-2022-1/</url>
</references>
<dates>
<discovery>2022-03-13</discovery>
<entry>2022-03-16</entry>
</dates>
</vuln>
<vuln vid="ea05c456-a4fd-11ec-90de-1c697aa5a594">
<topic>OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.1.1n,1</lt></range>
</package>
<package>
<name>openssl-devel</name>
<range><lt>3.0.2</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.2</lt></range>
</package>
<package>
<name>libressl</name>
<range><lt>3.4.3</lt></range>
</package>
<package>
<name>libressl-devel</name>
<range><lt>3.5.1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>13.0</ge><lt>13.0_8</lt></range>
<range><ge>12.3</ge><lt>12.3_3</lt></range>
<range><ge>12.2</ge><lt>12.2_14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20220315.txt">
<p>Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(High)</p>
<p>The BN_mod_sqrt() function, which computes a modular square root,
contains a bug that can cause it to loop forever for non-prime
moduli.</p>
<p>Internally this function is used when parsing certificates that
contain elliptic curve public keys in compressed form or explicit
elliptic curve parameters with a base point encoded in compressed
form.</p>
<p>It is possible to trigger the infinite loop by crafting a
certificate that has invalid explicit curve parameters.</p>
<p>Since certificate parsing happens prior to verification of the
certificate signature, any process that parses an externally
supplied certificate may thus be subject to a denial of service
attack. The infinite loop can also be reached when parsing crafted
private keys as they can contain explicit elliptic curve
parameters.</p>
<p>Thus vulnerable situations include:</p>
<ul>
<li>TLS clients consuming server certificates</li>
<li>TLS servers consuming client certificates</li>
<li>Hosting providers taking certificates or private keys from
customers</li>
<li>Certificate authorities parsing certification requests from
subscribers</li>
<li>Anything else which parses ASN.1 elliptic curve parameters</li>
</ul>
<p>Also any other applications that use the BN_mod_sqrt() where the
attacker can control the parameter values are vulnerable to this DoS
issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0778</cvename>
<url>https://www.openssl.org/news/secadv/20220315.txt</url>
<freebsdsa>SA-22:03.openssl</freebsdsa>
</references>
<dates>
<discovery>2022-03-15</discovery>
<entry>2022-03-16</entry>
<modified>2022-03-16</modified>
</dates>
</vuln>
<vuln vid="8d20bd48-a4f3-11ec-90de-1c697aa5a594">
<topic>FreeBSD-kernel -- Multiple WiFi issues</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>13.0</ge><lt>13.0_8</lt></range>
<range><ge>12.3</ge><lt>12.3_3</lt></range>
<range><ge>12.2</ge><lt>12.2_14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The paper "Fragment and Forge: Breaking Wi-Fi Through Frame
Aggregation and Fragmentation" reported a number of security
vulnerabilities in the 802.11 specification related to frame
aggregation and fragmentation.</p>
<p>Additionally, FreeBSD 12.x missed length validation of SSIDs and
Information Elements (IEs).</p>
<h1>Impact:</h1>
<p>As reported on the FragAttacks website, the "design flaws are hard
to abuse because doing so requires user interaction or is only
possible when using uncommon network settings." Under suitable
conditions an attacker may be able to extract sensitive data or inject
data.</p>
</body>
</description>
<references>
<cvename>CVE-2020-26147</cvename>
<cvename>CVE-2020-24588</cvename>
<cvename>CVE-2020-26144</cvename>
<freebsdsa>SA-22:02.wifi</freebsdsa>
</references>
<dates>
<discovery>2022-03-15</discovery>
<entry>2022-03-16</entry>
</dates>
</vuln>
<vuln vid="857be71a-a4b0-11ec-95fc-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>98.0.4844.74</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html">
<p>This release contains 11 security fixes, including:</p>
<ul>
<li>[1299422] Critical CVE-2022-0971: Use after free in Blink
Layout. Reported by Sergei Glazunov of Google Project Zero on
2022-02-21</li>
<li>[1301320] High CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero on
2022-02-28</li>
<li>[1297498] High CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L. on 2022-02-15</li>
<li>[1291986] High CVE-2022-0974: Use after free in Splitscreen.
Reported by @ginggilBesel on 2022-01-28</li>
<li>[1295411] High CVE-2022-0975: Use after free in ANGLE. Reported
by SeongHwan Park (SeHwa) on 2022-02-09</li>
<li>[1296866] High CVE-2022-0976: Heap buffer overflow in GPU.
Reported by Omair on 2022-02-13</li>
<li>[1299225] High CVE-2022-0977: Use after free in Browser UI.
Reported by Khalil Zhani on 2022-02-20</li>
<li>[1299264] High CVE-2022-0978: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-20</li>
<li>[1302644] High CVE-2022-0979: Use after free in Safe Browsing.
Reported by anonymous on 2022-03-03</li>
<li>[1302157] Medium CVE-2022-0980: Use after free in New Tab Page.
Reported by Krace on 2022-03-02</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0971</cvename>
<cvename>CVE-2022-0972</cvename>
<cvename>CVE-2022-0973</cvename>
<cvename>CVE-2022-0974</cvename>
<cvename>CVE-2022-0975</cvename>
<cvename>CVE-2022-0976</cvename>
<cvename>CVE-2022-0977</cvename>
<cvename>CVE-2022-0978</cvename>
<cvename>CVE-2022-0979</cvename>
<cvename>CVE-2022-0980</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html</url>
</references>
<dates>
<discovery>2022-03-15</discovery>
<entry>2022-03-15</entry>
</dates>
</vuln>
<vuln vid="6601c08d-a46c-11ec-8be6-d4c9ef517024">
<topic>Apache httpd -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.53</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
<ul>
<li><p>mod_lua: Use of uninitialized value of in r:parsebody (moderate)
(CVE-2022-22719)</p><p>A carefully crafted request body can cause a
read to a random memory area which could cause the process to crash.
</p></li>
<li><p>HTTP request smuggling vulnerability (important) (CVE-2022-22720)
</p><p>httpd fails to close inbound connection when errors are
encountered discarding the request body, exposing the server to HTTP
Request Smuggling</p></li>
<li><p>core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody (low) (CVE-2022-22721)</p><p>If LimitXMLRequestBody
is set to allow request bodies larger than 350MB (defaults to 1M) on 32
bit systems an integer overflow happens which later causes out of
bounds writes.</p></li>
<li><p>mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)</p>
<p>Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data.</p></li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-22719</cvename>
<cvename>CVE-2022-22720</cvename>
<cvename>CVE-2022-22721</cvename>
<cvename>CVE-2022-23943</cvename>
<url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
</references>
<dates>
<discovery>2022-03-14</discovery>
<entry>2022-03-15</entry>
</dates>
</vuln>
<vuln vid="5aaf534c-a069-11ec-acdc-14dae9d5a9d2">
<topic>Teeworlds -- Buffer Overflow</topic>
<affects>
<package>
<name>teeworlds</name>
<range><lt>0.7.5_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-43518">
<p>Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43518</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2021-43518</url>
</references>
<dates>
<discovery>2021-10-23</discovery>
<entry>2022-03-10</entry>
</dates>
</vuln>
<vuln vid="2823048d-9f8f-11ec-8c9c-001b217b3468">
<topic>Gitlab -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>14.8.0</ge><lt>14.8.2</lt></range>
<range><ge>14.7.0</ge><lt>14.7.4</lt></range>
<range><ge>0</ge><lt>14.6.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/">
<p>Runner registration token disclosure through Quick Actions</p>
<p>Unprivileged users can add other users to groups through an API endpoint</p>
<p>Inaccurate display of Snippet contents can be potentially misleading to users</p>
<p>Environment variables can be leaked via the sendmail delivery method</p>
<p>Unauthenticated user enumeration on GraphQL API</p>
<p>Adding a mirror with SSH credentials can leak password</p>
<p>Denial of Service via user comments</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0735</cvename>
<cvename>CVE-2022-0549</cvename>
<cvename>CVE-2022-0751</cvename>
<cvename>CVE-2022-0741</cvename>
<cvename>CVE-2021-4191</cvename>
<cvename>CVE-2022-0738</cvename>
<cvename>CVE-2022-0489</cvename>
<url>https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/</url>
</references>
<dates>
<discovery>2022-02-25</discovery>
<entry>2022-03-09</entry>
</dates>
</vuln>
<vuln vid="964c5460-9c66-11ec-ad3a-001999f8d30b">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk16</name>
<range><lt>16.24.1</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><lt>18.10.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
<p>AST-2022-004 - The header length on incoming STUN
messages that contain an ERROR-CODE attribute is not
properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use
with a malicious remote party.</p>
<p>AST-2022-005 - When acting as a UAC, and when placing
an outgoing call to a target that then forks Asterisk may
experience undefined behavior (crashes, hangs, etc) after
a dialog set is prematurely freed.</p>
<p>AST-2022-006 - If an incoming SIP message contains a
malformed multi-part body an out of bounds read access
may occur, which can result in undefined behavior. Note,
its currently uncertain if there is any externally
exploitable vector within Asterisk for this issue, but
providing this as a security issue out of caution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-37706</cvename>
<cvename>CVE-2022-23608</cvename>
<cvename>CVE-2022-21723</cvename>
<url>https://downloads.asterisk.org/pub/security/AST-2022-004.html</url>
<url>https://downloads.asterisk.org/pub/security/AST-2022-005.html</url>
<url>https://downloads.asterisk.org/pub/security/AST-2022-006.html</url>
</references>
<dates>
<discovery>2022-03-03</discovery>
<entry>2022-03-05</entry>
</dates>
</vuln>
<vuln vid="e0914087-9a09-11ec-9e61-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>99.0.4844.51</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html">
<p>This release contains 28 security fixes, including:</p>
<ul>
<li>[1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE.
Reported by SeongHwan Park (SeHwa) on 2022-01-21</li>
<li>[1274077] High CVE-2022-0790: Use after free in Cast UI.
Reported by Anonymous on 2021-11-26</li>
<li>[1278322] High CVE-2022-0791: Use after free in Omnibox.
Reported by Zhihua Yao of KunLun Lab on 2021-12-09</li>
<li>[1285885] High CVE-2022-0792: Out of bounds read in ANGLE.
Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11</li>
<li>[1291728] High CVE-2022-0793: Use after free in Views. Reported
by Thomas Orlita on 2022-01-28</li>
<li>[1294097] High CVE-2022-0794: Use after free in WebShare.
Reported by Khalil Zhani on 2022-02-04</li>
<li>[1282782] High CVE-2022-0795: Type Confusion in Blink Layout.
Reported by 0x74960 on 2021-12-27</li>
<li>[1295786] High CVE-2022-0796: Use after free in Media. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-10</li>
<li>[1281908] High CVE-2022-0797: Out of bounds memory access in
Mojo. Reported by Sergei Glazunov of Google Project Zero on
2021-12-21</li>
<li>[1283402] Medium CVE-2022-0798: Use after free in MediaStream.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-30</li>
<li>[1279188] Medium CVE-2022-0799: Insufficient policy enforcement
in Installer. Reported by Abdelhamid Naceri (halov) on
2021-12-12</li>
<li>[1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI.
Reported by Khalil Zhani on 2021-08-24</li>
<li>[1231037] Medium CVE-2022-0801: Inappropriate implementation in
HTML parser. Reported by Michal Bentkowski of Securitum on
2021-07-20</li>
<li>[1270052] Medium CVE-2022-0802: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-14</li>
<li>[1280233] Medium CVE-2022-0803: Inappropriate implementation in
Permissions. Reported by Abdulla Aldoseri on 2021-12-15</li>
<li>[1264561] Medium CVE-2022-0804: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-10-29</li>
<li>[1290700] Medium CVE-2022-0805: Use after free in Browser
Switcher. Reported by raven at KunLun Lab on 2022-01-25</li>
<li>[1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by
Paril on 2021-12-31</li>
<li>[1287364] Medium CVE-2022-0807: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2022-01-14</li>
<li>[1292271] Medium CVE-2022-0808: Use after free in Chrome OS
Shell. Reported by @ginggilBesel on 2022-01-29</li>
<li>[1293428] Medium CVE-2022-0809: Out of bounds memory access in
WebXR. Reported by @uwu7586 on 2022-02-03</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0789</cvename>
<cvename>CVE-2022-0790</cvename>
<cvename>CVE-2022-0791</cvename>
<cvename>CVE-2022-0792</cvename>
<cvename>CVE-2022-0793</cvename>
<cvename>CVE-2022-0794</cvename>
<cvename>CVE-2022-0795</cvename>
<cvename>CVE-2022-0796</cvename>
<cvename>CVE-2022-0797</cvename>
<cvename>CVE-2022-0798</cvename>
<cvename>CVE-2022-0799</cvename>
<cvename>CVE-2022-0800</cvename>
<cvename>CVE-2022-0801</cvename>
<cvename>CVE-2022-0802</cvename>
<cvename>CVE-2022-0803</cvename>
<cvename>CVE-2022-0804</cvename>
<cvename>CVE-2022-0805</cvename>
<cvename>CVE-2022-0806</cvename>
<cvename>CVE-2022-0807</cvename>
<cvename>CVE-2022-0808</cvename>
<cvename>CVE-2022-0809</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-03-01</discovery>
<entry>2022-03-02</entry>
</dates>
</vuln>
<vuln vid="a80c6273-988c-11ec-83ac-080027415d17">
<topic>cyrus-sasl -- Fix off by one error</topic>
<affects>
<package>
<name>cyrus-sasl</name>
<range><ge>2.1.27</ge><lt>2.1.28</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:</p>
<blockquote cite="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">
<p>Fix off by one error</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2019-19906</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906</url>
</references>
<dates>
<discovery>2019-12-19</discovery>
<entry>2022-02-28</entry>
</dates>
</vuln>
<vuln vid="0eab001a-9708-11ec-96c9-589cfc0f81b0">
<topic>typo3 -- XSS vulnerability in svg-sanitize</topic>
<affects>
<package>
<name>typo3-10-php74</name>
<range><lt>10.4.25</lt></range>
</package>
<package>
<name>typo3-11-php74</name>
<name>typo3-11-php80</name>
<name>typo3-11-php81</name>
<range><lt>11.5.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The TYPO3 project reports:</p>
<blockquote cite="https://typo3.org/article/typo3-psa-2022-001">
<p>The SVG sanitizer library enshrined/svg-sanitize before version
0.15.0 did not remove HTML elements wrapped in a CDATA section.
As a result, SVG content embedded in HTML (fetched as text/html)
was susceptible to cross-site scripting. Plain SVG files
(fetched as image/svg+xml) were not affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-23638</cvename>
<url>https://github.com/typo3/typo3/commit/9940defb21</url>
<url>https://typo3.org/article/typo3-psa-2022-001</url>
</references>
<dates>
<discovery>2022-02-22</discovery>
<entry>2022-02-27</entry>
</dates>
</vuln>
<vuln vid="d71d154a-8b83-11ec-b369-6c3be5272acd">
<topic>Grafana -- Teams API IDOR</topic>
<affects>
<package>
<name>grafana6</name>
<range><ge>6.0.0</ge></range>
</package>
<package>
<name>grafana7</name>
<range><lt>7.5.15</lt></range>
</package>
<package>
<name>grafana8</name>
<range><lt>8.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
<p>On Jan. 18, an external security researcher, Kürşad ALSAN from <a href="https://www.nspect.io/">NSPECT.IO</a> (<a href="https://twitter.com/nspectio">@nspectio</a> on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:</p>
<ul>
<li><strong>/teams/:teamId</strong> - an authenticated attacker can view unintended data by querying for the specific team ID.</li>
<li><strong>/teams/:search</strong> - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.</li>
<li><strong>/teams/:teamId/members</strong> - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.</li>
</ul>
<p>We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-21713</cvename>
<url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
</references>
<dates>
<discovery>2022-01-18</discovery>
<entry>2022-02-12</entry>
</dates>
</vuln>
<vuln vid="d4284c2e-8b83-11ec-b369-6c3be5272acd">
<topic>Grafana -- CSRF</topic>
<affects>
<package>
<name>grafana6</name>
<range><ge>6.0.0</ge></range>
</package>
<package>
<name>grafana7</name>
<range><lt>7.5.15</lt></range>
</package>